· 5 years ago · Feb 21, 2020, 09:51 PM
1######################################################################################################################################
2====================================================================================================================================
3Hostname www.glofal.com ISP Host Europe GmbH
4Continent Europe Flag
5FR
6Country France Country Code FR
7Region Unknown Local time 21 Feb 2020 17:22 CET
8City Unknown Postal Code Unknown
9IP Address 151.106.38.107 Latitude 48.858
10 Longitude 2.339
11==========================================================================================================================================
12######################################################################################################################################
13> www.glofal.com
14Server: 10.101.0.243
15Address: 10.101.0.243#53
16
17Non-authoritative answer:
18www.glofal.com canonical name = glofal.com.
19Name: glofal.com
20Address: 151.106.38.107
21>
22######################################################################################################################################
23 Domain Name: GLOFAL.COM
24 Registry Domain ID: 1931047493_DOMAIN_COM-VRSN
25 Registrar WHOIS Server: whois.godaddy.com
26 Registrar URL: http://www.godaddy.com
27 Updated Date: 2019-09-30T22:01:19Z
28 Creation Date: 2015-05-21T14:30:46Z
29 Registry Expiry Date: 2020-05-21T14:30:46Z
30 Registrar: GoDaddy.com, LLC
31 Registrar IANA ID: 146
32 Registrar Abuse Contact Email: abuse@godaddy.com
33 Registrar Abuse Contact Phone: 480-624-2505
34 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
35 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
36 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
37 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
38 Name Server: NS01.GLOFAL.COM
39 Name Server: NS02.GLOFAL.COM
40 DNSSEC: unsigned
41######################################################################################################################################
42Domain Name: GLOFAL.COM
43Registry Domain ID: 1931047493_DOMAIN_COM-VRSN
44Registrar WHOIS Server: whois.godaddy.com
45Registrar URL: http://www.godaddy.com
46Updated Date: 2019-05-22T15:08:38Z
47Creation Date: 2015-05-21T14:30:46Z
48Registrar Registration Expiration Date: 2020-05-21T14:30:46Z
49Registrar: GoDaddy.com, LLC
50Registrar IANA ID: 146
51Registrar Abuse Contact Email: abuse@godaddy.com
52Registrar Abuse Contact Phone: +1.4806242505
53Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
54Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
55Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
56Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
57Registry Registrant ID: Not Available From Registry
58Registrant Name: Registration Private
59Registrant Organization: Domains By Proxy, LLC
60Registrant Street: DomainsByProxy.com
61Registrant Street: 14455 N. Hayden Road
62Registrant City: Scottsdale
63Registrant State/Province: Arizona
64Registrant Postal Code: 85260
65Registrant Country: US
66Registrant Phone: +1.4806242599
67Registrant Phone Ext:
68Registrant Fax: +1.4806242598
69Registrant Fax Ext:
70Registrant Email: GLOFAL.COM@domainsbyproxy.com
71Registry Admin ID: Not Available From Registry
72Admin Name: Registration Private
73Admin Organization: Domains By Proxy, LLC
74Admin Street: DomainsByProxy.com
75Admin Street: 14455 N. Hayden Road
76Admin City: Scottsdale
77Admin State/Province: Arizona
78Admin Postal Code: 85260
79Admin Country: US
80Admin Phone: +1.4806242599
81Admin Phone Ext:
82Admin Fax: +1.4806242598
83Admin Fax Ext:
84Admin Email: GLOFAL.COM@domainsbyproxy.com
85Registry Tech ID: Not Available From Registry
86Tech Name: Registration Private
87Tech Organization: Domains By Proxy, LLC
88Tech Street: DomainsByProxy.com
89Tech Street: 14455 N. Hayden Road
90Tech City: Scottsdale
91Tech State/Province: Arizona
92Tech Postal Code: 85260
93Tech Country: US
94Tech Phone: +1.4806242599
95Tech Phone Ext:
96Tech Fax: +1.4806242598
97Tech Fax Ext:
98Tech Email: GLOFAL.COM@domainsbyproxy.com
99Name Server: NS01.GLOFAL.COM
100Name Server: NS02.GLOFAL.COM
101DNSSEC: unsigned
102######################################################################################################################################
103[+] Target : www.glofal.com
104
105[+] IP Address : 151.106.38.107
106
107[+] Headers :
108
109[+] Date : Fri, 21 Feb 2020 16:36:55 GMT
110[+] Server : Apache
111[+] X-UA-Compatible : IE=edge,chrome=1
112[+] Link : <https://www.glofal.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/P8JVAI-t>; rel=shortlink
113[+] Set-Cookie : wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/wp-admin, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/wp-admin, wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/wp-content/plugins, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/wp-content/plugins, wordpress_logged_in_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpress_logged_in_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wp-settings-0=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wp-settings-time-0=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpressuser_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpresspass_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpressuser_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wordpresspass_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/, wp-postpass_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:36:55 GMT; Max-Age=0; path=/
114[+] Keep-Alive : timeout=5, max=100
115[+] Connection : Keep-Alive
116[+] Transfer-Encoding : chunked
117[+] Content-Type : text/html; charset=UTF-8
118
119[+] SSL Certificate Information :
120
121[+] organizationalUnitName : Domain Control Validated
122[+] commonName : hiram02.glofal.com
123[+] countryName : US
124[+] stateOrProvinceName : Arizona
125[+] localityName : Scottsdale
126[+] organizationName : GoDaddy.com, Inc.
127[+] organizationalUnitName : http://certs.godaddy.com/repository/
128[+] commonName : Go Daddy Secure Certificate Authority - G2
129[+] Version : 3
130[+] Serial Number : 109346DE92042F7C
131[+] Not Before : Sep 3 19:25:14 2019 GMT
132[+] Not After : Nov 2 22:15:01 2020 GMT
133[+] OCSP : ('http://ocsp.godaddy.com/',)
134[+] subject Alt Name : (('DNS', 'hiram02.glofal.com'), ('DNS', 'www.hiram02.glofal.com'), ('DNS', 'alaoes.org'), ('DNS', 'www.alyorkrite.org'), ('DNS', 'www.myalor.org'), ('DNS', 'www.alafreemasonry.org'), ('DNS', 'dothanscottishrite.org'), ('DNS', 'myalor.org'), ('DNS', 'guytsmith883.org'), ('DNS', 'emason.alafreemasonry.org'), ('DNS', 'hiram02.alafreemasonry.org'), ('DNS', 'www.alchip.org'), ('DNS', 'glofal.com'), ('DNS', 'alafreemasonry.org'), ('DNS', 'alabamaiorg.org'), ('DNS', 'www.glofal.com'), ('DNS', 'dev.glofal.com'), ('DNS', 'coosavalleylodge929.org'), ('DNS', 'www.alabamaiorg.org'), ('DNS', 'www.alaoes.org'))
135[+] CA Issuers : ('http://certificates.godaddy.com/repository/gdig2.crt',)
136[+] CRL Distribution Points : ('http://crl.godaddy.com/gdig2s1-1364.crl',)
137
138[+] Whois Lookup :
139
140[+] NIR : None
141[+] ASN Registry : ripencc
142[+] ASN : 34088
143[+] ASN CIDR : 151.106.32.0/20
144[+] ASN Country Code : DE
145[+] ASN Date : 1991-05-30
146[+] ASN Description : GDY-FRANCE, DE
147[+] cidr : 151.106.32.0/20
148[+] name : GDY-FRANCE
149[+] handle : GDDY
150[+] range : 151.106.32.0 - 151.106.47.255
151[+] description : None
152[+] country : FR
153[+] state : None
154[+] city : None
155[+] address : H.J.E. Wenckebachweg 127
1561096 AM
157Amsterdam
158NETHERLANDS
159[+] postal_code : None
160[+] emails : None
161[+] created : 2018-02-16T13:00:14Z
162[+] updated : 2019-06-21T10:06:02Z
163
164[+] Crawling Target...
165
166[+] Looking for robots.txt........[ Found ]
167[+] Extracting robots Links.......[ 1 ]
168[+] Looking for sitemap.xml.......[ Found ]
169[+] Extracting sitemap Links......[ 3 ]
170[+] Extracting CSS Links..........[ 29 ]
171[+] Extracting Javascript Links...[ 31 ]
172[+] Extracting Internal Links.....[ 72 ]
173[+] Extracting External Links.....[ 20 ]
174[+] Extracting Images.............[ 13 ]
175
176[+] Total Links Extracted : 169
177
178[+] Dumping Links in /opt/FinalRecon/dumps/www.glofal.com.dump
179[+] Completed!
180######################################################################################################################################
181[i] Scanning Site: https://151.106.38.107
182
183
184
185B A S I C I N F O
186====================
187
188
189[+] Site Title: Alabama: International Order of the Rainbow for Girls
190[+] IP address: 151.106.38.107
191[+] Web Server: Apache
192[+] CMS: Could Not Detect
193[+] Cloudflare: Not Detected
194[+] Robots File: Could NOT Find robots.txt!
195
196
197
198
199W H O I S L O O K U P
200========================
201
202 % This is the RIPE Database query service.
203% The objects are in RPSL format.
204%
205% The RIPE Database is subject to Terms and Conditions.
206% See http://www.ripe.net/db/support/db-terms-conditions.pdf
207
208% Note: this output has been filtered.
209% To receive output for a database update, use the "-B" flag.
210
211% Information related to '151.106.32.0 - 151.106.47.255'
212
213% Abuse contact for '151.106.32.0 - 151.106.47.255' is 'abuse@godaddy.com'
214
215inetnum: 151.106.32.0 - 151.106.47.255
216netname: GDY-FRANCE
217country: FR
218org: ORG-GDNB2-RIPE
219admin-c: GDDY
220tech-c: GDDY
221status: LEGACY
222mnt-by: GODADDY-MNT
223created: 2018-02-16T13:00:14Z
224last-modified: 2019-06-21T10:06:02Z
225source: RIPE
226
227% Information related to '151.106.32.0/20AS34088'
228
229route: 151.106.32.0/20
230origin: AS34088
231mnt-by: GODADDY-MNT
232created: 2018-02-16T13:12:57Z
233last-modified: 2019-06-04T09:16:01Z
234source: RIPE
235
236% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)
237
238
239
240
241
242
243G E O I P L O O K U P
244=========================
245
246[i] IP Address: 151.106.38.107
247[i] Country: France
248[i] State:
249[i] City:
250[i] Latitude: 48.8582
251[i] Longitude: 2.3387000000000002
252
253
254
255
256H T T P H E A D E R S
257=======================
258
259
260[i] HTTP/1.1 200 OK
261[i] Date: Fri, 21 Feb 2020 16:40:03 GMT
262[i] Server: Apache
263[i] Connection: close
264[i] Content-Type: text/html; charset=UTF-8
265
266
267
268S U B N E T C A L C U L A T I O N
269====================================
270
271Address = 151.106.38.107
272Network = 151.106.38.107 / 32
273Netmask = 255.255.255.255
274Broadcast = not needed on Point-to-Point links
275Wildcard Mask = 0.0.0.0
276Hosts Bits = 0
277Max. Hosts = 1 (2^0 - 0)
278Host Range = { 151.106.38.107 - 151.106.38.107 }
279
280
281
282N M A P P O R T S C A N
283============================
284
285Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-21 16:40 UTC
286Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
287Host is up (0.081s latency).
288
289PORT STATE SERVICE
29021/tcp open ftp
29122/tcp open ssh
29280/tcp open http
293443/tcp open https
294
295Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
296######################################################################################################################################
297[+] Starting At 2020-02-21 11:41:24.213356
298[+] Collecting Information On: https://www.glofal.com/
299[#] Status: 200
300--------------------------------------------------
301[#] Web Server Detected: Apache
302[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
303- Date: Fri, 21 Feb 2020 16:41:23 GMT
304- Server: Apache
305- X-UA-Compatible: IE=edge,chrome=1
306- Link: <https://www.glofal.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/P8JVAI-t>; rel=shortlink
307- Set-Cookie: wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/wp-admin, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/wp-admin, wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/wp-content/plugins, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/wp-content/plugins, wordpress_logged_in_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpress_logged_in_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wp-settings-0=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wp-settings-time-0=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpress_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpress_sec_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpressuser_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpresspass_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpressuser_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wordpresspass_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/, wp-postpass_ad195d15686f25fc799fff2a31aad008=+; expires=Thu, 21-Feb-2019 16:41:24 GMT; Max-Age=0; path=/
308- Keep-Alive: timeout=5, max=100
309- Connection: Keep-Alive
310- Transfer-Encoding: chunked
311- Content-Type: text/html; charset=UTF-8
312--------------------------------------------------
313[#] Finding Location..!
314[#] status: success
315[#] country: France
316[#] countryCode: FR
317[#] region: IDF
318[#] regionName: Île-de-France
319[#] city: Clichy-sous-Bois
320[#] zip: 93390
321[#] lat: 48.9109
322[#] lon: 2.54615
323[#] timezone: Europe/Paris
324[#] isp: Host Europe GmbH
325[#] org: HEG - Host Europe Group
326[#] as: AS34088 Host Europe GmbH
327[#] query: 151.106.38.107
328--------------------------------------------------
329[x] Didn't Detect WAF Presence on: https://www.glofal.com/
330--------------------------------------------------
331[#] Starting Reverse DNS
332[-] Failed ! Fail
333--------------------------------------------------
334[!] Scanning Open Port
335[#] 21/tcp open ftp
336[#] 22/tcp open ssh
337[#] 25/tcp open smtp
338[#] 53/tcp open domain
339[#] 80/tcp open http
340[#] 110/tcp open pop3
341[#] 111/tcp open rpcbind
342[#] 143/tcp open imap
343[#] 443/tcp open https
344[#] 465/tcp open smtps
345[#] 587/tcp open submission
346[#] 993/tcp open imaps
347[#] 995/tcp open pop3s
348[#] 3306/tcp open mysql
349--------------------------------------------------
350[+] Getting SSL Info
351{'OCSP': ('http://ocsp.godaddy.com/',),
352 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',),
353 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1364.crl',),
354 'issuer': ((('countryName', 'US'),),
355 (('stateOrProvinceName', 'Arizona'),),
356 (('localityName', 'Scottsdale'),),
357 (('organizationName', 'GoDaddy.com, Inc.'),),
358 (('organizationalUnitName',
359 'http://certs.godaddy.com/repository/'),),
360 (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)),
361 'notAfter': 'Nov 2 22:15:01 2020 GMT',
362 'notBefore': 'Sep 3 19:25:14 2019 GMT',
363 'serialNumber': '109346DE92042F7C',
364 'subject': ((('organizationalUnitName', 'Domain Control Validated'),),
365 (('commonName', 'hiram02.glofal.com'),)),
366 'subjectAltName': (('DNS', 'hiram02.glofal.com'),
367 ('DNS', 'www.hiram02.glofal.com'),
368 ('DNS', 'alaoes.org'),
369 ('DNS', 'www.alyorkrite.org'),
370 ('DNS', 'www.myalor.org'),
371 ('DNS', 'www.alafreemasonry.org'),
372 ('DNS', 'dothanscottishrite.org'),
373 ('DNS', 'myalor.org'),
374 ('DNS', 'guytsmith883.org'),
375 ('DNS', 'emason.alafreemasonry.org'),
376 ('DNS', 'hiram02.alafreemasonry.org'),
377 ('DNS', 'www.alchip.org'),
378 ('DNS', 'glofal.com'),
379 ('DNS', 'alafreemasonry.org'),
380 ('DNS', 'alabamaiorg.org'),
381 ('DNS', 'www.glofal.com'),
382 ('DNS', 'dev.glofal.com'),
383 ('DNS', 'coosavalleylodge929.org'),
384 ('DNS', 'www.alabamaiorg.org'),
385 ('DNS', 'www.alaoes.org')),
386 'version': 3}
387-----BEGIN CERTIFICATE-----
388MIIHpTCCBo2gAwIBAgIIEJNG3pIEL3wwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
389BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
390GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
391LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
392cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwOTAzMTkyNTE0WhcN
393MjAxMTAyMjIxNTAxWjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0
394ZWQxGzAZBgNVBAMTEmhpcmFtMDIuZ2xvZmFsLmNvbTCCASIwDQYJKoZIhvcNAQEB
395BQADggEPADCCAQoCggEBALRn2I54WAZqqJEfdoGB9Cfgukj5fVsP2qLaweHYZxtB
396UrhC3pi3u/ZYJAznaYOtL9H1iGgtu9De3PEFjlzJ8Es6qvGH3BoQYAV4u6qSTiNl
397hApKPPx2qP7P2trdlc8vfxVf7HI9gtSpYZotwTcNbBh1pms8iV5xoh3cxVLlJX1m
3986optFki4JEXBeYWaYKGNnKUgxqffnPCsZH5HLk/j5WNe+kJQhIP2LXF/A7BUKMmj
3991jaPeylfHon16z7PZP/EZvCFwPFn78b9C189IceW86uE3MU7nEdHHuwch62xt0YB
400Q7j5frGl1a34VkMx0ZbKahutgUqLcnECUt4dofqs4SMCAwEAAaOCBCwwggQoMAwG
401A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1Ud
402DwEB/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHku
403Y29tL2dkaWcyczEtMTM2NC5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5
404MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3Jl
405cG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG
406GGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nl
407cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNV
408HSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjCCAY0GA1UdEQSCAYQwggGAghJo
409aXJhbTAyLmdsb2ZhbC5jb22CFnd3dy5oaXJhbTAyLmdsb2ZhbC5jb22CCmFsYW9l
410cy5vcmeCEnd3dy5hbHlvcmtyaXRlLm9yZ4IOd3d3Lm15YWxvci5vcmeCFnd3dy5h
411bGFmcmVlbWFzb25yeS5vcmeCFmRvdGhhbnNjb3R0aXNocml0ZS5vcmeCCm15YWxv
412ci5vcmeCEGd1eXRzbWl0aDg4My5vcmeCGWVtYXNvbi5hbGFmcmVlbWFzb25yeS5v
413cmeCGmhpcmFtMDIuYWxhZnJlZW1hc29ucnkub3Jngg53d3cuYWxjaGlwLm9yZ4IK
414Z2xvZmFsLmNvbYISYWxhZnJlZW1hc29ucnkub3Jngg9hbGFiYW1haW9yZy5vcmeC
415Dnd3dy5nbG9mYWwuY29tgg5kZXYuZ2xvZmFsLmNvbYIXY29vc2F2YWxsZXlsb2Rn
416ZTkyOS5vcmeCE3d3dy5hbGFiYW1haW9yZy5vcmeCDnd3dy5hbGFvZXMub3JnMB0G
417A1UdDgQWBBRIlH9EYL/wmHPFYgbx2gEWLYN6ejCCAQUGCisGAQQB1nkCBAIEgfYE
418gfMA8QB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbPiWm5cA
419AAQDAEcwRQIhAICsEUrAz5+tpbvboyEcG++8IimN/X0+6PDt+ZwdN3OkAiB3pwhY
420Bp9OeRgm4Vin27Fb+5zJZYrZ7VcMa1qd4UTswgB3AF6nc/nfVsDntTZIfdBJ4DJ6
421kZoMhKESEoQYdZaBcUVYAAABbPiWoX4AAAQDAEgwRgIhAIZ2kzZ8F3BmxejXR8DI
422gzLFmkZVUJuJ5uHLTjO6ZkPYAiEAreOkiLmEGqnteqUEOdZufNUj0aRFMYMKWLGN
423ovUCmQIwDQYJKoZIhvcNAQELBQADggEBAI3I0ZtG1BmXnysxwI+Th99EyML4xEXB
424ZZb4pJ/afZCOJE2Kyod4IKMCJMV7yk3IcLsuYdSJMmDBC3m59a2XnIvQ5QkFyEZD
4258mswNj5CRac/uSbq1/oa2hKZMWtyzl7Xb4JyzhlG774hlssC4ClMi/CV/FwrwcRx
426uW/MLAadJk73RDoMt0Pmha2bWZGE7lEOFhk/WQs7uym74714A07VqXtyFq2Dj0Dg
427oQmHCi3l7iQ6UQgGQrV2ISMu50f6oMPkGcKXwcRfPJojXbaLDqjDcSdiv4r503pm
428i1/whdPQb8sHJb2qrfdqgXzbaQxXusdb4y5yO/dIRQOCbk4yiV0lBgU=
429-----END CERTIFICATE-----
430
431--------------------------------------------------
432[+] Collecting Information Disclosure!
433[#] Detecting sitemap.xml file
434[!] sitemap.xml File Found: https://www.glofal.com/sitemap.xml
435[#] Detecting robots.txt file
436[!] robots.txt File Found: https://www.glofal.com//robots.txt
437[#] Detecting GNU Mailman
438[!] GNU Mailman App Detected: https://www.glofal.com//mailman/admin
439[!] version: 2.1.29
440--------------------------------------------------
441[+] Crawling Url Parameter On: https://www.glofal.com/
442--------------------------------------------------
443[#] Searching Html Form !
444[+] Html Form Discovered
445[#] action: /
446[#] class: None
447[#] id: wpum-submit-login-form
448[#] method: post
449--------------------------------------------------
450[!] Found 14 dom parameter
451[#] https://www.glofal.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.glofal.com%2F&format=xml
452[#] https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=32%2C32&ssl=1
453[#] https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=192%2C192&ssl=1
454[#] https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=180%2C180&ssl=1
455[#] https://www.glofal.com/new-grand-treasurer/#comments
456[#] https://www.glofal.com/the-reason-for-the-season/#respond
457[#] https://www.glofal.com/a-time-of-thankfulness/#comments
458[#] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/#respond
459[#] https://www.glofal.com/new-grand-treasurer/comment-page-1/#comment-19
460[#] https://www.glofal.com/new-grand-treasurer/comment-page-1/#comment-18
461[#] https://www.glofal.com/new-grand-treasurer/comment-page-1/#comment-16
462[#] https://www.glofal.com/a-time-of-thankfulness/comment-page-1/#comment-6
463[#] https://www.glofal.com/a-time-of-thankfulness/comment-page-1/#comment-4
464[#] https://maps.google.com/maps?z=16&q=341%2Bmonument%2Bdrive%2Bmillbrook%2C%2Bal%2B36054
465--------------------------------------------------
466[!] 15 Internal Dynamic Parameter Discovered
467[+] https://www.glofal.com/xmlrpc.php?rsd
468[+] https://www.glofal.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.glofal.com%2F
469[+] https://www.glofal.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.glofal.com%2F&format=xml
470[+] https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=32%2C32&ssl=1
471[+] https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=192%2C192&ssl=1
472[+] https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=180%2C180&ssl=1
473[+] https://www.glofal.com/the-reason-for-the-season/?share=twitter
474[+] https://www.glofal.com/the-reason-for-the-season/?share=facebook
475[+] https://www.glofal.com/a-time-of-thankfulness/?share=twitter
476[+] https://www.glofal.com/a-time-of-thankfulness/?share=facebook
477[+] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/?share=twitter
478[+] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/?share=facebook
479[+] https://www.glofal.com/?share=twitter
480[+] https://www.glofal.com/?share=facebook
481[+] https://www.glofal.com////pinterest.com/pin/create/button/?url=https%3A%2F%2Fwww.glofal.com%2F&media=&description=Main+frontpage
482--------------------------------------------------
483[!] 1 External Dynamic Parameter Discovered
484[#] https://maps.google.com/maps?z=16&q=341%2Bmonument%2Bdrive%2Bmillbrook%2C%2Bal%2B36054
485--------------------------------------------------
486[!] 146 Internal links Discovered
487[+] https://www.glofal.com/feed/
488[+] https://www.glofal.com/comments/feed/
489[+] https://www.glofal.com/wp-includes/wlwmanifest.xml
490[+] https://www.glofal.com/
491[+] https://www.glofal.com/
492[+] https://www.glofal.com/
493[+] https://www.glofal.com/tmm/
494[+] https://www.glofal.com/masonic-patriotic-links/
495[+] https://www.glofal.com/frontpage-main/how-to-become-a-mason/
496[+] https://www.glofal.com/contact-us/
497[+] https://www.glofal.com/mission-statement/
498[+] https://www.glofal.com/internet-guidelines/
499[+] https://www.glofal.com/wp-content/uploads/public_documents/Alabama_Social_Media_Policy.pdf
500[+] https://www.glofal.com/officers/
501[+] https://www.glofal.com/officers/
502[+] https://www.glofal.com/officers/mw-past-grand-masters-of-alabama/
503[+] https://www.glofal.com/officers/committees/
504[+] https://www.glofal.com/officers/charitable-outreach-program/
505[+] https://www.glofal.com/category/blogs/
506[+] https://www.glofal.com/category/blogs/grand-master/
507[+] https://www.glofal.com/category/blogs/grand-secretary/
508[+] https://www.glofal.com/category/blogs/grand-chaplain/
509[+] https://www.glofal.com/category/blogs/grand-historian/
510[+] https://www.glofal.com/category/blogs/grand-orator/
511[+] https://www.glofal.com///events
512[+] https://www.glofal.com///events
513[+] https://www.glofal.com///events/newevent/
514[+] https://www.glofal.com/conferences-workshops/
515[+] https://www.glofal.com/grand-masters-traveling-gavel/
516[+] https://www.glofal.com/event-notifications-archive/
517[+] https://www.glofal.com/event-notifications-archive/group1/
518[+] https://www.glofal.com/event-notifications-archive/group-2-archive/
519[+] https://www.glofal.com/event-notifications-archive/group-3-archive/
520[+] https://www.glofal.com/event-notifications-archive/group-4-archive/
521[+] https://www.glofal.com/event-notifications-archive/group-5-archive/
522[+] https://www.glofal.com///emasons
523[+] https://www.glofal.com/emasons/search/
524[+] https://www.glofal.com/emasons/requestchange/
525[+] https://www.glofal.com/emasons/register/
526[+] https://www.glofal.com/obituaries/
527[+] https://www.glofal.com/lodges/
528[+] https://www.glofal.com/lodges/
529[+] https://www.glofal.com/contact-us/
530[+] https://www.glofal.com/
531[+] https://www.glofal.com/tmm/
532[+] https://www.glofal.com/masonic-patriotic-links/
533[+] https://www.glofal.com/frontpage-main/how-to-become-a-mason/
534[+] https://www.glofal.com/contact-us/
535[+] https://www.glofal.com/mission-statement/
536[+] https://www.glofal.com/internet-guidelines/
537[+] https://www.glofal.com/wp-content/uploads/public_documents/Alabama_Social_Media_Policy.pdf
538[+] https://www.glofal.com/officers/
539[+] https://www.glofal.com/officers/
540[+] https://www.glofal.com/officers/mw-past-grand-masters-of-alabama/
541[+] https://www.glofal.com/officers/committees/
542[+] https://www.glofal.com/officers/charitable-outreach-program/
543[+] https://www.glofal.com/category/blogs/
544[+] https://www.glofal.com/category/blogs/grand-master/
545[+] https://www.glofal.com/category/blogs/grand-secretary/
546[+] https://www.glofal.com/category/blogs/grand-chaplain/
547[+] https://www.glofal.com/category/blogs/grand-historian/
548[+] https://www.glofal.com/category/blogs/grand-orator/
549[+] https://www.glofal.com///events
550[+] https://www.glofal.com///events
551[+] https://www.glofal.com///events/newevent/
552[+] https://www.glofal.com/conferences-workshops/
553[+] https://www.glofal.com/grand-masters-traveling-gavel/
554[+] https://www.glofal.com/event-notifications-archive/
555[+] https://www.glofal.com/event-notifications-archive/group1/
556[+] https://www.glofal.com/event-notifications-archive/group-2-archive/
557[+] https://www.glofal.com/event-notifications-archive/group-3-archive/
558[+] https://www.glofal.com/event-notifications-archive/group-4-archive/
559[+] https://www.glofal.com/event-notifications-archive/group-5-archive/
560[+] https://www.glofal.com///emasons
561[+] https://www.glofal.com/emasons/search/
562[+] https://www.glofal.com/emasons/requestchange/
563[+] https://www.glofal.com/emasons/register/
564[+] https://www.glofal.com/obituaries/
565[+] https://www.glofal.com/lodges/
566[+] https://www.glofal.com/lodges/
567[+] https://www.glofal.com/contact-us/
568[+] https://www.glofal.com/masonic-patriotic-links/
569[+] https://www.glofal.com/officers/charitable-outreach-program/
570[+] https://www.glofal.com/officers/committees/
571[+] https://www.glofal.com/grand-masters-traveling-gavel/
572[+] https://www.glofal.com/obituaries/
573[+] https://www.glofal.com/obituary-submission/
574[+] https://www.glofal.com/emergingleaders/
575[+] https://www.glofal.com/2020/01/
576[+] https://www.glofal.com/new-grand-treasurer/
577[+] https://www.glofal.com/2020/01/
578[+] https://www.glofal.com/category/blogs/grand-master/
579[+] https://www.glofal.com/category/uncategorized/
580[+] https://www.glofal.com/2019/12/
581[+] https://www.glofal.com/the-reason-for-the-season/
582[+] https://www.glofal.com/the-reason-for-the-season/
583[+] https://www.glofal.com/2019/12/
584[+] https://www.glofal.com/category/blogs/grand-master/
585[+] https://www.glofal.com/2019/11/
586[+] https://www.glofal.com/a-time-of-thankfulness/
587[+] https://www.glofal.com/a-time-of-thankfulness/
588[+] https://www.glofal.com/2019/11/
589[+] https://www.glofal.com/category/blogs/grand-master/
590[+] https://www.glofal.com/2019/10/
591[+] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/
592[+] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/
593[+] https://www.glofal.com/2019/10/
594[+] https://www.glofal.com/category/blogs/grand-master/
595[+] https://www.glofal.com/portfolio/videos/inside-installation/
596[+] https://www.glofal.com/portfolio/videos/inside-installation/
597[+] https://www.glofal.com/portfolio/videos/rotary-lecture/
598[+] https://www.glofal.com/portfolio/videos/rotary-lecture/
599[+] https://www.glofal.com/portfolio/videos/fof1/
600[+] https://www.glofal.com/portfolio/videos/fof1/
601[+] https://www.glofal.com/portfolio/videos/fof2/
602[+] https://www.glofal.com/portfolio/videos/fof2/
603[+] https://www.glofal.com/portfolio/videos/who/
604[+] https://www.glofal.com/portfolio/videos/who/
605[+] https://www.glofal.com/
606[+] https://www.glofal.com/
607[+] https://www.glofal.com/password-reset/
608[+] https://www.glofal.com/masonic-patriotic-links/
609[+] https://www.glofal.com/officers/charitable-outreach-program/
610[+] https://www.glofal.com/officers/committees/
611[+] https://www.glofal.com/grand-masters-traveling-gavel/
612[+] https://www.glofal.com/obituaries/
613[+] https://www.glofal.com/obituary-submission/
614[+] https://www.glofal.com/emergingleaders/
615[+] https://www.glofal.com/bicentennial-lapel-pins/
616[+] https://www.glofal.com/online-lodge-supply-orders/
617[+] https://www.glofal.com/new-grand-treasurer/
618[+] https://www.glofal.com/the-reason-for-the-season/
619[+] https://www.glofal.com/a-time-of-thankfulness/
620[+] https://www.glofal.com/category/blogs/
621[+] https://www.glofal.com/category/blogs/grand-historian/
622[+] https://www.glofal.com/category/blogs/grand-master/
623[+] https://www.glofal.com/category/blogs/grand-secretary/
624[+] https://www.glofal.com/category/uncategorized/
625[+] https://www.glofal.com/category/blogs/webmaster/
626[+] https://www.glofal.com/portfolio/tmm/2019-v2-fall-2/
627[+] https://www.glofal.com/portfolio/tmm/2019-v2-fall-2/
628[+] https://www.glofal.com/portfolio/tmm/2019-v2-fall/
629[+] https://www.glofal.com/portfolio/tmm/2019-v2-fall/
630[+] https://www.glofal.com//mailto:office@glofal.com
631[+] https://www.glofal.com/
632[+] https://www.glofal.com/officers/committees/internet/
633--------------------------------------------------
634[!] 21 External links Discovered
635[#] https://al.gvsoftware.com/lodges_map
636[#] https://al.gvsoftware.com/users/sign_in
637[#] https://al.gvsoftware.com/lodges_map
638[#] https://al.gvsoftware.com/users/sign_in
639[#] https://twitter.com/share
640[#] http://masoniceducation.org/Leader/
641[#] https://www.irs.gov/990n
642[#] https://t.co/PvmcqnlRUq
643[#] https://twitter.com/MWGLofAL/status/1229850604077494272
644[#] https://t.co/raziVbg0wP
645[#] https://twitter.com/MWGLofAL/status/1226647585143828483
646[#] https://t.co/vUPxQL7K4y
647[#] https://twitter.com/MWGLofAL/status/1218689258329989120
648[#] https://t.co/rUzDdTGM8P
649[#] https://twitter.com/MWGLofAL/status/1210700778761048064
650[#] https://t.co/aQYJD1RHm3
651[#] https://twitter.com/MWGLofAL/status/1199908414551461888
652[#] https://twitter.com/MWGLofAL
653[#] https://www.facebook.com/GLofAL/
654[#] https://www.facebook.com/GLofAL/
655[#] https://www.facebook.com/GLofAL/
656--------------------------------------------------
657[#] Mapping Subdomain..
658[!] Found 29 Subdomain
659- ns01.glofal.com
660- ns1.glofal.com
661- dev1.glofal.com
662- www.dev1.glofal.com
663- ns02.glofal.com
664- ns2.glofal.com
665- dev2.glofal.com
666- www.dev2.glofal.com
667- ns3.glofal.com
668- dev3.glofal.com
669- www.dev3.glofal.com
670- hiram04.glofal.com
671- ns4.glofal.com
672- dev4.glofal.com
673- www.dev4.glofal.com
674- dev5.glofal.com
675- www.dev5.glofal.com
676- dev6.glofal.com
677- www.dev6.glofal.com
678- 917.glofal.com
679- www.917.glofal.com
680- dev7.glofal.com
681- www.dev7.glofal.com
682- dev8.glofal.com
683- www.dev8.glofal.com
684- dev9.glofal.com
685- www.dev9.glofal.com
686- goto.glofal.com
687- www.goto.glofal.com
688--------------------------------------------------
689[!] Done At 2020-02-21 11:41:45.991193
690######################################################################################################################################
691Trying "glofal.com"
692;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25666
693;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 2
694
695;; QUESTION SECTION:
696;glofal.com. IN ANY
697
698;; ANSWER SECTION:
699glofal.com. 3600 IN MX 0 glofal-com.mail.protection.outlook.com.
700glofal.com. 14400 IN A 151.106.38.107
701glofal.com. 43200 IN SOA ns01.glofal.com. joel.glofal.com. 2019100112 3600 1800 1209600 86400
702glofal.com. 14400 IN TXT "MS=ms19286565"
703glofal.com. 14400 IN TXT "google-site-verification=ul3Hy_yHjXr2C01cfdRMaQxWNEQmanZjhfhGXhBBdhs"
704glofal.com. 14400 IN TXT "v=spf1 ip4:151.106.38.107 mx a ip4:151.106.38.107 a:spf.protection.outlook.com a:servers.mcsv.net ?all"
705glofal.com. 43200 IN NS ns01.glofal.com.
706glofal.com. 43200 IN NS ns02.glofal.com.
707
708;; ADDITIONAL SECTION:
709ns01.glofal.com. 43200 IN A 151.106.38.107
710ns02.glofal.com. 43200 IN A 151.106.38.107
711
712Received 428 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 161 ms
713######################################################################################################################################
714; <<>> DiG 9.11.14-3-Debian <<>> +trace glofal.com any
715;; global options: +cmd
716. 36486 IN NS k.root-servers.net.
717. 36486 IN NS j.root-servers.net.
718. 36486 IN NS l.root-servers.net.
719. 36486 IN NS h.root-servers.net.
720. 36486 IN NS a.root-servers.net.
721. 36486 IN NS m.root-servers.net.
722. 36486 IN NS e.root-servers.net.
723. 36486 IN NS f.root-servers.net.
724. 36486 IN NS i.root-servers.net.
725. 36486 IN NS g.root-servers.net.
726. 36486 IN NS d.root-servers.net.
727. 36486 IN NS b.root-servers.net.
728. 36486 IN NS c.root-servers.net.
729. 36486 IN RRSIG NS 8 0 518400 20200305050000 20200221040000 33853 . SIRR3QK7dDL3t7AFWP9PpQylsb7iqeZG3nW0lwEc9j3+v1xw8tDXX1QG F55LlXgRSMIc+1iePs56II89pvLOAvucyXUrnhy4dRjgLEYcMk0YYNbE Y/o1in9Jnw3oW1stazKvDt0LnUhBXtFamz7z6BjTQD2GBh/9oOOr4QoS fwXMtrTe3Lk1xHST/50yYbMhMZo8qERcYssDYAG1hTERlmg4l1ebbGVM FFImXyfE81lOwWiMJLmNF4NmGxEpaeL+qag98f0eMfqWbi6iPh6TNhiU xtrWKonRE9pid+sjVQot6+wvcToTXKdPt+UnMnAwalsfMBR94/n1cR34 y8jd+A==
730;; Received 525 bytes from 10.101.0.243#53(10.101.0.243) in 192 ms
731
732com. 172800 IN NS a.gtld-servers.net.
733com. 172800 IN NS b.gtld-servers.net.
734com. 172800 IN NS c.gtld-servers.net.
735com. 172800 IN NS d.gtld-servers.net.
736com. 172800 IN NS e.gtld-servers.net.
737com. 172800 IN NS f.gtld-servers.net.
738com. 172800 IN NS g.gtld-servers.net.
739com. 172800 IN NS h.gtld-servers.net.
740com. 172800 IN NS i.gtld-servers.net.
741com. 172800 IN NS j.gtld-servers.net.
742com. 172800 IN NS k.gtld-servers.net.
743com. 172800 IN NS l.gtld-servers.net.
744com. 172800 IN NS m.gtld-servers.net.
745com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
746com. 86400 IN RRSIG DS 8 1 86400 20200305050000 20200221040000 33853 . zFrcuIhYtqy/3cLE1P8DYq9zS/j6orj8wQmEmbK2+guyc0tbM/bHyUEZ 3GTdfz/CzsZY/HZD8bF+6VCl9RzN00nnBBxyzvVTCsJfGwM10Ox96yam m578JRhAhsFnoWRAssGlDT/B3ddizU25hiAvSLkFIsbIU06+xG6+1TNd 7pi6foxcplbGmiv7VbsNG1Z8jRvPuIS22rfDLqfS1Oq3rE6Fk9TSlElb CITyB255GrdgG1uQnuUC+kTAS8WEeHmpd7c+ksp/U2aM72mpXHQAJcP6 UCjd8h+oKIfRwo3k+jwWjLLiovqUIs9JYR7T+++hR4sDS5rnnEYGNGDw +qCErg==
747;; Received 1170 bytes from 2001:503:c27::2:30#53(j.root-servers.net) in 154 ms
748
749glofal.com. 172800 IN NS ns01.glofal.com.
750glofal.com. 172800 IN NS ns02.glofal.com.
751CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
752CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200227054927 20200220043927 56311 com. A7zRR2FLhyIgXRnCDNNvgAx2rJS8Rmn1XVVobuXfiDuGSvok2VpUPFfq cSN1rspiJJxCuU1z0IP5QL6zVUroFJ6JEghztjdP+P8l0rpE28/MEJz6 XHIagMgIVeUQfmDgzvBvk8ufccBKbrMJ6CWsmtJZYIjp+5Bar5qx7Ekr +QfZbnhvW2bmnLuUxK57EhVDcdpllDVYBxxjye0EU60l5Q==
753T7PL4PC79AOI4VG9E6EKI6SPLHKLN4JN.com. 86400 IN NSEC3 1 1 0 - T7PL7V2IAA758UNGN8C64K7RCARP7C64 NS DS RRSIG
754T7PL4PC79AOI4VG9E6EKI6SPLHKLN4JN.com. 86400 IN RRSIG NSEC3 8 2 86400 20200227064859 20200220053859 56311 com. Ft1EWdF9valdNdlRHysaTu+2zOZoUt79IVZCmFXfhnZOync+ZIqLx2t9 EM9KdtwhcHAW3PyIgNCCieUl1NB3P7xXUcEaUQgYckEYrEf2oea2naiD N6nX/RS3LuB2C1W7aa2eJatCl1UHHdlnDaz3KhVoB5d1QZih8Bxmahtw 6OoHoZT1IuD1S7VTzDgpTuGcuvHIWvjwCH+1+w1fHqlgFQ==
755;; Received 658 bytes from 2001:503:39c1::30#53(i.gtld-servers.net) in 51 ms
756
757glofal.com. 14400 IN TXT "MS=ms19286565"
758glofal.com. 14400 IN TXT "google-site-verification=ul3Hy_yHjXr2C01cfdRMaQxWNEQmanZjhfhGXhBBdhs"
759glofal.com. 14400 IN TXT "v=spf1 ip4:151.106.38.107 mx a ip4:151.106.38.107 a:spf.protection.outlook.com a:servers.mcsv.net ?all"
760glofal.com. 86400 IN SOA ns01.glofal.com. joel.glofal.com. 2019100112 3600 1800 1209600 86400
761glofal.com. 86400 IN NS ns01.glofal.com.
762glofal.com. 86400 IN NS ns02.glofal.com.
763glofal.com. 14400 IN A 151.106.38.107
764glofal.com. 3600 IN MX 0 glofal-com.mail.protection.outlook.com.
765;; Received 467 bytes from 151.106.38.107#53(ns01.glofal.com) in 174 ms
766######################################################################################################################################
767[*] Performing General Enumeration of Domain: glofal.com
768[-] DNSSEC is not configured for glofal.com
769[*] SOA ns01.glofal.com 151.106.38.107
770[*] NS ns01.glofal.com 151.106.38.107
771[*] Bind Version for 151.106.38.107 9.11.4-P2-RedHat-9.11.4-9.P2.el7
772[*] NS ns02.glofal.com 151.106.38.107
773[*] Bind Version for 151.106.38.107 9.11.4-P2-RedHat-9.11.4-9.P2.el7
774[*] MX glofal-com.mail.protection.outlook.com 104.47.44.36
775[*] MX glofal-com.mail.protection.outlook.com 104.47.46.36
776[*] A glofal.com 151.106.38.107
777[*] TXT glofal.com v=spf1 ip4:151.106.38.107 mx a ip4:151.106.38.107 a:spf.protection.outlook.com a:servers.mcsv.net ?all
778[*] TXT glofal.com MS=ms19286565
779[*] TXT glofal.com google-site-verification=ul3Hy_yHjXr2C01cfdRMaQxWNEQmanZjhfhGXhBBdhs
780[*] Enumerating SRV Records
781[*] SRV _sip._tls.glofal.com sipdir.online.lync.com 52.112.193.13 443 1
782[*] SRV _sip._tls.glofal.com sipdir.online.lync.com 2603:1027:0:2::b 443 1
783[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 52.112.194.75 5061 1
784[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:9::b 5061 1
785[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:7::b 5061 1
786[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:3::b 5061 1
787[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:4::b 5061 1
788[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027::b 5061 1
789[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:2::b 5061 1
790[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:8::b 5061 1
791[*] SRV _sipfederationtls._tcp.glofal.com sipfed.online.lync.com 2603:1027:0:5::b 5061 1
792[*] SRV _caldav._tcp.glofal.com hiram02.glofal.com no_ip 2079 0
793[*] SRV _carddav._tcp.glofal.com hiram02.glofal.com no_ip 2079 0
794[*] SRV _carddavs._tcp.glofal.com hiram02.glofal.com no_ip 2080 0
795[*] SRV _caldavs._tcp.glofal.com hiram02.glofal.com no_ip 2080 0
796[*] SRV _autodiscover._tcp.glofal.com cpanelemaildiscovery.cpanel.net 208.74.120.173 443 0
797[*] SRV _autodiscover._tcp.glofal.com cpanelemaildiscovery.cpanel.net 208.74.123.37 443 0
798[+] 17 Records Found
799#####################################################################################################################################
800 AVAILABLE PLUGINS
801 -----------------
802
803 HeartbleedPlugin
804 OpenSslCipherSuitesPlugin
805 OpenSslCcsInjectionPlugin
806 EarlyDataPlugin
807 RobotPlugin
808 CertificateInfoPlugin
809 SessionRenegotiationPlugin
810 CompressionPlugin
811 SessionResumptionPlugin
812 FallbackScsvPlugin
813 HttpHeadersPlugin
814
815
816
817 CHECKING HOST(S) AVAILABILITY
818 -----------------------------
819
820 151.106.38.107:443 => 151.106.38.107
821
822
823
824
825 SCAN RESULTS FOR 151.106.38.107:443 - 151.106.38.107
826 ----------------------------------------------------
827
828 * Downgrade Attacks:
829 TLS_FALLBACK_SCSV: OK - Supported
830
831 * Certificate Information:
832 Content
833 SHA1 Fingerprint: d1732c8dca2ac3ae72f5bc05edfa8483a77dbe5a
834 Common Name: hiram02.glofal.com
835 Issuer: Go Daddy Secure Certificate Authority - G2
836 Serial Number: 1194376247929745276
837 Not Before: 2019-09-03 19:25:14
838 Not After: 2020-11-02 22:15:01
839 Signature Algorithm: sha256
840 Public Key Algorithm: RSA
841 Key Size: 2048
842 Exponent: 65537 (0x10001)
843 DNS Subject Alternative Names: ['hiram02.glofal.com', 'www.hiram02.glofal.com', 'alaoes.org', 'www.alyorkrite.org', 'www.myalor.org', 'www.alafreemasonry.org', 'dothanscottishrite.org', 'myalor.org', 'guytsmith883.org', 'emason.alafreemasonry.org', 'hiram02.alafreemasonry.org', 'www.alchip.org', 'glofal.com', 'alafreemasonry.org', 'alabamaiorg.org', 'www.glofal.com', 'dev.glofal.com', 'coosavalleylodge929.org', 'www.alabamaiorg.org', 'www.alaoes.org']
844
845 Trust
846 Hostname Validation: FAILED - Certificate does NOT match 151.106.38.107
847 Android CA Store (9.0.0_r9): OK - Certificate is trusted
848 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
849 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
850 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
851 Windows CA Store (2019-05-27): OK - Certificate is trusted
852 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
853 Received Chain: hiram02.glofal.com --> Go Daddy Secure Certificate Authority - G2
854 Verified Chain: hiram02.glofal.com --> Go Daddy Secure Certificate Authority - G2 --> Go Daddy Root Certificate Authority - G2
855 Received Chain Contains Anchor: OK - Anchor certificate not sent
856 Received Chain Order: OK - Order is valid
857 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
858
859 Extensions
860 OCSP Must-Staple: NOT SUPPORTED - Extension not found
861 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
862
863 OCSP Stapling
864 OCSP Response Status: successful
865 Validation w/ Mozilla Store: OK - Response is trusted
866 Responder Id: C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2
867 Cert Status: good
868 Cert Serial Number: 109346DE92042F7C
869 This Update: Feb 21 15:14:19 2020 GMT
870 Next Update: Feb 23 03:14:19 2020 GMT
871
872 * OpenSSL Heartbleed:
873 OK - Not vulnerable to Heartbleed
874
875 * Session Renegotiation:
876 Client-initiated Renegotiation: OK - Rejected
877 Secure Renegotiation: OK - Supported
878
879 * TLSV1_1 Cipher Suites:
880 Server rejected all cipher suites.
881
882 * TLSV1 Cipher Suites:
883 Server rejected all cipher suites.
884
885 * OpenSSL CCS Injection:
886 OK - Not vulnerable to OpenSSL CCS injection
887
888 * SSLV2 Cipher Suites:
889 Server rejected all cipher suites.
890
891 * ROBOT Attack:
892 OK - Not vulnerable, RSA cipher suites not supported
893
894 * TLSV1_3 Cipher Suites:
895 Server rejected all cipher suites.
896
897 * SSLV3 Cipher Suites:
898 Server rejected all cipher suites.
899
900 * Deflate Compression:
901 OK - Compression disabled
902
903 * TLS 1.2 Session Resumption Support:
904 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
905 With TLS Tickets: OK - Supported
906
907 * TLSV1_2 Cipher Suites:
908 Forward Secrecy OK - Supported
909 RC4 OK - Not Supported
910
911 Preferred:
912 None - Server followed client cipher suite preference.
913 Accepted:
914 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 200 OK
915 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
916 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
917 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
918 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
919
920
921 SCAN COMPLETED IN 15.24 S
922 -------------------------
923#####################################################################################################################################
924Domains still to check: 1
925 Checking if the hostname glofal.com. given is in fact a domain...
926
927Analyzing domain: glofal.com.
928 Checking NameServers using system default resolver...
929 IP: 151.106.38.107 (France)
930 HostName: ns01.glofal.com Type: NS
931 HostName: ns3152160.ip-151-106-38.eu Type: PTR
932 IP: 151.106.38.107 (France)
933 HostName: ns01.glofal.com Type: NS
934 HostName: ns3152160.ip-151-106-38.eu Type: PTR
935 HostName: ns02.glofal.com Type: NS
936
937 Checking MailServers using system default resolver...
938 IP: 104.47.45.36 (United States)
939 HostName: glofal-com.mail.protection.outlook.com Type: MX
940 HostName: mail-co1nam040036.inbound.protection.outlook.com Type: PTR
941 IP: 104.47.44.36 (United States)
942 HostName: glofal-com.mail.protection.outlook.com Type: MX
943 HostName: mail-sn1nam040036.inbound.protection.outlook.com Type: PTR
944
945 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
946 No zone transfer found on nameserver 151.106.38.107
947 No zone transfer found on nameserver 151.106.38.107
948
949 Checking SPF record...
950 New hostname found: spf
951 New hostname found: servers
952
953 Checking 194 most common hostnames using system default resolver...
954 IP: 151.106.38.107 (France)
955 HostName: ns01.glofal.com Type: NS
956 HostName: ns3152160.ip-151-106-38.eu Type: PTR
957 HostName: ns02.glofal.com Type: NS
958 Type: SPF
959 Type: SPF
960 HostName: www.glofal.com. Type: A
961 IP: 151.106.38.107 (France)
962 HostName: ns01.glofal.com Type: NS
963 HostName: ns3152160.ip-151-106-38.eu Type: PTR
964 HostName: ns02.glofal.com Type: NS
965 Type: SPF
966 Type: SPF
967 HostName: www.glofal.com. Type: A
968 HostName: ftp.glofal.com. Type: A
969 IP: 151.106.38.107 (France)
970 HostName: ns01.glofal.com Type: NS
971 HostName: ns3152160.ip-151-106-38.eu Type: PTR
972 HostName: ns02.glofal.com Type: NS
973 Type: SPF
974 Type: SPF
975 HostName: www.glofal.com. Type: A
976 HostName: ftp.glofal.com. Type: A
977 HostName: mail.glofal.com. Type: A
978 IP: 151.106.38.107 (France)
979 HostName: ns01.glofal.com Type: NS
980 HostName: ns3152160.ip-151-106-38.eu Type: PTR
981 HostName: ns02.glofal.com Type: NS
982 Type: SPF
983 Type: SPF
984 HostName: www.glofal.com. Type: A
985 HostName: ftp.glofal.com. Type: A
986 HostName: mail.glofal.com. Type: A
987 HostName: ns1.glofal.com. Type: A
988 IP: 151.106.38.107 (France)
989 HostName: ns01.glofal.com Type: NS
990 HostName: ns3152160.ip-151-106-38.eu Type: PTR
991 HostName: ns02.glofal.com Type: NS
992 Type: SPF
993 Type: SPF
994 HostName: www.glofal.com. Type: A
995 HostName: ftp.glofal.com. Type: A
996 HostName: mail.glofal.com. Type: A
997 HostName: ns1.glofal.com. Type: A
998 HostName: ns2.glofal.com. Type: A
999 IP: 13.107.6.156 (United States)
1000 HostName: webmail.glofal.com. Type: A
1001
1002 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1003 Checking netblock 104.47.44.0
1004 Checking netblock 13.107.6.0
1005 Checking netblock 104.47.45.0
1006 Checking netblock 151.106.38.0
1007
1008 Searching for glofal.com. emails in Google
1009
1010 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1011 Host 104.47.44.36 is up (syn-ack ttl 105)
1012 Host 13.107.6.156 is up (syn-ack ttl 117)
1013 Host 104.47.45.36 is up (syn-ack ttl 105)
1014 Host 151.106.38.107 is up (syn-ack ttl 50)
1015
1016 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1017 Scanning ip 104.47.44.36 (mail-sn1nam040036.inbound.protection.outlook.com (PTR)):
1018 25/tcp open smtp syn-ack ttl 105 Microsoft Exchange smtpd
1019 | smtp-commands: SN1NAM04FT010.mail.protection.outlook.com Hello [45.132.192.30], SIZE 157286400, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, 8BITMIME, BINARYMIME, CHUNKING, SMTPUTF8,
1020 |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1021 | ssl-cert: Subject: commonName=mail.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1022 | Subject Alternative Name: DNS:mail.protection.outlook.com, DNS:*.mail.eo.outlook.com, DNS:*.mail.protection.outlook.com, DNS:mail.messaging.microsoft.com, DNS:outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.com
1023 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
1024 | Public Key type: rsa
1025 | Public Key bits: 2048
1026 | Signature Algorithm: sha256WithRSAEncryption
1027 | Not valid before: 2018-05-18T22:06:55
1028 | Not valid after: 2020-05-18T22:06:55
1029 | MD5: fedc 1f64 4917 777a 5361 1fc9 3a9d 733e
1030 |_SHA-1: 73b8 9750 fa40 6f7d 4f7e 43a9 355a 9d27 1079 e938
1031 |_ssl-date: 2020-02-21T16:49:14+00:00; -1s from scanner time.
1032 OS Info: Service Info: Host: SN1NAM04FT056.mail.protection.outlook.com; OS: Windows; CPE: cpe:/o:microsoft:windows
1033 |_clock-skew: -1s
1034 Scanning ip 13.107.6.156 (webmail.glofal.com.):
1035 80/tcp open upnp syn-ack ttl 117 Microsoft IIS httpd
1036 |_http-title: Site doesn't have a title.
1037 443/tcp open ssl/upnp syn-ack ttl 117 Microsoft IIS httpd
1038 |_http-title: Site doesn't have a title.
1039 | ssl-cert: Subject: commonName=portal.office.com
1040 | Subject Alternative Name: DNS:portal.office.com, DNS:portal.microsoftonline.com, DNS:portalprv.microsoftonline.com, DNS:auth.office.com, DNS:auth.microsoftonline.com, DNS:ncuportalprv.office.com, DNS:ncuauth.office.com, DNS:scuauth.office.com, DNS:weuauth.office.com, DNS:seaauth.office.com, DNS:easauth.office.com, DNS:ncuauthprv.office.com, DNS:scuauthprv.office.com, DNS:wusauthprv.office.com, DNS:office.com, DNS:portal.microsoft.com, DNS:home.office.com, DNS:portal-sdf.office.com, DNS:auth-sdf.office.com, DNS:prod.msocdn.com, DNS:ejpauth.office.com, DNS:eusauth.office.com, DNS:wusauth.office.com, DNS:www.office.com, DNS:*.www.office.com, DNS:nukauth.office.com, DNS:sukauth.office.com, DNS:admin.office.com, DNS:admin.microsoft.com, DNS:admin.microsoft365.com, DNS:www.microsoft365.com, DNS:ntp.www.office.com, DNS:fluid.office.com, DNS:auth-sdf.microsoftonline.com, DNS:microsoft365.com, DNS:word.office.com, DNS:excel.office.com, DNS:powerpoint.office.com, DNS:visio.office.com, DNS:apps.office.com
1041 | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1042 | Public Key type: rsa
1043 | Public Key bits: 2048
1044 | Signature Algorithm: sha256WithRSAEncryption
1045 | Not valid before: 2019-09-04T19:37:13
1046 | Not valid after: 2021-09-04T19:37:13
1047 | MD5: 3a36 c46f b203 99d6 41c6 c652 89de f068
1048 |_SHA-1: b7c7 9d0c 1f14 a50f 774a 4532 1296 edff a4dd fa61
1049 |_ssl-date: 2020-02-21T16:49:55+00:00; -1s from scanner time.
1050 | tls-alpn:
1051 |_ http/1.1
1052 |_clock-skew: -1s
1053 Scanning ip 104.47.45.36 (mail-co1nam040036.inbound.protection.outlook.com (PTR)):
1054 25/tcp open smtp syn-ack ttl 105 Microsoft Exchange smtpd
1055 | smtp-commands: CO1NAM04FT050.mail.protection.outlook.com Hello [45.132.192.30], SIZE 157286400, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, 8BITMIME, BINARYMIME, CHUNKING, SMTPUTF8,
1056 |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1057 | ssl-cert: Subject: commonName=mail.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1058 | Subject Alternative Name: DNS:mail.protection.outlook.com, DNS:*.mail.eo.outlook.com, DNS:*.mail.protection.outlook.com, DNS:mail.messaging.microsoft.com, DNS:outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.com
1059 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
1060 | Public Key type: rsa
1061 | Public Key bits: 2048
1062 | Signature Algorithm: sha256WithRSAEncryption
1063 | Not valid before: 2018-05-18T22:06:55
1064 | Not valid after: 2020-05-18T22:06:55
1065 | MD5: fedc 1f64 4917 777a 5361 1fc9 3a9d 733e
1066 |_SHA-1: 73b8 9750 fa40 6f7d 4f7e 43a9 355a 9d27 1079 e938
1067 |_ssl-date: 2020-02-21T16:50:20+00:00; -2s from scanner time.
1068 OS Info: Service Info: Host: CO1NAM04FT053.mail.protection.outlook.com; OS: Windows; CPE: cpe:/o:microsoft:windows
1069 |_clock-skew: -2s
1070 Scanning ip 151.106.38.107 (ns2.glofal.com.):
1071 21/tcp open ftp syn-ack ttl 50 Pure-FTPd
1072 | ssl-cert: Subject: commonName=hiram04.glofal.com
1073 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1074 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1075 | Public Key type: rsa
1076 | Public Key bits: 2048
1077 | Signature Algorithm: sha256WithRSAEncryption
1078 | Not valid before: 2019-10-01T00:00:00
1079 | Not valid after: 2020-09-30T23:59:59
1080 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1081 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1082 |_ssl-date: TLS randomness does not represent time
1083 22/tcp open ssh syn-ack ttl 50 OpenSSH 7.4 (protocol 2.0)
1084 25/tcp open smtp? syn-ack ttl 50
1085 |_smtp-commands: Couldn't establish connection on port 25
1086 53/tcp open domain syn-ack ttl 50 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1087 | dns-nsid:
1088 |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1089 80/tcp open http syn-ack ttl 50 Apache httpd
1090 | http-methods:
1091 |_ Supported Methods: POST OPTIONS HEAD GET
1092 |_http-server-header: Apache
1093 |_http-title: Site doesn't have a title (text/html).
1094 110/tcp open pop3 syn-ack ttl 50 Dovecot pop3d
1095 |_pop3-capabilities: SASL(PLAIN LOGIN) AUTH-RESP-CODE TOP CAPA UIDL PIPELINING STLS USER RESP-CODES
1096 | ssl-cert: Subject: commonName=hiram04.glofal.com
1097 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1098 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1099 | Public Key type: rsa
1100 | Public Key bits: 2048
1101 | Signature Algorithm: sha256WithRSAEncryption
1102 | Not valid before: 2019-10-01T00:00:00
1103 | Not valid after: 2020-09-30T23:59:59
1104 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1105 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1106 111/tcp open rpcbind syn-ack ttl 50 2-4 (RPC #100000)
1107 | rpcinfo:
1108 | program version port/proto service
1109 | 100000 2,3,4 111/tcp rpcbind
1110 | 100000 2,3,4 111/udp rpcbind
1111 | 100000 3,4 111/tcp6 rpcbind
1112 |_ 100000 3,4 111/udp6 rpcbind
1113 143/tcp open imap syn-ack ttl 50 Dovecot imapd
1114 |_imap-capabilities: STARTTLS NAMESPACE capabilities SASL-IR AUTH=PLAIN listed IDLE LOGIN-REFERRALS IMAP4rev1 LITERAL+ OK Pre-login have post-login ENABLE AUTH=LOGINA0001 more ID
1115 | ssl-cert: Subject: commonName=hiram04.glofal.com
1116 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1117 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1118 | Public Key type: rsa
1119 | Public Key bits: 2048
1120 | Signature Algorithm: sha256WithRSAEncryption
1121 | Not valid before: 2019-10-01T00:00:00
1122 | Not valid after: 2020-09-30T23:59:59
1123 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1124 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1125 443/tcp open ssl/http syn-ack ttl 50 Apache httpd
1126 | http-methods:
1127 |_ Supported Methods: GET HEAD POST OPTIONS
1128 |_http-server-header: Apache
1129 |_http-title: Alabama: International Order of the Rainbow for Girls
1130 | ssl-cert: Subject: commonName=hiram02.glofal.com
1131 | Subject Alternative Name: DNS:hiram02.glofal.com, DNS:www.hiram02.glofal.com, DNS:alaoes.org, DNS:www.alyorkrite.org, DNS:www.myalor.org, DNS:www.alafreemasonry.org, DNS:dothanscottishrite.org, DNS:myalor.org, DNS:guytsmith883.org, DNS:emason.alafreemasonry.org, DNS:hiram02.alafreemasonry.org, DNS:www.alchip.org, DNS:glofal.com, DNS:alafreemasonry.org, DNS:alabamaiorg.org, DNS:www.glofal.com, DNS:dev.glofal.com, DNS:coosavalleylodge929.org, DNS:www.alabamaiorg.org, DNS:www.alaoes.org
1132 | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US
1133 | Public Key type: rsa
1134 | Public Key bits: 2048
1135 | Signature Algorithm: sha256WithRSAEncryption
1136 | Not valid before: 2019-09-03T19:25:14
1137 | Not valid after: 2020-11-02T22:15:01
1138 | MD5: 9172 45b3 e671 fd04 d692 4cf9 9073 b63c
1139 |_SHA-1: d173 2c8d ca2a c3ae 72f5 bc05 edfa 8483 a77d be5a
1140 465/tcp open ssl/smtp syn-ack ttl 50 Exim smtpd 4.92
1141 | smtp-commands: hiram04.glofal.com Hello nmap.scanme.org [45.132.192.30], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1142 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1143 | ssl-cert: Subject: commonName=hiram04.glofal.com
1144 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1145 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1146 | Public Key type: rsa
1147 | Public Key bits: 2048
1148 | Signature Algorithm: sha256WithRSAEncryption
1149 | Not valid before: 2019-10-01T00:00:00
1150 | Not valid after: 2020-09-30T23:59:59
1151 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1152 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1153 587/tcp open smtp syn-ack ttl 50 Exim smtpd 4.92
1154 | smtp-commands: hiram04.glofal.com Hello nmap.scanme.org [45.132.192.30], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1155 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1156 | ssl-cert: Subject: commonName=hiram04.glofal.com
1157 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1158 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1159 | Public Key type: rsa
1160 | Public Key bits: 2048
1161 | Signature Algorithm: sha256WithRSAEncryption
1162 | Not valid before: 2019-10-01T00:00:00
1163 | Not valid after: 2020-09-30T23:59:59
1164 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1165 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1166 993/tcp open imaps? syn-ack ttl 50
1167 |_imap-capabilities: NAMESPACE capabilities SASL-IR AUTH=PLAIN listed IDLE LOGIN-REFERRALS IMAP4rev1 LITERAL+ OK Pre-login have post-login ENABLE AUTH=LOGINA0001 more ID
1168 | ssl-cert: Subject: commonName=hiram04.glofal.com
1169 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1170 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1171 | Public Key type: rsa
1172 | Public Key bits: 2048
1173 | Signature Algorithm: sha256WithRSAEncryption
1174 | Not valid before: 2019-10-01T00:00:00
1175 | Not valid after: 2020-09-30T23:59:59
1176 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1177 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1178 995/tcp open pop3s? syn-ack ttl 50
1179 |_pop3-capabilities: AUTH-RESP-CODE UIDL CAPA SASL(PLAIN LOGIN) PIPELINING RESP-CODES USER TOP
1180 | ssl-cert: Subject: commonName=hiram04.glofal.com
1181 | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1182 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1183 | Public Key type: rsa
1184 | Public Key bits: 2048
1185 | Signature Algorithm: sha256WithRSAEncryption
1186 | Not valid before: 2019-10-01T00:00:00
1187 | Not valid after: 2020-09-30T23:59:59
1188 | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1189 |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1190 3306/tcp open mysql syn-ack ttl 50 MySQL 5.7.29
1191 | mysql-info:
1192 | Protocol: 10
1193 | Version: 5.7.29
1194 | Thread ID: 468032
1195 | Capabilities flags: 65535
1196 | Some Capabilities: FoundRows, Support41Auth, Speaks41ProtocolOld, IgnoreSpaceBeforeParenthesis, LongPassword, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, IgnoreSigpipes, InteractiveClient, SupportsTransactions, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, ODBCClient, SupportsCompression, LongColumnFlag, ConnectWithDatabase, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
1197 | Status: Autocommit
1198 | Salt: &5\x02\x14\x1C\x0E,,2@\x01i6\x1A\x0Fg;Nx\x15
1199 |_ Auth Plugin Name: mysql_native_password
1200 OS Info: Service Info: Host: hiram04.glofal.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1201 WebCrawling domain's web servers... up to 50 max links.
1202
1203 + URL to crawl: http://webmail.glofal.com.
1204 + Date: 2020-02-21
1205
1206 + Crawling URL: http://webmail.glofal.com.:
1207 + Links:
1208 + Crawling http://webmail.glofal.com. (400 Bad Request)
1209 + Searching for directories...
1210 + Searching open folders...
1211
1212
1213 + URL to crawl: http://webmail.glofal.com.:443
1214 + Date: 2020-02-21
1215
1216 + Crawling URL: http://webmail.glofal.com.:443:
1217 + Links:
1218 + Crawling http://webmail.glofal.com.:443
1219 + Searching for directories...
1220 + Searching open folders...
1221
1222
1223 + URL to crawl: http://www.glofal.com.
1224 + Date: 2020-02-21
1225
1226 + Crawling URL: http://www.glofal.com.:
1227 + Links:
1228 + Crawling http://www.glofal.com.
1229 + Crawling http://www.glofal.com./ajax.googleapis.com (404 Not Found)
1230 + Crawling http://www.glofal.com./secure.gravatar.com (404 Not Found)
1231 + Crawling http://www.glofal.com./stats.wp.com (404 Not Found)
1232 + Crawling http://www.glofal.com./s.w.org (timed out)
1233 + Crawling http://www.glofal.com./ajax.googleapis.com/ajax/libs/webfont/1.4.7/webfont.js?ver=1.4.7 (timed out)
1234 + Crawling http://www.glofal.com./i0.wp.com (timed out)
1235 + Crawling http://www.glofal.com./i1.wp.com (timed out)
1236 + Crawling http://www.glofal.com./i2.wp.com (timed out)
1237 + Crawling http://www.glofal.com./c0.wp.com (timed out)
1238 + Crawling http://www.glofal.com./events (timed out)
1239 + Crawling http://www.glofal.com./events/newevent/ (timed out)
1240 + Crawling http://www.glofal.com./emasons (timed out)
1241 + Crawling http://www.glofal.com./pinterest.com/pin/create/button/?url=https%3A%2F%2Fwww.glofal.com%2F&media=&description=Main+frontpage (timed out)
1242 + Crawling http://www.glofal.com./ (timed out)
1243 + Searching for directories...
1244 - Found: http://www.glofal.com./ajax.googleapis.com/
1245 - Found: http://www.glofal.com./ajax.googleapis.com/ajax/
1246 - Found: http://www.glofal.com./ajax.googleapis.com/ajax/libs/
1247 - Found: http://www.glofal.com./ajax.googleapis.com/ajax/libs/webfont/
1248 - Found: http://www.glofal.com./ajax.googleapis.com/ajax/libs/webfont/1.4.7/
1249 - Found: http://www.glofal.com./events/
1250 - Found: http://www.glofal.com./events/newevent/
1251 - Found: http://www.glofal.com./pinterest.com/
1252 - Found: http://www.glofal.com./pinterest.com/pin/
1253 - Found: http://www.glofal.com./pinterest.com/pin/create/
1254 - Found: http://www.glofal.com./pinterest.com/pin/create/button/
1255 - Found: http://www.glofal.com./assets.pinterest.com/
1256 - Found: http://www.glofal.com./assets.pinterest.com/images/
1257 - Found: http://www.glofal.com./assets.pinterest.com/images/pidgets/
1258 + Searching open folders...
1259 - http://www.glofal.com./ajax.googleapis.com/ (timed out)
1260 > Problems in searching for open folders or crawling again the folders with indexing.
1261
1262 + Crawl finished successfully.
1263----------------------------------------------------------------------
1264Summary of http://http://www.glofal.com.
1265----------------------------------------------------------------------
1266+ Links crawled:
1267 - http://www.glofal.com.
1268 - http://www.glofal.com./ (timed out)
1269 - http://www.glofal.com./ajax.googleapis.com (404 Not Found)
1270 - http://www.glofal.com./ajax.googleapis.com/ajax/libs/webfont/1.4.7/webfont.js?ver=1.4.7 (timed out)
1271 - http://www.glofal.com./c0.wp.com (timed out)
1272 - http://www.glofal.com./emasons (timed out)
1273 - http://www.glofal.com./events (timed out)
1274 - http://www.glofal.com./events/newevent/ (timed out)
1275 - http://www.glofal.com./i0.wp.com (timed out)
1276 - http://www.glofal.com./i1.wp.com (timed out)
1277 - http://www.glofal.com./i2.wp.com (timed out)
1278 - http://www.glofal.com./pinterest.com/pin/create/button/?url=https%3A%2F%2Fwww.glofal.com%2F&media=&description=Main+frontpage (timed out)
1279 - http://www.glofal.com./s.w.org (timed out)
1280 - http://www.glofal.com./secure.gravatar.com (404 Not Found)
1281 - http://www.glofal.com./stats.wp.com (404 Not Found)
1282 Total links crawled: 15
1283
1284+ Links to files found:
1285 - http://www.glofal.com./assets.pinterest.com/images/pidgets/pin_it_button.png
1286 Total links to files: 1
1287
1288+ Externals links found:
1289 - http://LillianLodge925
1290 - http://masoniceducation.org/Leader/
1291 - http://n/a
1292 - https://al.gvsoftware.com/lodges_map
1293 - https://al.gvsoftware.com/users/sign_in
1294 - https://c0.wp.com/c/5.3.2/wp-includes/css/dashicons.min.css
1295 - https://c0.wp.com/c/5.3.2/wp-includes/css/dist/block-library/style.min.css
1296 - https://c0.wp.com/c/5.3.2/wp-includes/js/jquery/jquery-migrate.min.js
1297 - https://c0.wp.com/c/5.3.2/wp-includes/js/jquery/jquery.js
1298 - https://c0.wp.com/c/5.3.2/wp-includes/js/wp-embed.min.js
1299 - https://c0.wp.com/p/jetpack/8.2.2/_inc/build/facebook-embed.min.js
1300 - https://c0.wp.com/p/jetpack/8.2.2/_inc/build/photon/photon.min.js
1301 - https://c0.wp.com/p/jetpack/8.2.2/_inc/build/sharedaddy/sharing.min.js
1302 - https://c0.wp.com/p/jetpack/8.2.2/_inc/build/twitter-timeline.min.js
1303 - https://c0.wp.com/p/jetpack/8.2.2/_inc/build/widgets/milestone/milestone.min.js
1304 - https://c0.wp.com/p/jetpack/8.2.2/_inc/social-logos/social-logos.min.css
1305 - https://c0.wp.com/p/jetpack/8.2.2/css/jetpack.css
1306 - https://c0.wp.com/p/jetpack/8.2.2/modules/widgets/contact-info/contact-info-map.css
1307 - https://c0.wp.com/p/jetpack/8.2.2/modules/widgets/facebook-likebox/style.css
1308 - https://c0.wp.com/p/jetpack/8.2.2/modules/wpgroho.js
1309 - https://c0.wp.com/p/woocommerce/3.9.2/assets/js/frontend/add-to-cart.min.js
1310 - https://c0.wp.com/p/woocommerce/3.9.2/assets/js/frontend/cart-fragments.min.js
1311 - https://c0.wp.com/p/woocommerce/3.9.2/assets/js/frontend/woocommerce.min.js
1312 - https://c0.wp.com/p/woocommerce/3.9.2/assets/js/jquery-blockui/jquery.blockUI.min.js
1313 - https://c0.wp.com/p/woocommerce/3.9.2/assets/js/js-cookie/js.cookie.min.js
1314 - https://c0.wp.com/p/woocommerce/3.9.2/packages/woocommerce-blocks/build/style.css
1315 - https://cdn.ywxi.net/js/1.js
1316 - https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.js
1317 - https://cdnjs.cloudflare.com/ajax/libs/selectivizr/1.0.2/selectivizr-min.js
1318 - https://i0.wp.com/www.glofal.com/wp-content/uploads/2014/07/BI.png?resize=350%2C187&
1319 - https://i0.wp.com/www.glofal.com/wp-content/uploads/2014/07/FOF1.png?resize=350%2C246&
1320 - https://i0.wp.com/www.glofal.com/wp-content/uploads/2019/09/Capture.png?resize=350%2C316&
1321 - https://i0.wp.com/www.glofal.com/wp-content/uploads/2019/11/GL-Site-logo.png?fit=509%2C128&ssl=1
1322 - https://i1.wp.com/www.glofal.com/wp-content/uploads/2014/07/FOF2.png?resize=350%2C248&
1323 - https://i1.wp.com/www.glofal.com/wp-content/uploads/2014/07/johnYT.png?resize=350%2C236&
1324 - https://i1.wp.com/www.glofal.com/wp-content/uploads/2019/11/1450.jpg?w=782&
1325 - https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=180%2C180&
1326 - https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=192%2C192&
1327 - https://i2.wp.com/www.glofal.com/wp-content/uploads/2019/02/cropped-4E9E294B-C28D-4A65-8615-D020AA0AE5CE.png?fit=32%2C32&
1328 - https://maps.google.com/maps/api/js?key=AIzaSyCZ9EooIzvT_B6V_4BAADfWfNV0TO2_QjM&
1329 - https://maps.google.com/maps?z=16&
1330 - https://pbs.twimg.com/media/EKbuWB_XUAAHMre.jpg
1331 - https://pbs.twimg.com/media/EQXtemiU8AAayOH.jpg
1332 - https://pbs.twimg.com/media/ERFOm07XsAInwgI.jpg
1333 - https://secure.gravatar.com/js/gprofiles.js?ver=2020Febaa
1334 - https://stats.wp.com/e-202008.js
1335 - https://stats.wp.com/s-202008.js
1336 - https://t.co/PvmcqnlRUq
1337 - https://t.co/aQYJD1RHm3
1338 - https://t.co/rUzDdTGM8P
1339 - https://t.co/raziVbg0wP
1340 - https://t.co/vUPxQL7K4y
1341 - https://twitter.com/MWGLofAL
1342 - https://twitter.com/MWGLofAL/status/1199908414551461888
1343 - https://twitter.com/MWGLofAL/status/1210700778761048064
1344 - https://twitter.com/MWGLofAL/status/1218689258329989120
1345 - https://twitter.com/MWGLofAL/status/1226647585143828483
1346 - https://twitter.com/MWGLofAL/status/1229850604077494272
1347 - https://twitter.com/share
1348 - https://wp.me/P8JVAI-t
1349 - https://www.facebook.com/GLofAL/
1350 - https://www.glofal.com/
1351 - https://www.glofal.com/2019/10/
1352 - https://www.glofal.com/2019/11/
1353 - https://www.glofal.com/2019/12/
1354 - https://www.glofal.com/2020/01/
1355 - https://www.glofal.com/?share=facebook
1356 - https://www.glofal.com/?share=twitter
1357 - https://www.glofal.com/a-time-of-thankfulness/
1358 - https://www.glofal.com/a-time-of-thankfulness/?share=facebook
1359 - https://www.glofal.com/a-time-of-thankfulness/?share=twitter
1360 - https://www.glofal.com/a-time-of-thankfulness/comment-page-1/
1361 - https://www.glofal.com/bicentennial-lapel-pins/
1362 - https://www.glofal.com/category/blogs/
1363 - https://www.glofal.com/category/blogs/grand-chaplain/
1364 - https://www.glofal.com/category/blogs/grand-historian/
1365 - https://www.glofal.com/category/blogs/grand-master/
1366 - https://www.glofal.com/category/blogs/grand-orator/
1367 - https://www.glofal.com/category/blogs/grand-secretary/
1368 - https://www.glofal.com/category/blogs/webmaster/
1369 - https://www.glofal.com/category/uncategorized/
1370 - https://www.glofal.com/comments/feed/
1371 - https://www.glofal.com/conferences-workshops/
1372 - https://www.glofal.com/contact-us/
1373 - https://www.glofal.com/emasons/register/
1374 - https://www.glofal.com/emasons/requestchange/
1375 - https://www.glofal.com/emasons/search/
1376 - https://www.glofal.com/emergingleaders/
1377 - https://www.glofal.com/event-notifications-archive/
1378 - https://www.glofal.com/event-notifications-archive/group-2-archive/
1379 - https://www.glofal.com/event-notifications-archive/group-3-archive/
1380 - https://www.glofal.com/event-notifications-archive/group-4-archive/
1381 - https://www.glofal.com/event-notifications-archive/group-5-archive/
1382 - https://www.glofal.com/event-notifications-archive/group1/
1383 - https://www.glofal.com/feed/
1384 - https://www.glofal.com/frontpage-main/how-to-become-a-mason/
1385 - https://www.glofal.com/grand-masters-traveling-gavel/
1386 - https://www.glofal.com/internet-guidelines/
1387 - https://www.glofal.com/lodges/
1388 - https://www.glofal.com/masonic-patriotic-links/
1389 - https://www.glofal.com/mission-statement/
1390 - https://www.glofal.com/new-grand-treasurer/
1391 - https://www.glofal.com/new-grand-treasurer/comment-page-1/
1392 - https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/
1393 - https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/?share=facebook
1394 - https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/?share=twitter
1395 - https://www.glofal.com/obituaries/
1396 - https://www.glofal.com/obituary-submission/
1397 - https://www.glofal.com/officers/
1398 - https://www.glofal.com/officers/charitable-outreach-program/
1399 - https://www.glofal.com/officers/committees/
1400 - https://www.glofal.com/officers/committees/internet/
1401 - https://www.glofal.com/officers/mw-past-grand-masters-of-alabama/
1402 - https://www.glofal.com/online-lodge-supply-orders/
1403 - https://www.glofal.com/password-reset/
1404 - https://www.glofal.com/portfolio/tmm/2019-v2-fall-2/
1405 - https://www.glofal.com/portfolio/tmm/2019-v2-fall/
1406 - https://www.glofal.com/portfolio/videos/fof1/
1407 - https://www.glofal.com/portfolio/videos/fof2/
1408 - https://www.glofal.com/portfolio/videos/inside-installation/
1409 - https://www.glofal.com/portfolio/videos/rotary-lecture/
1410 - https://www.glofal.com/portfolio/videos/who/
1411 - https://www.glofal.com/the-reason-for-the-season/
1412 - https://www.glofal.com/the-reason-for-the-season/?share=facebook
1413 - https://www.glofal.com/the-reason-for-the-season/?share=twitter
1414 - https://www.glofal.com/tmm/
1415 - https://www.glofal.com/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.7.6
1416 - https://www.glofal.com/wp-content/plugins/captcha/css/desktop_style.css?ver=4.4.5
1417 - https://www.glofal.com/wp-content/plugins/captcha/css/front_end_style.css?ver=4.4.5
1418 - https://www.glofal.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6
1419 - https://www.glofal.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
1420 - https://www.glofal.com/wp-content/plugins/masterslider/public/assets/css/masterslider.main.css?ver=3.2.14
1421 - https://www.glofal.com/wp-content/plugins/our-team-enhanced/inc/script/carousel.js?ver=2.41
1422 - https://www.glofal.com/wp-content/plugins/our-team-enhanced/inc/script/hc.js?ver=2.41
1423 - https://www.glofal.com/wp-content/plugins/our-team-enhanced/inc/script/sc_our_team.js?ver=2.41
1424 - https://www.glofal.com/wp-content/plugins/our-team-enhanced/inc/style/sc_our_team.css?ver=2.41
1425 - https://www.glofal.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
1426 - https://www.glofal.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
1427 - https://www.glofal.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
1428 - https://www.glofal.com/wp-content/plugins/smartcat_our_team/assets/css/common.css?ver=4.4.2
1429 - https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/inc/script/owl.carousel.min.js?ver=1.1
1430 - https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/inc/script/smartcat_testimonials.js?ver=1.1
1431 - https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/inc/style/animate.min.css?ver=1.1
1432 - https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/inc/style/icons.css?ver=1.1
1433 - https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/inc/style/smartcat_testimonials.css?ver=1.1
1434 - https://www.glofal.com/wp-content/plugins/wp-google-map-plugin/assets/css/frontend.css?ver=5.3.2
1435 - https://www.glofal.com/wp-content/plugins/wp-google-map-plugin/assets/js/maps.js?ver=2.3.4
1436 - https://www.glofal.com/wp-content/plugins/wp-user-manager/assets/css/wpum.min.css?ver=2.2.3
1437 - https://www.glofal.com/wp-content/plugins/wptables/build/css/wptables.min.css?ver=1.3.9
1438 - https://www.glofal.com/wp-content/plugins/wptables/build/js/wptables.min.js?ver=1.3.9
1439 - https://www.glofal.com/wp-content/plugins/wpum-woocommerce/assets/css/wpum-woo.min.css?ver=1.0.2
1440 - https://www.glofal.com/wp-content/tablepress-combined.min.css?ver=4
1441 - https://www.glofal.com/wp-content/themes/everything-child/style.css?ver=5.3.2
1442 - https://www.glofal.com/wp-content/themes/everything/data/css/bright.min.css?ver=4.8
1443 - https://www.glofal.com/wp-content/themes/everything/data/css/mobile.min.css?ver=4.8
1444 - https://www.glofal.com/wp-content/themes/everything/data/css/style.min.css?ver=4.8
1445 - https://www.glofal.com/wp-content/themes/everything/data/js/everything.min.js?ver=4.8
1446 - https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2
1447 - https://www.glofal.com/wp-content/themes/everything/vendor/webberwebber/drone/js/social-media-api.js?ver=5.9
1448 - https://www.glofal.com/wp-content/uploads/2019/10/TMM_2019_v2-258x167.png
1449 - https://www.glofal.com/wp-content/uploads/masterslider/custom.css?ver=4.3
1450 - https://www.glofal.com/wp-content/uploads/public_documents/Alabama_Social_Media_Policy.pdf
1451 - https://www.glofal.com/wp-content/uploads/tmm/TMM-2019_Fall-258x167.png
1452 - https://www.glofal.com/wp-includes/wlwmanifest.xml
1453 - https://www.glofal.com/wp-json/
1454 - https://www.glofal.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.glofal.com%2F
1455 - https://www.glofal.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.glofal.com%2F&
1456 - https://www.glofal.com/xmlrpc.php?rsd
1457 - https://www.google.com/maps/embed/v1/place?q=341+Monument+DriveMillbrook%2C+AL+36054&
1458 - https://www.irs.gov/990n
1459 Total external links: 170
1460
1461+ Email addresses found:
1462 Total email address found: 0
1463
1464+ Directories found:
1465 - http://www.glofal.com./ajax.googleapis.com/
1466 - http://www.glofal.com./ajax.googleapis.com/ajax/
1467 - http://www.glofal.com./ajax.googleapis.com/ajax/libs/
1468 - http://www.glofal.com./ajax.googleapis.com/ajax/libs/webfont/
1469 - http://www.glofal.com./ajax.googleapis.com/ajax/libs/webfont/1.4.7/
1470 - http://www.glofal.com./assets.pinterest.com/
1471 - http://www.glofal.com./assets.pinterest.com/images/
1472 - http://www.glofal.com./assets.pinterest.com/images/pidgets/
1473 - http://www.glofal.com./events/
1474 - http://www.glofal.com./events/newevent/
1475 - http://www.glofal.com./pinterest.com/
1476 - http://www.glofal.com./pinterest.com/pin/
1477 - http://www.glofal.com./pinterest.com/pin/create/
1478 - http://www.glofal.com./pinterest.com/pin/create/button/
1479 Total directories: 14
1480
1481+ Directory indexing found:
1482 Total directories with indexing: 0
1483
1484----------------------------------------------------------------------
1485
1486
1487 + URL to crawl: http://ns01.glofal.com
1488 + Date: 2020-02-21
1489
1490 + Crawling URL: http://ns01.glofal.com:
1491 + Links:
1492 + Crawling http://ns01.glofal.com (timed out)
1493 + Searching for directories...
1494 + Searching open folders...
1495
1496
1497 + URL to crawl: http://mail.glofal.com.
1498 + Date: 2020-02-21
1499
1500 + Crawling URL: http://mail.glofal.com.:
1501 + Links:
1502 + Crawling http://mail.glofal.com. (timed out)
1503 + Searching for directories...
1504 + Searching open folders...
1505
1506
1507 + URL to crawl: http://ns2.glofal.com.
1508 + Date: 2020-02-21
1509
1510 + Crawling URL: http://ns2.glofal.com.:
1511 + Links:
1512 + Crawling http://ns2.glofal.com. (timed out)
1513 + Searching for directories...
1514 + Searching open folders...
1515
1516
1517 + URL to crawl: http://ftp.glofal.com.
1518 + Date: 2020-02-21
1519
1520 + Crawling URL: http://ftp.glofal.com.:
1521 + Links:
1522 + Crawling http://ftp.glofal.com. (timed out)
1523 + Searching for directories...
1524 + Searching open folders...
1525
1526
1527 + URL to crawl: http://ns02.glofal.com
1528 + Date: 2020-02-21
1529
1530 + Crawling URL: http://ns02.glofal.com:
1531 + Links:
1532 + Crawling http://ns02.glofal.com (timed out)
1533 + Searching for directories...
1534 + Searching open folders...
1535
1536
1537 + URL to crawl: http://ns1.glofal.com.
1538 + Date: 2020-02-21
1539
1540 + Crawling URL: http://ns1.glofal.com.:
1541 + Links:
1542 + Crawling http://ns1.glofal.com. (timed out)
1543 + Searching for directories...
1544 + Searching open folders...
1545
1546
1547 + URL to crawl: https://www.glofal.com.
1548 + Date: 2020-02-21
1549
1550 + Crawling URL: https://www.glofal.com.:
1551 + Links:
1552 + Crawling https://www.glofal.com. (timed out)
1553 + Searching for directories...
1554 + Searching open folders...
1555
1556
1557 + URL to crawl: https://ns01.glofal.com
1558 + Date: 2020-02-21
1559
1560 + Crawling URL: https://ns01.glofal.com:
1561 + Links:
1562 + Crawling https://ns01.glofal.com (timed out)
1563 + Searching for directories...
1564 + Searching open folders...
1565
1566
1567 + URL to crawl: https://mail.glofal.com.
1568 + Date: 2020-02-21
1569
1570 + Crawling URL: https://mail.glofal.com.:
1571 + Links:
1572 + Crawling https://mail.glofal.com. (timed out)
1573 + Searching for directories...
1574 + Searching open folders...
1575
1576
1577 + URL to crawl: https://ns2.glofal.com.
1578 + Date: 2020-02-21
1579
1580 + Crawling URL: https://ns2.glofal.com.:
1581 + Links:
1582 + Crawling https://ns2.glofal.com. (timed out)
1583 + Searching for directories...
1584 + Searching open folders...
1585
1586
1587 + URL to crawl: https://ftp.glofal.com.
1588 + Date: 2020-02-21
1589
1590 + Crawling URL: https://ftp.glofal.com.:
1591 + Links:
1592 + Crawling https://ftp.glofal.com. (timed out)
1593 + Searching for directories...
1594 + Searching open folders...
1595
1596
1597 + URL to crawl: https://ns02.glofal.com
1598 + Date: 2020-02-21
1599
1600 + Crawling URL: https://ns02.glofal.com:
1601 + Links:
1602 + Crawling https://ns02.glofal.com (timed out)
1603 + Searching for directories...
1604 + Searching open folders...
1605
1606
1607 + URL to crawl: https://ns1.glofal.com.
1608 + Date: 2020-02-21
1609
1610 + Crawling URL: https://ns1.glofal.com.:
1611 + Links:
1612 + Crawling https://ns1.glofal.com. (timed out)
1613 + Searching for directories...
1614 + Searching open folders...
1615
1616--Finished--
1617Summary information for domain glofal.com.
1618-----------------------------------------
1619
1620 Domain Ips Information:
1621 IP: 104.47.44.36
1622 HostName: glofal-com.mail.protection.outlook.com Type: MX
1623 HostName: mail-sn1nam040036.inbound.protection.outlook.com Type: PTR
1624 Country: United States
1625 Is Active: True (syn-ack ttl 105)
1626 Port: 25/tcp open smtp syn-ack ttl 105 Microsoft Exchange smtpd
1627 Script Info: | smtp-commands: SN1NAM04FT010.mail.protection.outlook.com Hello [45.132.192.30], SIZE 157286400, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, 8BITMIME, BINARYMIME, CHUNKING, SMTPUTF8,
1628 Script Info: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1629 Script Info: | ssl-cert: Subject: commonName=mail.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1630 Script Info: | Subject Alternative Name: DNS:mail.protection.outlook.com, DNS:*.mail.eo.outlook.com, DNS:*.mail.protection.outlook.com, DNS:mail.messaging.microsoft.com, DNS:outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.com
1631 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
1632 Script Info: | Public Key type: rsa
1633 Script Info: | Public Key bits: 2048
1634 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1635 Script Info: | Not valid before: 2018-05-18T22:06:55
1636 Script Info: | Not valid after: 2020-05-18T22:06:55
1637 Script Info: | MD5: fedc 1f64 4917 777a 5361 1fc9 3a9d 733e
1638 Script Info: |_SHA-1: 73b8 9750 fa40 6f7d 4f7e 43a9 355a 9d27 1079 e938
1639 Script Info: |_ssl-date: 2020-02-21T16:49:14+00:00; -1s from scanner time.
1640 Os Info: Host: SN1NAM04FT056.mail.protection.outlook.com; OS: Windows; CPE: cpe:/o:microsoft:windows
1641 Script Info: |_clock-skew: -1s
1642 IP: 13.107.6.156
1643 HostName: webmail.glofal.com. Type: A
1644 Country: United States
1645 Is Active: True (syn-ack ttl 117)
1646 Port: 80/tcp open upnp syn-ack ttl 117 Microsoft IIS httpd
1647 Script Info: |_http-title: Site doesn't have a title.
1648 Port: 443/tcp open ssl/upnp syn-ack ttl 117 Microsoft IIS httpd
1649 Script Info: |_http-title: Site doesn't have a title.
1650 Script Info: | ssl-cert: Subject: commonName=portal.office.com
1651 Script Info: | Subject Alternative Name: DNS:portal.office.com, DNS:portal.microsoftonline.com, DNS:portalprv.microsoftonline.com, DNS:auth.office.com, DNS:auth.microsoftonline.com, DNS:ncuportalprv.office.com, DNS:ncuauth.office.com, DNS:scuauth.office.com, DNS:weuauth.office.com, DNS:seaauth.office.com, DNS:easauth.office.com, DNS:ncuauthprv.office.com, DNS:scuauthprv.office.com, DNS:wusauthprv.office.com, DNS:office.com, DNS:portal.microsoft.com, DNS:home.office.com, DNS:portal-sdf.office.com, DNS:auth-sdf.office.com, DNS:prod.msocdn.com, DNS:ejpauth.office.com, DNS:eusauth.office.com, DNS:wusauth.office.com, DNS:www.office.com, DNS:*.www.office.com, DNS:nukauth.office.com, DNS:sukauth.office.com, DNS:admin.office.com, DNS:admin.microsoft.com, DNS:admin.microsoft365.com, DNS:www.microsoft365.com, DNS:ntp.www.office.com, DNS:fluid.office.com, DNS:auth-sdf.microsoftonline.com, DNS:microsoft365.com, DNS:word.office.com, DNS:excel.office.com, DNS:powerpoint.office.com, DNS:visio.office.com, DNS:apps.office.com
1652 Script Info: | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1653 Script Info: | Public Key type: rsa
1654 Script Info: | Public Key bits: 2048
1655 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1656 Script Info: | Not valid before: 2019-09-04T19:37:13
1657 Script Info: | Not valid after: 2021-09-04T19:37:13
1658 Script Info: | MD5: 3a36 c46f b203 99d6 41c6 c652 89de f068
1659 Script Info: |_SHA-1: b7c7 9d0c 1f14 a50f 774a 4532 1296 edff a4dd fa61
1660 Script Info: |_ssl-date: 2020-02-21T16:49:55+00:00; -1s from scanner time.
1661 Script Info: | tls-alpn:
1662 Script Info: |_ http/1.1
1663 Script Info: |_clock-skew: -1s
1664 IP: 104.47.45.36
1665 HostName: glofal-com.mail.protection.outlook.com Type: MX
1666 HostName: mail-co1nam040036.inbound.protection.outlook.com Type: PTR
1667 Country: United States
1668 Is Active: True (syn-ack ttl 105)
1669 Port: 25/tcp open smtp syn-ack ttl 105 Microsoft Exchange smtpd
1670 Script Info: | smtp-commands: CO1NAM04FT050.mail.protection.outlook.com Hello [45.132.192.30], SIZE 157286400, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, 8BITMIME, BINARYMIME, CHUNKING, SMTPUTF8,
1671 Script Info: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1672 Script Info: | ssl-cert: Subject: commonName=mail.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1673 Script Info: | Subject Alternative Name: DNS:mail.protection.outlook.com, DNS:*.mail.eo.outlook.com, DNS:*.mail.protection.outlook.com, DNS:mail.messaging.microsoft.com, DNS:outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.com
1674 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
1675 Script Info: | Public Key type: rsa
1676 Script Info: | Public Key bits: 2048
1677 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1678 Script Info: | Not valid before: 2018-05-18T22:06:55
1679 Script Info: | Not valid after: 2020-05-18T22:06:55
1680 Script Info: | MD5: fedc 1f64 4917 777a 5361 1fc9 3a9d 733e
1681 Script Info: |_SHA-1: 73b8 9750 fa40 6f7d 4f7e 43a9 355a 9d27 1079 e938
1682 Script Info: |_ssl-date: 2020-02-21T16:50:20+00:00; -2s from scanner time.
1683 Os Info: Host: CO1NAM04FT053.mail.protection.outlook.com; OS: Windows; CPE: cpe:/o:microsoft:windows
1684 Script Info: |_clock-skew: -2s
1685 IP: 151.106.38.107
1686 HostName: ns01.glofal.com Type: NS
1687 HostName: ns3152160.ip-151-106-38.eu Type: PTR
1688 HostName: ns02.glofal.com Type: NS
1689 Type: SPF
1690 Type: SPF
1691 HostName: www.glofal.com. Type: A
1692 HostName: ftp.glofal.com. Type: A
1693 HostName: mail.glofal.com. Type: A
1694 HostName: ns1.glofal.com. Type: A
1695 HostName: ns2.glofal.com. Type: A
1696 Country: France
1697 Is Active: True (syn-ack ttl 50)
1698 Port: 21/tcp open ftp syn-ack ttl 50 Pure-FTPd
1699 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1700 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1701 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1702 Script Info: | Public Key type: rsa
1703 Script Info: | Public Key bits: 2048
1704 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1705 Script Info: | Not valid before: 2019-10-01T00:00:00
1706 Script Info: | Not valid after: 2020-09-30T23:59:59
1707 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1708 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1709 Script Info: |_ssl-date: TLS randomness does not represent time
1710 Port: 22/tcp open ssh syn-ack ttl 50 OpenSSH 7.4 (protocol 2.0)
1711 Port: 25/tcp open smtp? syn-ack ttl 50
1712 Script Info: |_smtp-commands: Couldn't establish connection on port 25
1713 Port: 53/tcp open domain syn-ack ttl 50 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1714 Script Info: | dns-nsid:
1715 Script Info: |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1716 Port: 80/tcp open http syn-ack ttl 50 Apache httpd
1717 Script Info: | http-methods:
1718 Script Info: |_ Supported Methods: POST OPTIONS HEAD GET
1719 Script Info: |_http-server-header: Apache
1720 Script Info: |_http-title: Site doesn't have a title (text/html).
1721 Port: 110/tcp open pop3 syn-ack ttl 50 Dovecot pop3d
1722 Script Info: |_pop3-capabilities: SASL(PLAIN LOGIN) AUTH-RESP-CODE TOP CAPA UIDL PIPELINING STLS USER RESP-CODES
1723 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1724 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1725 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1726 Script Info: | Public Key type: rsa
1727 Script Info: | Public Key bits: 2048
1728 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1729 Script Info: | Not valid before: 2019-10-01T00:00:00
1730 Script Info: | Not valid after: 2020-09-30T23:59:59
1731 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1732 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1733 Port: 111/tcp open rpcbind syn-ack ttl 50 2-4 (RPC #100000)
1734 Script Info: | rpcinfo:
1735 Script Info: | program version port/proto service
1736 Script Info: | 100000 2,3,4 111/tcp rpcbind
1737 Script Info: | 100000 2,3,4 111/udp rpcbind
1738 Script Info: | 100000 3,4 111/tcp6 rpcbind
1739 Script Info: |_ 100000 3,4 111/udp6 rpcbind
1740 Port: 143/tcp open imap syn-ack ttl 50 Dovecot imapd
1741 Script Info: |_imap-capabilities: STARTTLS NAMESPACE capabilities SASL-IR AUTH=PLAIN listed IDLE LOGIN-REFERRALS IMAP4rev1 LITERAL+ OK Pre-login have post-login ENABLE AUTH=LOGINA0001 more ID
1742 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1743 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1744 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1745 Script Info: | Public Key type: rsa
1746 Script Info: | Public Key bits: 2048
1747 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1748 Script Info: | Not valid before: 2019-10-01T00:00:00
1749 Script Info: | Not valid after: 2020-09-30T23:59:59
1750 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1751 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1752 Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd
1753 Script Info: | http-methods:
1754 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1755 Script Info: |_http-server-header: Apache
1756 Script Info: |_http-title: Alabama: International Order of the Rainbow for Girls
1757 Script Info: | ssl-cert: Subject: commonName=hiram02.glofal.com
1758 Script Info: | Subject Alternative Name: DNS:hiram02.glofal.com, DNS:www.hiram02.glofal.com, DNS:alaoes.org, DNS:www.alyorkrite.org, DNS:www.myalor.org, DNS:www.alafreemasonry.org, DNS:dothanscottishrite.org, DNS:myalor.org, DNS:guytsmith883.org, DNS:emason.alafreemasonry.org, DNS:hiram02.alafreemasonry.org, DNS:www.alchip.org, DNS:glofal.com, DNS:alafreemasonry.org, DNS:alabamaiorg.org, DNS:www.glofal.com, DNS:dev.glofal.com, DNS:coosavalleylodge929.org, DNS:www.alabamaiorg.org, DNS:www.alaoes.org
1759 Script Info: | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US
1760 Script Info: | Public Key type: rsa
1761 Script Info: | Public Key bits: 2048
1762 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1763 Script Info: | Not valid before: 2019-09-03T19:25:14
1764 Script Info: | Not valid after: 2020-11-02T22:15:01
1765 Script Info: | MD5: 9172 45b3 e671 fd04 d692 4cf9 9073 b63c
1766 Script Info: |_SHA-1: d173 2c8d ca2a c3ae 72f5 bc05 edfa 8483 a77d be5a
1767 Port: 465/tcp open ssl/smtp syn-ack ttl 50 Exim smtpd 4.92
1768 Script Info: | smtp-commands: hiram04.glofal.com Hello nmap.scanme.org [45.132.192.30], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1769 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1770 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1771 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1772 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1773 Script Info: | Public Key type: rsa
1774 Script Info: | Public Key bits: 2048
1775 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1776 Script Info: | Not valid before: 2019-10-01T00:00:00
1777 Script Info: | Not valid after: 2020-09-30T23:59:59
1778 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1779 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1780 Port: 587/tcp open smtp syn-ack ttl 50 Exim smtpd 4.92
1781 Script Info: | smtp-commands: hiram04.glofal.com Hello nmap.scanme.org [45.132.192.30], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1782 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1783 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1784 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1785 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1786 Script Info: | Public Key type: rsa
1787 Script Info: | Public Key bits: 2048
1788 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1789 Script Info: | Not valid before: 2019-10-01T00:00:00
1790 Script Info: | Not valid after: 2020-09-30T23:59:59
1791 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1792 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1793 Port: 993/tcp open imaps? syn-ack ttl 50
1794 Script Info: |_imap-capabilities: NAMESPACE capabilities SASL-IR AUTH=PLAIN listed IDLE LOGIN-REFERRALS IMAP4rev1 LITERAL+ OK Pre-login have post-login ENABLE AUTH=LOGINA0001 more ID
1795 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1796 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1797 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1798 Script Info: | Public Key type: rsa
1799 Script Info: | Public Key bits: 2048
1800 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1801 Script Info: | Not valid before: 2019-10-01T00:00:00
1802 Script Info: | Not valid after: 2020-09-30T23:59:59
1803 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1804 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1805 Port: 995/tcp open pop3s? syn-ack ttl 50
1806 Script Info: |_pop3-capabilities: AUTH-RESP-CODE UIDL CAPA SASL(PLAIN LOGIN) PIPELINING RESP-CODES USER TOP
1807 Script Info: | ssl-cert: Subject: commonName=hiram04.glofal.com
1808 Script Info: | Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
1809 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1810 Script Info: | Public Key type: rsa
1811 Script Info: | Public Key bits: 2048
1812 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1813 Script Info: | Not valid before: 2019-10-01T00:00:00
1814 Script Info: | Not valid after: 2020-09-30T23:59:59
1815 Script Info: | MD5: f633 a009 ea5e dcc1 e31d bf2c 47c9 85c9
1816 Script Info: |_SHA-1: e90b c47a 3c76 7eb1 1579 18b1 209b 6719 953c 9937
1817 Port: 3306/tcp open mysql syn-ack ttl 50 MySQL 5.7.29
1818 Script Info: | mysql-info:
1819 Script Info: | Protocol: 10
1820 Script Info: | Version: 5.7.29
1821 Script Info: | Thread ID: 468032
1822 Script Info: | Capabilities flags: 65535
1823 Script Info: | Some Capabilities: FoundRows, Support41Auth, Speaks41ProtocolOld, IgnoreSpaceBeforeParenthesis, LongPassword, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, IgnoreSigpipes, InteractiveClient, SupportsTransactions, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, ODBCClient, SupportsCompression, LongColumnFlag, ConnectWithDatabase, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
1824 Script Info: | Status: Autocommit
1825 Script Info: | Salt: &5\x02\x14\x1C\x0E,,2@\x01i6\x1A\x0Fg;Nx\x15
1826 Script Info: |_ Auth Plugin Name: mysql_native_password
1827 Os Info: Host: hiram04.glofal.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1828
1829--------------End Summary --------------
1830-----------------------------------------
1831#####################################################################################################################################
1832traceroute to www.glofal.com (151.106.38.107), 30 hops max, 60 byte packets
1833 1 _gateway (10.203.28.1) 129.469 ms 129.475 ms 129.610 ms
1834 2 * * *
1835 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 137.101 ms 137.291 ms 137.465 ms
1836 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 135.790 ms 135.825 ms 135.776 ms
1837 5 be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190) 140.456 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 140.404 ms 140.336 ms
1838 6 be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102) 151.723 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161) 149.750 ms 149.747 ms
1839 7 be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129) 161.133 ms 160.703 ms 161.072 ms
1840 8 be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38) 160.969 ms 161.030 ms 161.017 ms
1841 9 * * *
184210 be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193) 172.605 ms 172.544 ms 171.430 ms
184311 fra-fr5-sbb2-nc5.de.eu (54.36.50.116) 181.199 ms 179.985 ms 184.791 ms
184412 be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247) 179.486 ms 179.400 ms 179.471 ms
184513 * * *
184614 * * *
184715 * * *
184816 * * *
184917 ns3152160.ip-151-106-38.eu (151.106.38.107) 181.798 ms 180.905 ms 180.916 ms
1850#####################################################################################################################################
1851----- glofal.com -----
1852
1853
1854Host's addresses:
1855__________________
1856
1857glofal.com. 13202 IN A 151.106.38.107
1858
1859
1860Name Servers:
1861______________
1862
1863ns02.glofal.com. 14400 IN A 151.106.38.107
1864ns01.glofal.com. 14400 IN A 151.106.38.107
1865
1866
1867Mail (MX) Servers:
1868___________________
1869
1870glofal-com.mail.protection.outlook.com. 10 IN A 104.47.44.36
1871glofal-com.mail.protection.outlook.com. 10 IN A 104.47.45.36
1872
1873
1874Google Results:
1875________________
1876
1877dev9.glofal.com. 14400 IN A 151.106.38.107
1878dev3.glofal.com. 14400 IN A 151.106.38.107
1879
1880
1881Brute forcing with /usr/share/dnsenum/dns.txt:
1882_______________________________________________
1883
1884ftp.glofal.com. 14400 IN A 151.106.38.107
1885mail.glofal.com. 14242 IN CNAME glofal.com.
1886glofal.com. 14230 IN A 151.106.38.107
1887ns01.glofal.com. 14352 IN A 151.106.38.107
1888ns02.glofal.com. 12750 IN A 151.106.38.107
1889ns1.glofal.com. 14400 IN A 151.106.38.107
1890ns2.glofal.com. 14400 IN A 151.106.38.107
1891ns3.glofal.com. 14400 IN A 151.106.38.107
1892portal.glofal.com. 14400 IN CNAME portal.office.com.
1893portal.office.com. 1812 IN CNAME geo.portal.office.akadns.net.
1894geo.portal.office.akadns.net. 300 IN CNAME (
1895nonus_edge.portal.office.akadns.net. 300 IN CNAME (
1896portal-office365-com.b-0004.b-msedge.net. 240 IN CNAME b-0004.b-msedge.net.
1897b-0004.b-msedge.net. 80 IN A 13.107.6.156
1898webmail.glofal.com. 14400 IN CNAME portal.office.com.
1899portal.office.com. 3168 IN CNAME geo.portal.office.akadns.net.
1900geo.portal.office.akadns.net. 22 IN CNAME (
1901nonus_edge.portal.office.akadns.net. 22 IN CNAME (
1902portal-office365-com.b-0004.b-msedge.net. 48 IN CNAME b-0004.b-msedge.net.
1903b-0004.b-msedge.net. 48 IN A 13.107.6.156
1904www.glofal.com. 14364 IN CNAME glofal.com.
1905glofal.com. 13961 IN A 151.106.38.107
1906
1907
1908Launching Whois Queries:
1909_________________________
1910
1911 whois ip result: 151.106.38.0 -> 151.106.32.0/20
1912
1913
1914glofal.com__________
1915
1916 151.106.32.0/20
1917#####################################################################################################################################
1918dnsenum VERSION:1.2.6
1919
1920----- www.glofal.com -----
1921
1922
1923Host's addresses:
1924__________________
1925
1926glofal.com. 13574 IN A 151.106.38.107
1927
1928
1929Name Servers:
1930______________
1931
1932ns02.glofal.com. 14400 IN A 151.106.38.107#############
1933ns01.glofal.com. 14400 IN A 151.106.38.107
1934
1935
1936Mail (MX) Servers:
1937___________________
1938
1939glofal-com.mail.protection.outlook.com. 10 IN A 104.47.44.36
1940glofal-com.mail.protection.outlook.com. 10 IN A 104.47.46.36
1941
1942
1943
1944######################################################################################################################################
1945URLCrazy Domain Report
1946Domain : www.glofal.com
1947Keyboard : qwerty
1948At : 2020-02-21 11:47:13 -0500
1949
1950# Please wait. 128 hostnames to process
1951
1952Typo Type Typo DNS-A CC-A DNS-MX Extn
1953---------------------------------------------------------------------------------------------------------------------------------------------
1954Character Omission ww.glofal.com ? com
1955Character Omission www.glfal.com ? com
1956Character Omission www.gloal.com 72.52.179.174 US,UNITED STATES mx156.hostedmxserver.com com
1957Character Omission www.glofa.com ? com
1958Character Omission www.glofal.cm ? cm
1959Character Omission www.glofl.com ? com
1960Character Omission www.gofal.com 54.208.77.124 US,UNITED STATES com
1961Character Omission www.lofal.com 69.172.201.153 US,UNITED STATES mx247.in-mx.net com
1962Character Omission wwwglofal.com ? com
1963Character Repeat www.gglofal.com ? com
1964Character Repeat www.gllofal.com ? com
1965Character Repeat www.glofaal.com ? com
1966Character Repeat www.glofall.com ? com
1967Character Repeat www.gloffal.com ? com
1968Character Repeat www.gloofal.com ? com
1969Character Repeat wwww.glofal.com ? com
1970Character Swap ww.wglofal.com ? com
1971Character Swap www.glfoal.com ? com
1972Character Swap www.gloafl.com ? com
1973Character Swap www.glofla.com ? com
1974Character Swap www.golfal.com 66.97.240.23 US,UNITED STATES com
1975Character Swap www.lgofal.com ? com
1976Character Swap wwwg.lofal.com 69.172.201.153 US,UNITED STATES mx247.in-mx.net com
1977Character Replacement eww.glofal.com ? com
1978Character Replacement qww.glofal.com ? com
1979Character Replacement wew.glofal.com ? com
1980Character Replacement wqw.glofal.com ? com
1981Character Replacement wwe.glofal.com ? com
1982Character Replacement wwq.glofal.com ? com
1983Character Replacement www.flofal.com ? com
1984Character Replacement www.gkofal.com ? com
1985Character Replacement www.glifal.com ? com
1986Character Replacement www.glodal.com 23.20.239.12 US,UNITED STATES com
1987Character Replacement www.glofak.com ? com
1988Character Replacement www.glofsl.com ? com
1989Character Replacement www.glogal.com 35.186.238.101 ID,INDONESIA com
1990Character Replacement www.glpfal.com ? com
1991Character Replacement www.hlofal.com ? com
1992Double Character Replacement eew.glofal.com ? com
1993Double Character Replacement qqw.glofal.com ? com
1994Double Character Replacement wee.glofal.com ? com
1995Double Character Replacement wqq.glofal.com ? com
1996Character Insertion weww.glofal.com ? com
1997Character Insertion wqww.glofal.com ? com
1998Character Insertion wwew.glofal.com ? com
1999Character Insertion wwqw.glofal.com ? com
2000Character Insertion www.gflofal.com ? com
2001Character Insertion www.ghlofal.com ? com
2002Character Insertion www.glkofal.com ? com
2003Character Insertion www.glofalk.com ? com
2004Character Insertion www.glofasl.com ? com
2005Character Insertion www.glofdal.com ? com
2006Character Insertion www.glofgal.com ? com
2007Character Insertion www.gloifal.com ? com
2008Character Insertion www.glopfal.com ? com
2009Character Insertion wwwe.glofal.com ? com
2010Character Insertion wwwq.glofal.com ? com
2011Missing Dot wwwwww.glofal.com ? com
2012Singular or Pluralise glofal.com 151.106.38.107 US,UNITED STATES glofal-com.mail.protection.outlook.com com
2013Singular or Pluralise glofals.com ? com
2014Vowel Swap www.glofel.com 199.34.228.59 US,UNITED STATES com
2015Vowel Swap www.glofil.com 23.20.239.12 US,UNITED STATES com
2016Vowel Swap www.glofol.com ? com
2017Vowel Swap www.gloful.com 206.188.193.222 US,UNITED STATES com
2018Homophones www.glowfal.com ? com
2019Bit Flipping 7ww.glofal.com ? com
2020Bit Flipping gww.glofal.com ? com
2021Bit Flipping sww.glofal.com ? com
2022Bit Flipping uww.glofal.com ? com
2023Bit Flipping vww.glofal.com ? com
2024Bit Flipping w7w.glofal.com ? com
2025Bit Flipping wgw.glofal.com ? com
2026Bit Flipping wsw.glofal.com ? com
2027Bit Flipping wuw.glofal.com ? com
2028Bit Flipping wvw.glofal.com ? com
2029Bit Flipping ww7.glofal.com ? com
2030Bit Flipping wwg.glofal.com ? com
2031Bit Flipping wws.glofal.com ? com
2032Bit Flipping wwu.glofal.com ? com
2033Bit Flipping wwv.glofal.com ? com
2034Bit Flipping www.clofal.com ? com
2035Bit Flipping www.elofal.com ? com
2036Bit Flipping www.gdofal.com ? com
2037Bit Flipping www.ghofal.com ? com
2038Bit Flipping www.glgfal.com ? com
2039Bit Flipping www.glkfal.com ? com
2040Bit Flipping www.glmfal.com ? com
2041Bit Flipping www.glnfal.com ? com
2042Bit Flipping www.global.com 104.27.174.62 com
2043Bit Flipping www.glofad.com 103.254.223.21 com
2044Bit Flipping www.glofah.com ? com
2045Bit Flipping www.glofam.com 50.63.202.48 US,UNITED STATES com
2046Bit Flipping www.glofan.com ? com
2047Bit Flipping www.glofcl.com ? com
2048Bit Flipping www.glofql.com ? com
2049Bit Flipping www.glonal.com 156.229.79.53 com
2050Bit Flipping www.gloval.com 208.91.197.128 VG,VIRGIN ISLANDS (BRITISH) com
2051Bit Flipping www.gmofal.com ? com
2052Bit Flipping www.gnofal.com ? com
2053Bit Flipping www.olofal.com ? com
2054Bit Flipping www.wlofal.com ? com
2055Bit Flipping wwwnglofal.com ? com
2056Homoglyphs vvvvvv.glofal.com ? com
2057Homoglyphs vvvvw.glofal.com ? com
2058Homoglyphs vvwvv.glofal.com ? com
2059Homoglyphs vvww.glofal.com ? com
2060Homoglyphs wvvvv.glofal.com ? com
2061Homoglyphs wvvw.glofal.com ? com
2062Homoglyphs wwvv.glofal.com ? com
2063Homoglyphs www.g1ofa1.com ? com
2064Homoglyphs www.g1ofal.com ? com
2065Homoglyphs www.gl0fal.com ? com
2066Homoglyphs www.glofa1.com ? com
2067Wrong TLD glofal.ca ? ca
2068Wrong TLD glofal.ch ? ch
2069Wrong TLD glofal.de ? de
2070Wrong TLD glofal.edu ? edu
2071Wrong TLD glofal.es ? es
2072Wrong TLD glofal.fr ? fr
2073Wrong TLD glofal.it ? it
2074Wrong TLD glofal.jp ? jp
2075Wrong TLD glofal.net 184.168.221.55 US,UNITED STATES mailstore1.secureserver.net net
2076Wrong TLD glofal.nl ? nl
2077Wrong TLD glofal.no ? no
2078Wrong TLD glofal.org 185.182.56.76 mail.glofal.org org
2079Wrong TLD glofal.ru ? ru
2080Wrong TLD glofal.se ? se
2081Wrong TLD glofal.us ? us
2082#####################################################################################################################################
2083[*] Processing domain www.glofal.com
2084[*] Using system resolvers ['10.101.0.243', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
2085[+] Getting nameservers
2086151.106.38.107 - ns02.glofal.com
2087151.106.38.107 - ns01.glofal.com
2088[-] Zone transfer failed
2089
2090[+] TXT records found
2091"google-site-verification=ul3Hy_yHjXr2C01cfdRMaQxWNEQmanZjhfhGXhBBdhs"
2092"MS=ms19286565"
2093"v=spf1 ip4:151.106.38.107 mx a ip4:151.106.38.107 a:spf.protection.outlook.com a:servers.mcsv.net ?all"
2094
2095[+] MX records found, added to target list
20960 glofal-com.mail.protection.outlook.com.
2097
2098[*] Scanning www.glofal.com for A records
2099151.106.38.107 - www.glofal.com
2100#####################################################################################################################################
2101[*] Found SPF record:
2102[*] v=spf1 ip4:151.106.38.107 mx a ip4:151.106.38.107 a:spf.protection.outlook.com a:servers.mcsv.net ?all
2103[+] SPF record has no All string
2104[*] Checking SPF include mechanisms
2105[*] Include mechanisms are not strong
2106[*] No DMARC record found. Looking for organizational record
2107[+] No organizational DMARC record
2108[+] Spoofing possible for www.glofal.com!
2109####################################################################################################################################
2110WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2111Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 11:53 EST
2112Nmap scan report for www.glofal.com (151.106.38.107)
2113Host is up (0.18s latency).
2114rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2115Not shown: 481 closed ports, 1 filtered port
2116Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2117PORT STATE SERVICE
211821/tcp open ftp
211922/tcp open ssh
212025/tcp open smtp
212153/tcp open domain
212280/tcp open http
2123110/tcp open pop3
2124111/tcp open rpcbind
2125143/tcp open imap
2126443/tcp open https
2127465/tcp open smtps
2128587/tcp open submission
2129993/tcp open imaps
2130995/tcp open pop3s
21313306/tcp open mysql
2132
2133Nmap done: 1 IP address (1 host up) scanned in 2.74 seconds
2134#####################################################################################################################################
2135Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 11:53 EST
2136Nmap scan report for www.glofal.com (151.106.38.107)
2137Host is up (0.18s latency).
2138rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2139Not shown: 5 closed ports
2140PORT STATE SERVICE
214153/udp open|filtered domain
214267/udp open|filtered dhcps
214369/udp open|filtered tftp
2144123/udp open|filtered ntp
2145137/udp open|filtered netbios-ns
2146139/udp open|filtered netbios-ssn
2147389/udp open|filtered ldap
2148500/udp open|filtered isakmp
2149520/udp open|filtered route
21502049/udp open|filtered nfs
2151
2152Nmap done: 1 IP address (1 host up) scanned in 6.04 seconds
2153#####################################################################################################################################
2154Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 11:53 EST
2155NSE: Loaded 54 scripts for scanning.
2156NSE: Script Pre-scanning.
2157Initiating NSE at 11:53
2158Completed NSE at 11:53, 0.00s elapsed
2159Initiating NSE at 11:53
2160Completed NSE at 11:53, 0.00s elapsed
2161Initiating Parallel DNS resolution of 1 host. at 11:53
2162Completed Parallel DNS resolution of 1 host. at 11:53, 0.02s elapsed
2163Initiating SYN Stealth Scan at 11:53
2164Scanning www.glofal.com (151.106.38.107) [1 port]
2165Discovered open port 21/tcp on 151.106.38.107
2166Completed SYN Stealth Scan at 11:53, 0.21s elapsed (1 total ports)
2167Initiating Service scan at 11:53
2168Scanning 1 service on www.glofal.com (151.106.38.107)
2169Completed Service scan at 11:53, 0.36s elapsed (1 service on 1 host)
2170Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2171Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2172Initiating Traceroute at 11:53
2173Completed Traceroute at 11:53, 3.33s elapsed
2174Initiating Parallel DNS resolution of 11 hosts. at 11:53
2175Completed Parallel DNS resolution of 11 hosts. at 11:53, 0.48s elapsed
2176NSE: Script scanning 151.106.38.107.
2177Initiating NSE at 11:53
2178Completed NSE at 11:53, 0.82s elapsed
2179Initiating NSE at 11:53
2180Completed NSE at 11:53, 0.00s elapsed
2181Nmap scan report for www.glofal.com (151.106.38.107)
2182Host is up (0.18s latency).
2183rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2184
2185PORT STATE SERVICE VERSION
218621/tcp open ftp Pure-FTPd
2187| ftp-brute:
2188| Accounts: No valid accounts found
2189| Statistics: Performed 0 guesses in 1 seconds, average tps: 0.0
2190|_ ERROR: The service seems to have failed or is heavily firewalled...
2191Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2192Aggressive OS guesses: Linux 2.6.32 (95%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), HP P2000 G3 NAS device (93%), ASUS RT-N56U WAP (Linux 3.4) (92%), Linux 3.16 (92%), Linux 2.6.39 - 3.2 (92%), Infomir MAG-250 set-top box (92%), Linux 3.1 - 3.2 (92%)
2193No exact OS matches for host (test conditions non-ideal).
2194Uptime guess: 33.165 days (since Sun Jan 19 07:56:39 2020)
2195Network Distance: 17 hops
2196TCP Sequence Prediction: Difficulty=259 (Good luck!)
2197IP ID Sequence Generation: All zeros
2198
2199TRACEROUTE (using port 21/tcp)
2200HOP RTT ADDRESS
22011 134.24 ms 10.203.28.1
22022 ...
22033 132.02 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
22044 133.39 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
22055 138.78 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
22066 150.41 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
22077 160.22 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
22088 165.43 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
22099 ...
221010 176.29 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
221111 186.29 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
221212 181.30 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
221313 ... 16
221417 179.98 ms ns3152160.ip-151-106-38.eu (151.106.38.107)
2215
2216NSE: Script Post-scanning.
2217Initiating NSE at 11:53
2218Completed NSE at 11:53, 0.00s elapsed
2219Initiating NSE at 11:53
2220Completed NSE at 11:53, 0.00s elapsed
2221######################################################################################################################################
2222# general
2223(gen) banner: SSH-2.0-OpenSSH_7.4
2224(gen) software: OpenSSH 7.4
2225(gen) compatibility: OpenSSH 7.2+ (some functionality from 6.6), Dropbear SSH 2013.56+
2226(gen) compression: enabled (zlib@openssh.com)
2227
2228# key exchange algorithms
2229(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
2230 `- [info] available since OpenSSH 4.4
2231(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
2232 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2233(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2234 `- [warn] using weak hashing algorithm
2235 `- [info] available since OpenSSH 2.3.0
2236
2237# host-key algorithms
2238(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2239(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
2240(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
2241(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
2242
2243# encryption algorithms (ciphers)
2244(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
2245(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
2246(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2247(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2248
2249# message authentication code algorithms
2250(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
2251(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
2252(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
2253(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
2254 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2255(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
2256 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2257
2258# algorithm recommendations (for OpenSSH 7.4)
2259(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
2260(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
2261(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
2262(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append
2263(rec) +diffie-hellman-group14-sha256 -- kex algorithm to append
2264(rec) +curve25519-sha256@libssh.org -- kex algorithm to append
2265(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append
2266(rec) +chacha20-poly1305@openssh.com -- enc algorithm to append
2267(rec) +aes192-ctr -- enc algorithm to append
2268(rec) -hmac-sha2-512 -- mac algorithm to remove
2269(rec) -hmac-sha2-256 -- mac algorithm to remove
2270#######################################################################################################################################
2271Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 11:54 EST
2272NSE: Loaded 51 scripts for scanning.
2273NSE: Script Pre-scanning.
2274Initiating NSE at 11:54
2275Completed NSE at 11:54, 0.00s elapsed
2276Initiating NSE at 11:54
2277Completed NSE at 11:54, 0.00s elapsed
2278Initiating Parallel DNS resolution of 1 host. at 11:54
2279Completed Parallel DNS resolution of 1 host. at 11:54, 0.02s elapsed
2280Initiating SYN Stealth Scan at 11:54
2281Scanning www.glofal.com (151.106.38.107) [1 port]
2282Discovered open port 22/tcp on 151.106.38.107
2283Completed SYN Stealth Scan at 11:54, 0.22s elapsed (1 total ports)
2284Initiating Service scan at 11:54
2285Scanning 1 service on www.glofal.com (151.106.38.107)
2286Completed Service scan at 11:54, 0.37s elapsed (1 service on 1 host)
2287Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2288Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2289Initiating Traceroute at 11:54
2290Completed Traceroute at 11:54, 3.34s elapsed
2291Initiating Parallel DNS resolution of 11 hosts. at 11:54
2292Completed Parallel DNS resolution of 11 hosts. at 11:54, 0.26s elapsed
2293NSE: Script scanning 151.106.38.107.
2294Initiating NSE at 11:54
2295NSE: [ssh-run 151.106.38.107:22] Failed to specify credentials and command to run.
2296NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: root:root
2297NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: admin:admin
2298NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: administrator:administrator
2299NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: webadmin:webadmin
2300NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: sysadmin:sysadmin
2301NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: netadmin:netadmin
2302NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: guest:guest
2303NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: user:user
2304NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: web:web
2305NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: test:test
2306NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: root:
2307NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: admin:
2308NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: administrator:
2309NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: webadmin:
2310NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: sysadmin:
2311NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: netadmin:
2312NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: guest:
2313NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: user:
2314NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: web:
2315NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: test:
2316NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: root:123456
2317NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: admin:123456
2318NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: administrator:123456
2319NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: webadmin:123456
2320NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: sysadmin:123456
2321NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: netadmin:123456
2322NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: guest:123456
2323NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: user:123456
2324NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: web:123456
2325NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: test:123456
2326NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: root:12345
2327NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: admin:12345
2328NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: administrator:12345
2329NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: webadmin:12345
2330NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: sysadmin:12345
2331NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: netadmin:12345
2332NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: guest:12345
2333NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: user:12345
2334NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: web:12345
2335NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: test:12345
2336NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: root:123456789
2337NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: admin:123456789
2338NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: administrator:123456789
2339NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: webadmin:123456789
2340NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: sysadmin:123456789
2341NSE: [ssh-brute 151.106.38.107:22] Trying username/password pair: netadmin:123456789
2342Completed NSE at 11:55, 90.68s elapsed
2343Initiating NSE at 11:55
2344Completed NSE at 11:55, 0.05s elapsed
2345Nmap scan report for www.glofal.com (151.106.38.107)
2346Host is up (0.18s latency).
2347rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2348
2349PORT STATE SERVICE VERSION
235022/tcp open ssh OpenSSH 7.4 (protocol 2.0)
2351| ssh-auth-methods:
2352| Supported authentication methods:
2353| publickey
2354| gssapi-keyex
2355| gssapi-with-mic
2356|_ password
2357| ssh-publickey-acceptance:
2358|_ Accepted Public Keys: No public keys accepted
2359|_ssh-run: Failed to specify credentials and command to run.
2360| vulners:
2361| cpe:/a:openbsd:openssh:7.4:
2362| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
2363|_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
2364Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2365Aggressive OS guesses: Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), Linux 2.6.32 (94%), HP P2000 G3 NAS device (93%), ASUS RT-N56U WAP (Linux 3.4) (92%), Linux 3.16 (92%), Linux 3.1 - 3.2 (92%), Linux 3.11 (92%), Linux 3.2 - 4.9 (92%)
2366No exact OS matches for host (test conditions non-ideal).
2367Uptime guess: 33.166 days (since Sun Jan 19 07:56:39 2020)
2368Network Distance: 17 hops
2369TCP Sequence Prediction: Difficulty=252 (Good luck!)
2370IP ID Sequence Generation: All zeros
2371
2372TRACEROUTE (using port 22/tcp)
2373HOP RTT ADDRESS
23741 131.58 ms 10.203.28.1
23752 ...
23763 132.50 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
23774 132.56 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
23785 137.82 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
23796 149.47 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
23807 165.33 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
23818 163.17 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
23829 ...
238310 174.17 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
238411 179.99 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
238512 174.75 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
238613 ... 16
238717 174.20 ms ns3152160.ip-151-106-38.eu (151.106.38.107)
2388
2389NSE: Script Post-scanning.
2390Initiating NSE at 11:55
2391Completed NSE at 11:55, 0.00s elapsed
2392Initiating NSE at 11:55
2393Completed NSE at 11:55, 0.00s elapsed
2394######################################################################################################################################
2395USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2396RHOSTS => www.glofal.com
2397RHOST => www.glofal.com
2398[*] 151.106.38.107:22 - SSH - Using malformed packet technique
2399[*] 151.106.38.107:22 - SSH - Starting scan
2400[-] 151.106.38.107:22 - SSH - User 'admin' on could not connect
2401[-] 151.106.38.107:22 - SSH - User 'administrator' on could not connect
2402[-] 151.106.38.107:22 - SSH - User 'anonymous' on could not connect
2403[-] 151.106.38.107:22 - SSH - User 'backup' on could not connect
2404[-] 151.106.38.107:22 - SSH - User 'bee' on could not connect
2405[-] 151.106.38.107:22 - SSH - User 'ftp' on could not connect
2406[-] 151.106.38.107:22 - SSH - User 'guest' on could not connect
2407[-] 151.106.38.107:22 - SSH - User 'GUEST' on could not connect
2408[-] 151.106.38.107:22 - SSH - User 'info' on could not connect
2409[-] 151.106.38.107:22 - SSH - User 'mail' on could not connect
2410[-] 151.106.38.107:22 - SSH - User 'mailadmin' on could not connect
2411[-] 151.106.38.107:22 - SSH - User 'msfadmin' on could not connect
2412[-] 151.106.38.107:22 - SSH - User 'mysql' on could not connect
2413[-] 151.106.38.107:22 - SSH - User 'nobody' on could not connect
2414[-] 151.106.38.107:22 - SSH - User 'oracle' on could not connect
2415[-] 151.106.38.107:22 - SSH - User 'owaspbwa' on could not connect
2416[-] 151.106.38.107:22 - SSH - User 'postfix' on could not connect
2417[-] 151.106.38.107:22 - SSH - User 'postgres' on could not connect
2418[-] 151.106.38.107:22 - SSH - User 'private' on could not connect
2419[-] 151.106.38.107:22 - SSH - User 'proftpd' on could not connect
2420[-] 151.106.38.107:22 - SSH - User 'public' on could not connect
2421[-] 151.106.38.107:22 - SSH - User 'root' on could not connect
2422[-] 151.106.38.107:22 - SSH - User 'superadmin' on could not connect
2423[-] 151.106.38.107:22 - SSH - User 'support' on could not connect
2424[-] 151.106.38.107:22 - SSH - User 'sys' on could not connect
2425[-] 151.106.38.107:22 - SSH - User 'system' on could not connect
2426[-] 151.106.38.107:22 - SSH - User 'systemadmin' on could not connect
2427[-] 151.106.38.107:22 - SSH - User 'systemadministrator' on could not connect
2428[-] 151.106.38.107:22 - SSH - User 'test' on could not connect
2429[-] 151.106.38.107:22 - SSH - User 'tomcat' on could not connect
2430[-] 151.106.38.107:22 - SSH - User 'user' on could not connect
2431[-] 151.106.38.107:22 - SSH - User 'webmaster' on could not connect
2432[-] 151.106.38.107:22 - SSH - User 'www-data' on could not connect
2433[-] 151.106.38.107:22 - SSH - User 'Fortimanager_Access' on could not connect
2434[*] Scanned 1 of 1 hosts (100% complete)
2435[*] Auxiliary module execution completed
2436#####################################################################################################################################
2437Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 12:15 EST
2438NSE: Loaded 55 scripts for scanning.
2439NSE: Script Pre-scanning.
2440Initiating NSE at 12:15
2441Completed NSE at 12:15, 0.00s elapsed
2442Initiating NSE at 12:15
2443Completed NSE at 12:15, 0.00s elapsed
2444Initiating Parallel DNS resolution of 1 host. at 12:15
2445Completed Parallel DNS resolution of 1 host. at 12:15, 0.02s elapsed
2446Initiating SYN Stealth Scan at 12:15
2447Scanning www.glofal.com (151.106.38.107) [1 port]
2448Completed SYN Stealth Scan at 12:15, 2.05s elapsed (1 total ports)
2449Initiating Service scan at 12:15
2450Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2451Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2452Initiating Traceroute at 12:16
2453Completed Traceroute at 12:16, 6.34s elapsed
2454Initiating Parallel DNS resolution of 10 hosts. at 12:16
2455Completed Parallel DNS resolution of 10 hosts. at 12:16, 0.21s elapsed
2456NSE: Script scanning 151.106.38.107.
2457Initiating NSE at 12:16
2458Completed NSE at 12:16, 0.00s elapsed
2459Initiating NSE at 12:16
2460Completed NSE at 12:16, 0.00s elapsed
2461Nmap scan report for www.glofal.com (151.106.38.107)
2462Host is up.
2463rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2464
2465PORT STATE SERVICE VERSION
246625/tcp filtered smtp
2467Too many fingerprints match this host to give specific OS details
2468
2469TRACEROUTE (using proto 1/icmp)
2470HOP RTT ADDRESS
24711 134.96 ms 10.203.28.1
24722 ...
24733 135.77 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
24744 135.97 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
24755 142.62 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
24766 152.62 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
24777 160.23 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
24788 160.64 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
24799 ...
248010 171.52 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
248111 182.46 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
248212 177.83 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
248313 ... 30
2484
2485NSE: Script Post-scanning.
2486Initiating NSE at 12:16
2487Completed NSE at 12:16, 0.00s elapsed
2488Initiating NSE at 12:16
2489Completed NSE at 12:16, 0.00s elapsed
2490######################################################################################################################################
2491Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 12:16 EST
2492NSE: Loaded 64 scripts for scanning.
2493NSE: Script Pre-scanning.
2494Initiating NSE at 12:16
2495Completed NSE at 12:16, 0.00s elapsed
2496Initiating NSE at 12:16
2497Completed NSE at 12:16, 0.00s elapsed
2498Initiating Parallel DNS resolution of 1 host. at 12:16
2499Completed Parallel DNS resolution of 1 host. at 12:16, 0.02s elapsed
2500Initiating SYN Stealth Scan at 12:16
2501Scanning www.glofal.com (151.106.38.107) [1 port]
2502Completed SYN Stealth Scan at 12:16, 2.04s elapsed (1 total ports)
2503Initiating Service scan at 12:16
2504Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2505Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2506Initiating Traceroute at 12:16
2507Completed Traceroute at 12:16, 6.34s elapsed
2508Initiating Parallel DNS resolution of 10 hosts. at 12:16
2509Completed Parallel DNS resolution of 10 hosts. at 12:16, 0.23s elapsed
2510NSE: Script scanning 151.106.38.107.
2511Initiating NSE at 12:16
2512Completed NSE at 12:16, 9.64s elapsed
2513Initiating NSE at 12:16
2514Completed NSE at 12:16, 0.00s elapsed
2515Nmap scan report for www.glofal.com (151.106.38.107)
2516Host is up.
2517rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2518
2519PORT STATE SERVICE VERSION
252053/tcp filtered domain
2521Too many fingerprints match this host to give specific OS details
2522
2523Host script results:
2524| dns-brute:
2525| DNS Brute-force hostnames:
2526| ns1.glofal.com - 151.106.38.107
2527| ns2.glofal.com - 151.106.38.107
2528| ns3.glofal.com - 151.106.38.107
2529| mail.glofal.com - 151.106.38.107
2530| www.glofal.com - 151.106.38.107
2531| ftp.glofal.com - 151.106.38.107
2532| sip.glofal.com - 52.112.65.203
2533|_ sip.glofal.com - 2603:1037::7:0:0:0:b
2534
2535TRACEROUTE (using proto 1/icmp)
2536HOP RTT ADDRESS
25371 135.35 ms 10.203.28.1
25382 ...
25393 136.15 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
25404 135.67 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
25415 141.39 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
25426 154.49 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
25437 160.66 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
25448 161.24 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
25459 ...
254610 171.96 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
254711 181.58 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
254812 176.76 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
254913 ... 30
2550
2551NSE: Script Post-scanning.
2552Initiating NSE at 12:16
2553Completed NSE at 12:16, 0.00s elapsed
2554Initiating NSE at 12:16
2555Completed NSE at 12:16, 0.00s elapsed
2556######################################################################################################################################
2557Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 12:20 EST
2558NSE: Loaded 161 scripts for scanning.
2559NSE: Script Pre-scanning.
2560Initiating NSE at 12:20
2561Completed NSE at 12:20, 0.00s elapsed
2562Initiating NSE at 12:20
2563Completed NSE at 12:20, 0.00s elapsed
2564Initiating Parallel DNS resolution of 1 host. at 12:20
2565Completed Parallel DNS resolution of 1 host. at 12:20, 0.02s elapsed
2566Initiating SYN Stealth Scan at 12:20
2567Scanning www.glofal.com (151.106.38.107) [1 port]
2568Completed SYN Stealth Scan at 12:20, 2.05s elapsed (1 total ports)
2569Initiating Service scan at 12:20
2570Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2571Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2572Initiating Traceroute at 12:20
2573Completed Traceroute at 12:20, 6.33s elapsed
2574Initiating Parallel DNS resolution of 10 hosts. at 12:20
2575Completed Parallel DNS resolution of 10 hosts. at 12:20, 0.34s elapsed
2576NSE: Script scanning 151.106.38.107.
2577Initiating NSE at 12:20
2578Completed NSE at 12:20, 0.39s elapsed
2579Initiating NSE at 12:20
2580Completed NSE at 12:20, 0.00s elapsed
2581Nmap scan report for www.glofal.com (151.106.38.107)
2582Host is up.
2583rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2584
2585PORT STATE SERVICE VERSION
258680/tcp filtered http
2587Too many fingerprints match this host to give specific OS details
2588
2589TRACEROUTE (using proto 1/icmp)
2590HOP RTT ADDRESS
25911 130.55 ms 10.203.28.1
25922 ...
25933 131.21 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
25944 131.03 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
25955 136.52 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
25966 148.06 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
25977 159.80 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
25988 159.82 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
25999 ...
260010 170.68 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
260111 180.95 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
260212 175.46 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
260313 ... 30
2604
2605NSE: Script Post-scanning.
2606Initiating NSE at 12:20
2607Completed NSE at 12:20, 0.00s elapsed
2608Initiating NSE at 12:20
2609Completed NSE at 12:20, 0.00s elapsed
2610#####################################################################################################################################
2611Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 12:34 EST
2612NSE: Loaded 161 scripts for scanning.
2613NSE: Script Pre-scanning.
2614Initiating NSE at 12:34
2615Completed NSE at 12:34, 0.00s elapsed
2616Initiating NSE at 12:34
2617Completed NSE at 12:34, 0.00s elapsed
2618Initiating Parallel DNS resolution of 1 host. at 12:34
2619Completed Parallel DNS resolution of 1 host. at 12:34, 0.02s elapsed
2620Initiating SYN Stealth Scan at 12:34
2621Scanning www.glofal.com (151.106.38.107) [1 port]
2622Completed SYN Stealth Scan at 12:34, 2.04s elapsed (1 total ports)
2623Initiating Service scan at 12:34
2624Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2625Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2626Initiating Traceroute at 12:34
2627Completed Traceroute at 12:35, 6.34s elapsed
2628Initiating Parallel DNS resolution of 10 hosts. at 12:35
2629Completed Parallel DNS resolution of 10 hosts. at 12:35, 0.27s elapsed
2630NSE: Script scanning 151.106.38.107.
2631Initiating NSE at 12:35
2632Completed NSE at 12:35, 0.33s elapsed
2633Initiating NSE at 12:35
2634Completed NSE at 12:35, 0.00s elapsed
2635Nmap scan report for www.glofal.com (151.106.38.107)
2636Host is up.
2637rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2638
2639PORT STATE SERVICE VERSION
2640443/tcp filtered https
2641Too many fingerprints match this host to give specific OS details
2642
2643TRACEROUTE (using proto 1/icmp)
2644HOP RTT ADDRESS
26451 135.63 ms 10.203.28.1
26462 ...
26473 137.05 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
26484 137.01 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
26495 141.64 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
26506 153.66 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
26517 160.50 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
26528 162.26 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
26539 ...
265410 172.16 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
265511 181.42 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
265612 176.60 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
265713 ... 30
2658
2659NSE: Script Post-scanning.
2660Initiating NSE at 12:35
2661Completed NSE at 12:35, 0.00s elapsed
2662Initiating NSE at 12:35
2663Completed NSE at 12:35, 0.00s elapsed
2664######################################################################################################################################
2665Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 12:50 EST
2666NSE: Loaded 57 scripts for scanning.
2667NSE: Script Pre-scanning.
2668Initiating NSE at 12:50
2669Completed NSE at 12:50, 0.00s elapsed
2670Initiating NSE at 12:50
2671Completed NSE at 12:50, 0.00s elapsed
2672Initiating Parallel DNS resolution of 1 host. at 12:50
2673Completed Parallel DNS resolution of 1 host. at 12:50, 0.02s elapsed
2674Initiating SYN Stealth Scan at 12:50
2675Scanning www.glofal.com (151.106.38.107) [1 port]
2676Completed SYN Stealth Scan at 12:50, 2.04s elapsed (1 total ports)
2677Initiating Service scan at 12:50
2678Initiating OS detection (try #1) against www.glofal.com (151.106.38.107)
2679Retrying OS detection (try #2) against www.glofal.com (151.106.38.107)
2680Initiating Traceroute at 12:50
2681Completed Traceroute at 12:50, 6.34s elapsed
2682Initiating Parallel DNS resolution of 10 hosts. at 12:50
2683Completed Parallel DNS resolution of 10 hosts. at 12:50, 0.22s elapsed
2684NSE: Script scanning 151.106.38.107.
2685Initiating NSE at 12:50
2686Completed NSE at 12:50, 0.00s elapsed
2687Initiating NSE at 12:50
2688Completed NSE at 12:50, 0.00s elapsed
2689Nmap scan report for www.glofal.com (151.106.38.107)
2690Host is up.
2691rDNS record for 151.106.38.107: ns3152160.ip-151-106-38.eu
2692
2693PORT STATE SERVICE VERSION
26943306/tcp filtered mysql
2695Too many fingerprints match this host to give specific OS details
2696
2697TRACEROUTE (using proto 1/icmp)
2698HOP RTT ADDRESS
26991 130.45 ms 10.203.28.1
27002 ...
27013 131.93 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
27024 131.89 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
27035 136.90 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
27046 148.28 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
27057 159.87 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
27068 159.94 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
27079 ...
270810 170.99 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
270911 180.38 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
271012 174.78 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
271113 ... 30
2712
2713NSE: Script Post-scanning.
2714Initiating NSE at 12:50
2715Completed NSE at 12:50, 0.00s elapsed
2716Initiating NSE at 12:50
2717Completed NSE at 12:50, 0.00s elapsed
2718######################################################################################################################################
2719Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:05 EST
2720Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
2721Host is up (0.18s latency).
2722Not shown: 461 closed ports, 1 filtered port
2723Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2724PORT STATE SERVICE VERSION
272521/tcp open ftp Pure-FTPd
2726| ssl-cert: Subject: commonName=hiram04.glofal.com
2727| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2728| Not valid before: 2019-10-01T00:00:00
2729|_Not valid after: 2020-09-30T23:59:59
2730|_ssl-date: TLS randomness does not represent time
273122/tcp open ssh OpenSSH 7.4 (protocol 2.0)
273225/tcp open smtp?
2733|_smtp-commands: Couldn't establish connection on port 25
273453/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
2735| dns-nsid:
2736|_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
273780/tcp open http Apache httpd
2738|_http-server-header: Apache
2739|_http-title: Site doesn't have a title (text/html).
2740110/tcp open pop3 Dovecot pop3d
2741|_pop3-capabilities: USER SASL(PLAIN LOGIN) STLS TOP AUTH-RESP-CODE PIPELINING UIDL CAPA RESP-CODES
2742| ssl-cert: Subject: commonName=hiram04.glofal.com
2743| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2744| Not valid before: 2019-10-01T00:00:00
2745|_Not valid after: 2020-09-30T23:59:59
2746111/tcp open rpcbind 2-4 (RPC #100000)
2747| rpcinfo:
2748| program version port/proto service
2749| 100000 2,3,4 111/tcp rpcbind
2750| 100000 2,3,4 111/udp rpcbind
2751| 100000 3,4 111/tcp6 rpcbind
2752|_ 100000 3,4 111/udp6 rpcbind
2753143/tcp open imap Dovecot imapd
2754|_imap-capabilities: LITERAL+ IMAP4rev1 IDLE post-login AUTH=PLAIN LOGIN-REFERRALS ID have NAMESPACE listed SASL-IR more ENABLE capabilities Pre-login OK AUTH=LOGINA0001 STARTTLS
2755| ssl-cert: Subject: commonName=hiram04.glofal.com
2756| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2757| Not valid before: 2019-10-01T00:00:00
2758|_Not valid after: 2020-09-30T23:59:59
2759443/tcp open ssl/http Apache httpd
2760|_http-server-header: Apache
2761|_http-title: Alabama: International Order of the Rainbow for Girls
2762| ssl-cert: Subject: commonName=hiram02.glofal.com
2763| Subject Alternative Name: DNS:hiram02.glofal.com, DNS:www.hiram02.glofal.com, DNS:alaoes.org, DNS:www.alyorkrite.org, DNS:www.myalor.org, DNS:www.alafreemasonry.org, DNS:dothanscottishrite.org, DNS:myalor.org, DNS:guytsmith883.org, DNS:emason.alafreemasonry.org, DNS:hiram02.alafreemasonry.org, DNS:www.alchip.org, DNS:glofal.com, DNS:alafreemasonry.org, DNS:alabamaiorg.org, DNS:www.glofal.com, DNS:dev.glofal.com, DNS:coosavalleylodge929.org, DNS:www.alabamaiorg.org, DNS:www.alaoes.org
2764| Not valid before: 2019-09-03T19:25:14
2765|_Not valid after: 2020-11-02T22:15:01
2766465/tcp open ssl/smtp Exim smtpd 4.92
2767| smtp-commands: hiram04.glofal.com Hello ns3152160.ip-151-106-38.eu [45.132.192.74], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
2768|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2769| ssl-cert: Subject: commonName=hiram04.glofal.com
2770| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2771| Not valid before: 2019-10-01T00:00:00
2772|_Not valid after: 2020-09-30T23:59:59
2773587/tcp open smtp Exim smtpd 4.92
2774| smtp-commands: hiram04.glofal.com Hello ns3152160.ip-151-106-38.eu [45.132.192.74], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
2775|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2776| ssl-cert: Subject: commonName=hiram04.glofal.com
2777| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2778| Not valid before: 2019-10-01T00:00:00
2779|_Not valid after: 2020-09-30T23:59:59
2780993/tcp open imaps?
2781|_imap-capabilities: LITERAL+ IMAP4rev1 IDLE post-login AUTH=PLAIN AUTH=LOGINA0001 ID have NAMESPACE listed SASL-IR more ENABLE capabilities Pre-login OK LOGIN-REFERRALS
2782| ssl-cert: Subject: commonName=hiram04.glofal.com
2783| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2784| Not valid before: 2019-10-01T00:00:00
2785|_Not valid after: 2020-09-30T23:59:59
2786995/tcp open pop3s?
2787|_pop3-capabilities: PIPELINING AUTH-RESP-CODE USER SASL(PLAIN LOGIN) RESP-CODES UIDL CAPA TOP
2788| ssl-cert: Subject: commonName=hiram04.glofal.com
2789| Subject Alternative Name: DNS:hiram04.glofal.com, DNS:www.hiram04.glofal.com
2790| Not valid before: 2019-10-01T00:00:00
2791|_Not valid after: 2020-09-30T23:59:59
27923306/tcp open mysql MySQL 5.7.29
2793| mysql-info:
2794| Protocol: 10
2795| Version: 5.7.29
2796| Thread ID: 468957
2797| Capabilities flags: 65535
2798| Some Capabilities: Speaks41ProtocolOld, Support41Auth, SupportsTransactions, SwitchToSSLAfterHandshake, IgnoreSigpipes, SupportsLoadDataLocal, ODBCClient, Speaks41ProtocolNew, IgnoreSpaceBeforeParenthesis, InteractiveClient, SupportsCompression, FoundRows, DontAllowDatabaseTableColumn, LongPassword, LongColumnFlag, ConnectWithDatabase, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
2799| Status: Autocommit
2800| Salt: \x1D#uSm8[/,VF=kE12wKrd
2801|_ Auth Plugin Name: mysql_native_password
2802Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Ubiquiti AirOS 5.5.9 (92%), Ubiquiti Pico Station WAP (AirOS 5.2.6) (92%), Linux 2.6.32 - 3.13 (92%), Linux 3.0 - 3.2 (92%), Linux 3.7 (91%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (91%), Linux 3.1 (91%)
2803No exact OS matches for host (test conditions non-ideal).
2804Network Distance: 17 hops
2805Service Info: Host: hiram04.glofal.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
2806
2807TRACEROUTE (using port 3306/tcp)
2808HOP RTT ADDRESS
28091 130.16 ms 10.203.24.1
28102 ...
28113 132.61 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
28124 132.57 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
28135 137.76 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
28146 150.05 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
28157 160.17 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
28168 164.05 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
28179 ...
281810 174.72 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
281911 180.89 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
282012 179.10 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
282113 ... 16
282217 174.76 ms ns3152160.ip-151-106-38.eu (151.106.38.107)
2823######################################################################################################################################
2824Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:09 EST
2825Warning: 151.106.38.107 giving up on port because retransmission cap hit (2).
2826Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
2827Host is up (0.18s latency).
2828Not shown: 21 closed ports
2829PORT STATE SERVICE VERSION
283053/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
283153/udp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
2832| dns-nsid:
2833|_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
283468/udp open|filtered dhcpc
2835139/udp open|filtered netbios-ssn
2836161/udp open|filtered snmp
2837162/udp open|filtered snmptrap
2838389/udp open|filtered ldap
2839Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (92%), Infomir MAG-250 set-top box (92%), Linux 3.7 (92%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (92%), Linux 2.6.32 - 3.13 (92%), Linux 3.3 (92%), Ubiquiti AirOS 5.5.9 (91%), Linux 3.1 (91%), Linux 3.2 (91%)
2840No exact OS matches for host (test conditions non-ideal).
2841Network Distance: 17 hops
2842Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
2843
2844TRACEROUTE (using port 53/tcp)
2845HOP RTT ADDRESS
28461 133.03 ms 10.203.24.1
28472 ...
28483 132.16 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
28494 131.81 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
28505 137.24 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
28516 147.01 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
28527 160.77 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
28538 159.93 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
28549 ...
285510 170.62 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
285611 180.65 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
285712 179.04 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
285813 ... 16
285917 177.91 ms ns3152160.ip-151-106-38.eu (151.106.38.107)
2860#########################################################################################################################################
2861Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:10 EST
2862Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
2863Host is up (0.18s latency).
2864
2865PORT STATE SERVICE VERSION
286621/tcp open ftp Pure-FTPd
2867| ftp-brute:
2868| Accounts: No valid accounts found
2869| Statistics: Performed 0 guesses in 1 seconds, average tps: 0.0
2870|_ ERROR: The service seems to have failed or is heavily firewalled...
2871Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2872Aggressive OS guesses: Linux 2.6.32 (95%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), HP P2000 G3 NAS device (93%), ASUS RT-N56U WAP (Linux 3.4) (92%), Linux 3.16 (92%), Linux 2.6.39 - 3.2 (92%), Infomir MAG-250 set-top box (92%), Linux 3.1 - 3.2 (92%)
2873No exact OS matches for host (test conditions non-ideal).
2874Network Distance: 17 hops
2875
2876TRACEROUTE (using port 21/tcp)
2877HOP RTT ADDRESS
28781 130.48 ms 10.203.24.1
28792 ...
28803 130.08 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
28814 130.34 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
28825 135.35 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
28836 147.34 ms be2842.rcr21.vno01.atlas.cogentco.com (130.117.51.161)
28847 158.56 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
28858 164.08 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
28869 ...
288710 174.08 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
288811 184.84 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
288912 183.27 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
289013 ... 16
289117 174.31 ms ns3152160.ip-151-106-38.eu (151.106.38.107)
2892#####################################################################################################################################
2893# general
2894(gen) banner: SSH-2.0-OpenSSH_7.4
2895(gen) software: OpenSSH 7.4
2896(gen) compatibility: OpenSSH 7.2+ (some functionality from 6.6), Dropbear SSH 2013.56+
2897(gen) compression: enabled (zlib@openssh.com)
2898
2899# key exchange algorithms
2900(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
2901 `- [info] available since OpenSSH 4.4
2902(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
2903 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2904(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2905 `- [warn] using weak hashing algorithm
2906 `- [info] available since OpenSSH 2.3.0
2907
2908# host-key algorithms
2909(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2910(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
2911(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
2912(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
2913
2914# encryption algorithms (ciphers)
2915(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
2916(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
2917(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2918(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2919
2920# message authentication code algorithms
2921(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
2922(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
2923(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
2924(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
2925 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2926(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
2927 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2928
2929# algorithm recommendations (for OpenSSH 7.4)
2930(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
2931(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
2932(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
2933(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append
2934(rec) +diffie-hellman-group14-sha256 -- kex algorithm to append
2935(rec) +curve25519-sha256@libssh.org -- kex algorithm to append
2936(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append
2937(rec) +chacha20-poly1305@openssh.com -- enc algorithm to append
2938(rec) +aes192-ctr -- enc algorithm to append
2939(rec) -hmac-sha2-512 -- mac algorithm to remove
2940(rec) -hmac-sha2-256 -- mac algorithm to remove
2941#####################################################################################################################################
2942Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:11 EST
2943NSE: [ssh-run] Failed to specify credentials and command to run.
2944NSE: [ssh-brute] Trying username/password pair: root:root
2945NSE: [ssh-brute] Trying username/password pair: admin:admin
2946NSE: [ssh-brute] Trying username/password pair: administrator:administrator
2947NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
2948NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
2949NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
2950NSE: [ssh-brute] Trying username/password pair: guest:guest
2951NSE: [ssh-brute] Trying username/password pair: user:user
2952NSE: [ssh-brute] Trying username/password pair: web:web
2953NSE: [ssh-brute] Trying username/password pair: test:test
2954NSE: [ssh-brute] Trying username/password pair: root:
2955NSE: [ssh-brute] Trying username/password pair: admin:
2956NSE: [ssh-brute] Trying username/password pair: administrator:
2957NSE: [ssh-brute] Trying username/password pair: webadmin:
2958NSE: [ssh-brute] Trying username/password pair: sysadmin:
2959NSE: [ssh-brute] Trying username/password pair: netadmin:
2960NSE: [ssh-brute] Trying username/password pair: guest:
2961NSE: [ssh-brute] Trying username/password pair: user:
2962NSE: [ssh-brute] Trying username/password pair: web:
2963NSE: [ssh-brute] Trying username/password pair: test:
2964NSE: [ssh-brute] Trying username/password pair: root:123456
2965NSE: [ssh-brute] Trying username/password pair: admin:123456
2966NSE: [ssh-brute] Trying username/password pair: administrator:123456
2967NSE: [ssh-brute] Trying username/password pair: webadmin:123456
2968NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
2969NSE: [ssh-brute] Trying username/password pair: netadmin:123456
2970NSE: [ssh-brute] Trying username/password pair: guest:123456
2971NSE: [ssh-brute] Trying username/password pair: user:123456
2972NSE: [ssh-brute] Trying username/password pair: web:123456
2973NSE: [ssh-brute] Trying username/password pair: test:123456
2974NSE: [ssh-brute] Trying username/password pair: root:12345
2975NSE: [ssh-brute] Trying username/password pair: admin:12345
2976NSE: [ssh-brute] Trying username/password pair: administrator:12345
2977NSE: [ssh-brute] Trying username/password pair: webadmin:12345
2978NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
2979NSE: [ssh-brute] Trying username/password pair: netadmin:12345
2980NSE: [ssh-brute] Trying username/password pair: guest:12345
2981NSE: [ssh-brute] Trying username/password pair: user:12345
2982NSE: [ssh-brute] Trying username/password pair: web:12345
2983NSE: [ssh-brute] Trying username/password pair: test:12345
2984NSE: [ssh-brute] Trying username/password pair: root:123456789
2985NSE: [ssh-brute] Trying username/password pair: admin:123456789
2986NSE: [ssh-brute] Trying username/password pair: administrator:123456789
2987Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
2988Host is up (0.18s latency).
2989
2990PORT STATE SERVICE VERSION
299122/tcp open ssh OpenSSH 7.4 (protocol 2.0)
2992| ssh-auth-methods:
2993| Supported authentication methods:
2994| publickey
2995| gssapi-keyex
2996| gssapi-with-mic
2997|_ password
2998| ssh-publickey-acceptance:
2999|_ Accepted Public Keys: No public keys accepted
3000|_ssh-run: Failed to specify credentials and command to run.
3001Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3002Aggressive OS guesses: Linux 2.6.32 (95%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), HP P2000 G3 NAS device (93%), ASUS RT-N56U WAP (Linux 3.4) (92%), Linux 3.16 (92%), Linux 2.6.39 - 3.2 (92%), Linux 3.1 - 3.2 (92%), Linux 3.2 - 4.9 (92%)
3003No exact OS matches for host (test conditions non-ideal).
3004Network Distance: 17 hops
3005
3006TRACEROUTE (using port 22/tcp)
3007HOP RTT ADDRESS
30081 133.79 ms 10.203.24.1
30092 ...
30103 134.49 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
30114 134.09 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
30125 135.85 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
30136 147.29 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
30147 159.02 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
30158 163.62 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
30169 ...
301710 174.04 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
301811 184.22 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
301912 182.03 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
302013 ... 16
302117 177.52 ms ns3152160.ip-151-106-38.eu (151.106.38.107)
3022####################################################################################################################################
3023Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:41 EST
3024Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
3025Host is up.
3026
3027PORT STATE SERVICE VERSION
302825/tcp filtered smtp
3029Too many fingerprints match this host to give specific OS details
3030
3031TRACEROUTE (using proto 1/icmp)
3032HOP RTT ADDRESS
30331 134.05 ms 10.203.24.1
30342 ...
30353 134.87 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
30364 134.64 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
30375 136.30 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
30386 148.69 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
30397 159.31 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
30408 165.31 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
30419 ...
304210 170.57 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
304311 179.93 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
304412 178.54 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
304513 ... 30
3046######################################################################################################################################
3047Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:42 EST
3048Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
3049Host is up.
3050
3051PORT STATE SERVICE VERSION
305253/tcp filtered domain
3053Too many fingerprints match this host to give specific OS details
3054
3055Host script results:
3056| dns-brute:
3057| DNS Brute-force hostnames:
3058| mail.ip-151-106-38.eu - 193.70.18.144
3059| www.ip-151-106-38.eu - 213.186.33.5
3060| ftp.ip-151-106-38.eu - 213.186.33.5
3061|_ smtp.ip-151-106-38.eu - 193.70.18.144
3062
3063TRACEROUTE (using proto 1/icmp)
3064HOP RTT ADDRESS
30651 133.24 ms 10.203.24.1
30662 ...
30673 134.07 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
30684 134.11 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
30695 139.29 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
30706 151.10 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
30717 162.32 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
30728 162.96 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
30739 ...
307410 169.40 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
307511 179.39 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
307612 177.76 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
307713 ... 30
3078######################################################################################################################################
3079Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:42 EST
3080Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
3081Host is up.
3082
3083PORT STATE SERVICE VERSION
308468/tcp filtered dhcpc
308568/udp open|filtered dhcpc
3086Too many fingerprints match this host to give specific OS details
3087
3088TRACEROUTE (using proto 1/icmp)
3089HOP RTT ADDRESS
30901 136.12 ms 10.203.24.1
30912 ...
30923 137.15 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
30934 136.76 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
30945 142.39 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
30956 153.76 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
30967 165.40 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
30978 165.62 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
30989 ...
309910 176.67 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
310011 180.10 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
310112 182.65 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
310213 ... 30
3103#####################################################################################################################################
3104Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:47 EST
3105Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
3106Host is up.
3107
3108PORT STATE SERVICE VERSION
3109110/tcp filtered pop3
3110Too many fingerprints match this host to give specific OS details
3111
3112TRACEROUTE (using proto 1/icmp)
3113HOP RTT ADDRESS
31141 133.64 ms 10.203.24.1
31152 ...
31163 134.05 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
31174 133.71 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
31185 139.08 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
31196 150.72 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
31207 162.26 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
31218 162.50 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
31229 ...
312310 173.41 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
312411 182.79 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
312512 180.94 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
312613 ... 30
3127######################################################################################################################################
3128Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 14:02 EST
3129Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
3130Host is up.
3131
3132PORT STATE SERVICE VERSION
31333306/tcp filtered mysql
3134Too many fingerprints match this host to give specific OS details
3135
3136TRACEROUTE (using proto 1/icmp)
3137HOP RTT ADDRESS
31381 130.04 ms 10.203.24.1
31392 ...
31403 130.85 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
31414 130.66 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
31425 136.65 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
31436 147.46 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
31447 159.16 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
31458 159.49 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
31469 ...
314710 169.72 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
314811 180.06 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
314912 178.63 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
315013 ... 30
3151#######################################################################################################################################
3152Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 14:18 EST
3153Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
3154Host is up.
3155
3156PORT STATE SERVICE VERSION
315753/tcp filtered domain
315867/tcp filtered dhcps
315968/tcp filtered dhcpc
316069/tcp filtered tftp
316188/tcp filtered kerberos-sec
3162123/tcp filtered ntp
3163137/tcp filtered netbios-ns
3164138/tcp filtered netbios-dgm
3165139/tcp filtered netbios-ssn
3166161/tcp filtered snmp
3167162/tcp filtered snmptrap
3168389/tcp filtered ldap
3169520/tcp filtered efs
31702049/tcp filtered nfs
317153/udp open|filtered domain
317267/udp open|filtered dhcps
317368/udp open|filtered dhcpc
317469/udp open|filtered tftp
317588/udp open|filtered kerberos-sec
3176123/udp open|filtered ntp
3177137/udp open|filtered netbios-ns
3178138/udp open|filtered netbios-dgm
3179139/udp open|filtered netbios-ssn
3180161/udp open|filtered snmp
3181162/udp open|filtered snmptrap
3182389/udp open|filtered ldap
3183520/udp open|filtered route
31842049/udp open|filtered nfs
3185Too many fingerprints match this host to give specific OS details
3186
3187TRACEROUTE (using proto 1/icmp)
3188HOP RTT ADDRESS
31891 134.92 ms 10.203.24.1
31902 ...
31913 136.55 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
31924 136.53 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
31935 141.51 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
31946 152.54 ms be2920.rcr21.vno01.atlas.cogentco.com (154.54.39.102)
31957 164.33 ms be2898.ccr21.waw01.atlas.cogentco.com (154.54.39.129)
31968 165.13 ms be2882.rcr21.b016833-0.waw01.atlas.cogentco.com (154.54.59.38)
31979 ...
319810 171.02 ms be103.waw-wa1-sbb1-nc5.pl.eu (91.121.215.193)
319911 181.06 ms fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
320012 179.17 ms be101.fra1-lim1-g2-nc5.de.eu (94.23.122.247)
320113 ... 30
3202######################################################################################################################################
3203
3204Hosts
3205=====
3206
3207address mac name os_name os_flavor os_sp purpose info comments
3208------- --- ---- ------- --------- ----- ------- ---- --------
320945.88.202.111 Linux 3.X server
321069.163.233.4 ps54052.dreamhostps.com Linux 14.04 server
321192.123.250.35 a92-123-250-35.deploy.static.akamaitechnologies.com embedded device
321292.123.250.65 a92-123-250-65.deploy.static.akamaitechnologies.com Linux 3.X server
3213149.126.72.220 149.126.72.220.ip.incapdns.net Linux 3.X server
3214151.106.38.107 ns3152160.ip-151-106-38.eu embedded device
3215169.239.218.20 cp10.domains.co.za Linux 2.6.X server
3216174.142.53.51 mail.marineland.ca Linux 3.X server
3217211.13.196.135 sv3.isle.ne.jp Linux 2.6.X server
3218218.45.5.97 www.town.koya.wakayama.jp Linux 2.6.X server
3219
3220Services
3221========
3222
3223host port proto name state info
3224---- ---- ----- ---- ----- ----
322545.88.202.111 22 tcp ssh open OpenSSH 7.9p1 Debian 10+deb10u1 protocol 2.0
322645.88.202.111 53 tcp domain open PowerDNS Authoritative Server 4.2.0-rc3
322745.88.202.111 53 udp domain open PowerDNS Authoritative Server 4.2.0-rc3
322845.88.202.111 67 tcp dhcps closed
322945.88.202.111 67 udp dhcps unknown
323045.88.202.111 68 tcp dhcpc closed
323145.88.202.111 68 udp dhcpc unknown
323245.88.202.111 69 tcp tftp closed
323345.88.202.111 69 udp tftp closed
323445.88.202.111 80 tcp http open nginx
323545.88.202.111 88 tcp kerberos-sec closed
323645.88.202.111 88 udp kerberos-sec unknown
323745.88.202.111 123 tcp ntp closed
323845.88.202.111 123 udp ntp closed
323945.88.202.111 137 tcp netbios-ns closed
324045.88.202.111 137 udp netbios-ns filtered
324145.88.202.111 138 tcp netbios-dgm closed
324245.88.202.111 138 udp netbios-dgm filtered
324345.88.202.111 139 tcp netbios-ssn closed
324445.88.202.111 139 udp netbios-ssn closed
324545.88.202.111 161 tcp snmp closed
324645.88.202.111 161 udp snmp closed
324745.88.202.111 162 tcp snmptrap closed
324845.88.202.111 162 udp snmptrap closed
324945.88.202.111 179 tcp bgp filtered
325045.88.202.111 389 tcp ldap closed
325145.88.202.111 389 udp ldap unknown
325245.88.202.111 443 tcp ssl/http open nginx
325345.88.202.111 520 tcp efs closed
325445.88.202.111 520 udp route unknown
325545.88.202.111 2049 tcp nfs closed
325645.88.202.111 2049 udp nfs closed
325745.88.202.111 10050 tcp tcpwrapped open
325869.163.233.4 21 tcp ftp open 220 DreamHost FTP Server\x0d\x0a
325969.163.233.4 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
326069.163.233.4 25 tcp open
326169.163.233.4 53 tcp domain closed
326269.163.233.4 53 udp domain unknown
326369.163.233.4 67 tcp dhcps closed
326469.163.233.4 67 udp dhcps closed
326569.163.233.4 68 tcp dhcpc closed
326669.163.233.4 68 udp dhcpc unknown
326769.163.233.4 69 tcp tftp closed
326869.163.233.4 69 udp tftp closed
326969.163.233.4 88 tcp kerberos-sec closed
327069.163.233.4 88 udp kerberos-sec unknown
327169.163.233.4 123 tcp ntp closed
327269.163.233.4 123 udp ntp unknown
327369.163.233.4 137 tcp netbios-ns closed
327469.163.233.4 137 udp netbios-ns closed
327569.163.233.4 138 tcp netbios-dgm closed
327669.163.233.4 138 udp netbios-dgm closed
327769.163.233.4 139 tcp netbios-ssn closed
327869.163.233.4 139 udp netbios-ssn unknown
327969.163.233.4 161 tcp snmp closed
328069.163.233.4 161 udp snmp closed
328169.163.233.4 162 tcp snmptrap closed
328269.163.233.4 162 udp snmptrap closed
328369.163.233.4 389 tcp ldap closed
328469.163.233.4 389 udp ldap unknown
328569.163.233.4 520 tcp efs closed
328669.163.233.4 520 udp route closed
328769.163.233.4 2049 tcp nfs closed
328869.163.233.4 2049 udp nfs unknown
328992.123.250.35 53 tcp domain closed
329092.123.250.35 53 udp domain closed
329192.123.250.35 67 tcp dhcps filtered
329292.123.250.35 67 udp dhcps unknown
329392.123.250.35 68 tcp dhcpc filtered
329492.123.250.35 68 udp dhcpc unknown
329592.123.250.35 69 tcp tftp filtered
329692.123.250.35 69 udp tftp unknown
329792.123.250.35 80 tcp http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
329892.123.250.35 88 tcp kerberos-sec filtered
329992.123.250.35 88 udp kerberos-sec unknown
330092.123.250.35 123 tcp ntp filtered
330192.123.250.35 123 udp ntp unknown
330292.123.250.35 137 tcp netbios-ns filtered
330392.123.250.35 137 udp netbios-ns unknown
330492.123.250.35 138 tcp netbios-dgm filtered
330592.123.250.35 138 udp netbios-dgm unknown
330692.123.250.35 139 tcp netbios-ssn filtered
330792.123.250.35 139 udp netbios-ssn unknown
330892.123.250.35 161 tcp snmp filtered
330992.123.250.35 161 udp snmp unknown
331092.123.250.35 162 tcp snmptrap filtered
331192.123.250.35 162 udp snmptrap unknown
331292.123.250.35 389 tcp ldap filtered
331392.123.250.35 389 udp ldap unknown
331492.123.250.35 443 tcp ssl/https open
331592.123.250.35 520 tcp efs filtered
331692.123.250.35 520 udp route unknown
331792.123.250.35 2049 tcp nfs filtered
331892.123.250.35 2049 udp nfs unknown
331992.123.250.35 8883 tcp secure-mqtt open
332092.123.250.65 53 tcp domain filtered
332192.123.250.65 53 udp domain unknown
332292.123.250.65 67 tcp dhcps filtered
332392.123.250.65 67 udp dhcps unknown
332492.123.250.65 68 tcp dhcpc filtered
332592.123.250.65 68 udp dhcpc unknown
332692.123.250.65 69 tcp tftp filtered
332792.123.250.65 69 udp tftp unknown
332892.123.250.65 80 tcp http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
332992.123.250.65 88 tcp kerberos-sec filtered
333092.123.250.65 88 udp kerberos-sec unknown
333192.123.250.65 123 tcp ntp filtered
333292.123.250.65 123 udp ntp unknown
333392.123.250.65 137 tcp netbios-ns filtered
333492.123.250.65 137 udp netbios-ns unknown
333592.123.250.65 138 tcp netbios-dgm filtered
333692.123.250.65 138 udp netbios-dgm unknown
333792.123.250.65 139 tcp netbios-ssn filtered
333892.123.250.65 139 udp netbios-ssn unknown
333992.123.250.65 161 tcp snmp filtered
334092.123.250.65 161 udp snmp unknown
334192.123.250.65 162 tcp snmptrap filtered
334292.123.250.65 162 udp snmptrap unknown
334392.123.250.65 389 tcp ldap filtered
334492.123.250.65 389 udp ldap unknown
334592.123.250.65 443 tcp ssl/https open
334692.123.250.65 520 tcp efs filtered
334792.123.250.65 520 udp route unknown
334892.123.250.65 2049 tcp nfs filtered
334992.123.250.65 2049 udp nfs unknown
335092.123.250.65 8883 tcp secure-mqtt open
3351149.126.72.220 25 tcp smtp closed
3352149.126.72.220 51 tcp tcpwrapped open
3353149.126.72.220 53 tcp domain open
3354149.126.72.220 53 udp domain open
3355149.126.72.220 65 tcp tcpwrapped open
3356149.126.72.220 66 tcp tcpwrapped open
3357149.126.72.220 67 tcp dhcps filtered
3358149.126.72.220 67 udp dhcps unknown
3359149.126.72.220 68 tcp dhcpc filtered
3360149.126.72.220 68 udp dhcpc unknown
3361149.126.72.220 69 tcp tftp filtered
3362149.126.72.220 69 udp tftp unknown
3363149.126.72.220 80 tcp tcpwrapped open
3364149.126.72.220 81 tcp tcpwrapped open
3365149.126.72.220 82 tcp tcpwrapped open
3366149.126.72.220 83 tcp tcpwrapped open
3367149.126.72.220 84 tcp tcpwrapped open
3368149.126.72.220 85 tcp tcpwrapped open
3369149.126.72.220 86 tcp tcpwrapped open
3370149.126.72.220 88 tcp http open Incapsula CDN httpd
3371149.126.72.220 88 udp kerberos-sec unknown
3372149.126.72.220 89 tcp tcpwrapped open
3373149.126.72.220 90 tcp tcpwrapped open
3374149.126.72.220 91 tcp tcpwrapped open
3375149.126.72.220 92 tcp tcpwrapped open
3376149.126.72.220 98 tcp tcpwrapped open
3377149.126.72.220 99 tcp tcpwrapped open
3378149.126.72.220 123 tcp ntp filtered
3379149.126.72.220 123 udp ntp unknown
3380149.126.72.220 137 tcp netbios-ns filtered
3381149.126.72.220 137 udp netbios-ns filtered
3382149.126.72.220 138 tcp netbios-dgm filtered
3383149.126.72.220 138 udp netbios-dgm filtered
3384149.126.72.220 139 tcp netbios-ssn closed
3385149.126.72.220 139 udp netbios-ssn unknown
3386149.126.72.220 160 tcp sgmp-traps closed
3387149.126.72.220 161 tcp snmp filtered
3388149.126.72.220 161 udp snmp unknown
3389149.126.72.220 162 tcp snmptrap filtered
3390149.126.72.220 162 udp snmptrap unknown
3391149.126.72.220 189 tcp tcpwrapped open
3392149.126.72.220 190 tcp tcpwrapped open
3393149.126.72.220 192 tcp tcpwrapped open
3394149.126.72.220 243 tcp tcpwrapped open
3395149.126.72.220 285 tcp tcpwrapped open
3396149.126.72.220 314 tcp tcpwrapped open
3397149.126.72.220 343 tcp tcpwrapped open
3398149.126.72.220 347 tcp tcpwrapped open
3399149.126.72.220 385 tcp tcpwrapped open
3400149.126.72.220 389 tcp ssl/http open Incapsula CDN httpd
3401149.126.72.220 389 udp ldap unknown
3402149.126.72.220 400 tcp tcpwrapped open
3403149.126.72.220 440 tcp tcpwrapped open
3404149.126.72.220 441 tcp tcpwrapped open
3405149.126.72.220 442 tcp tcpwrapped open
3406149.126.72.220 443 tcp ssl/tcpwrapped open
3407149.126.72.220 444 tcp tcpwrapped open
3408149.126.72.220 445 tcp microsoft-ds closed
3409149.126.72.220 446 tcp tcpwrapped open
3410149.126.72.220 447 tcp tcpwrapped open
3411149.126.72.220 448 tcp tcpwrapped open
3412149.126.72.220 449 tcp tcpwrapped open
3413149.126.72.220 452 tcp tcpwrapped open
3414149.126.72.220 461 tcp tcpwrapped open
3415149.126.72.220 462 tcp tcpwrapped open
3416149.126.72.220 480 tcp tcpwrapped open
3417149.126.72.220 485 tcp tcpwrapped open
3418149.126.72.220 487 tcp tcpwrapped open
3419149.126.72.220 488 tcp tcpwrapped open
3420149.126.72.220 491 tcp tcpwrapped open
3421149.126.72.220 520 tcp efs filtered
3422149.126.72.220 520 udp route unknown
3423149.126.72.220 555 tcp tcpwrapped open
3424149.126.72.220 556 tcp tcpwrapped open
3425149.126.72.220 587 tcp tcpwrapped open
3426149.126.72.220 631 tcp tcpwrapped open
3427149.126.72.220 632 tcp tcpwrapped open
3428149.126.72.220 636 tcp tcpwrapped open
3429149.126.72.220 743 tcp tcpwrapped open
3430149.126.72.220 772 tcp tcpwrapped open
3431149.126.72.220 777 tcp tcpwrapped open
3432149.126.72.220 782 tcp tcpwrapped open
3433149.126.72.220 785 tcp tcpwrapped open
3434149.126.72.220 800 tcp tcpwrapped open
3435149.126.72.220 801 tcp tcpwrapped open
3436149.126.72.220 805 tcp tcpwrapped open
3437149.126.72.220 806 tcp tcpwrapped open
3438149.126.72.220 809 tcp tcpwrapped open
3439149.126.72.220 843 tcp tcpwrapped open
3440149.126.72.220 853 tcp tcpwrapped open
3441149.126.72.220 885 tcp tcpwrapped open
3442149.126.72.220 886 tcp tcpwrapped open
3443149.126.72.220 887 tcp tcpwrapped open
3444149.126.72.220 888 tcp tcpwrapped open
3445149.126.72.220 943 tcp tcpwrapped open
3446149.126.72.220 947 tcp tcpwrapped open
3447149.126.72.220 953 tcp tcpwrapped open
3448149.126.72.220 990 tcp tcpwrapped open
3449149.126.72.220 995 tcp tcpwrapped open
3450149.126.72.220 998 tcp tcpwrapped open
3451149.126.72.220 999 tcp tcpwrapped open
3452149.126.72.220 1000 tcp tcpwrapped open
3453149.126.72.220 1002 tcp tcpwrapped open
3454149.126.72.220 1024 tcp tcpwrapped open
3455149.126.72.220 1025 tcp tcpwrapped open
3456149.126.72.220 1028 tcp tcpwrapped open
3457149.126.72.220 1080 tcp tcpwrapped open
3458149.126.72.220 1103 tcp tcpwrapped open
3459149.126.72.220 1111 tcp tcpwrapped open
3460149.126.72.220 1180 tcp tcpwrapped open
3461149.126.72.220 1181 tcp tcpwrapped open
3462149.126.72.220 1207 tcp tcpwrapped open
3463149.126.72.220 1234 tcp tcpwrapped open
3464149.126.72.220 1250 tcp tcpwrapped open
3465149.126.72.220 1283 tcp tcpwrapped open
3466149.126.72.220 1291 tcp tcpwrapped open
3467149.126.72.220 1292 tcp tcpwrapped open
3468149.126.72.220 1293 tcp tcpwrapped open
3469149.126.72.220 1337 tcp tcpwrapped open
3470149.126.72.220 1344 tcp tcpwrapped open
3471149.126.72.220 1355 tcp tcpwrapped open
3472149.126.72.220 1364 tcp tcpwrapped open
3473149.126.72.220 1366 tcp tcpwrapped open
3474149.126.72.220 1377 tcp tcpwrapped open
3475149.126.72.220 1387 tcp tcpwrapped open
3476149.126.72.220 1388 tcp tcpwrapped open
3477149.126.72.220 1433 tcp tcpwrapped open
3478149.126.72.220 1443 tcp tcpwrapped open
3479149.126.72.220 1447 tcp tcpwrapped open
3480149.126.72.220 1450 tcp tcpwrapped open
3481149.126.72.220 1451 tcp tcpwrapped open
3482149.126.72.220 1452 tcp tcpwrapped open
3483149.126.72.220 1453 tcp tcpwrapped open
3484149.126.72.220 1454 tcp tcpwrapped open
3485149.126.72.220 1455 tcp tcpwrapped open
3486149.126.72.220 1456 tcp tcpwrapped open
3487149.126.72.220 1457 tcp tcpwrapped open
3488149.126.72.220 1458 tcp tcpwrapped open
3489149.126.72.220 1459 tcp tcpwrapped open
3490149.126.72.220 1460 tcp tcpwrapped open
3491149.126.72.220 1494 tcp tcpwrapped open
3492149.126.72.220 1935 tcp tcpwrapped open
3493149.126.72.220 1950 tcp tcpwrapped open
3494149.126.72.220 1951 tcp tcpwrapped open
3495149.126.72.220 1952 tcp tcpwrapped open
3496149.126.72.220 1953 tcp tcpwrapped open
3497149.126.72.220 1954 tcp tcpwrapped open
3498149.126.72.220 1955 tcp tcpwrapped open
3499149.126.72.220 1956 tcp tcpwrapped open
3500149.126.72.220 1957 tcp tcpwrapped open
3501149.126.72.220 1958 tcp tcpwrapped open
3502149.126.72.220 1959 tcp tcpwrapped open
3503149.126.72.220 1960 tcp tcpwrapped open
3504149.126.72.220 1964 tcp tcpwrapped open
3505149.126.72.220 1965 tcp tcpwrapped open
3506149.126.72.220 1966 tcp tcpwrapped open
3507149.126.72.220 1967 tcp tcpwrapped open
3508149.126.72.220 1968 tcp tcpwrapped open
3509149.126.72.220 1969 tcp tcpwrapped open
3510149.126.72.220 1970 tcp tcpwrapped open
3511149.126.72.220 1971 tcp tcpwrapped open
3512149.126.72.220 1972 tcp tcpwrapped open
3513149.126.72.220 1973 tcp tcpwrapped open
3514149.126.72.220 1974 tcp tcpwrapped open
3515149.126.72.220 1975 tcp tcpwrapped open
3516149.126.72.220 1976 tcp tcpwrapped open
3517149.126.72.220 1977 tcp tcpwrapped open
3518149.126.72.220 1978 tcp tcpwrapped open
3519149.126.72.220 1979 tcp tcpwrapped open
3520149.126.72.220 1980 tcp tcpwrapped open
3521149.126.72.220 1981 tcp tcpwrapped open
3522149.126.72.220 1982 tcp tcpwrapped open
3523149.126.72.220 1983 tcp tcpwrapped open
3524149.126.72.220 1984 tcp tcpwrapped open
3525149.126.72.220 1985 tcp tcpwrapped open
3526149.126.72.220 1986 tcp tcpwrapped open
3527149.126.72.220 1987 tcp tcpwrapped open
3528149.126.72.220 1988 tcp tcpwrapped open
3529149.126.72.220 1989 tcp tcpwrapped open
3530149.126.72.220 2000 tcp tcpwrapped open
3531149.126.72.220 2001 tcp tcpwrapped open
3532149.126.72.220 2006 tcp tcpwrapped open
3533149.126.72.220 2012 tcp tcpwrapped open
3534149.126.72.220 2020 tcp tcpwrapped open
3535149.126.72.220 2048 tcp tcpwrapped open
3536149.126.72.220 2049 tcp http open Incapsula CDN httpd
3537149.126.72.220 2049 udp nfs unknown
3538149.126.72.220 2050 tcp tcpwrapped open
3539149.126.72.220 2051 tcp tcpwrapped open
3540149.126.72.220 2052 tcp tcpwrapped open
3541149.126.72.220 2053 tcp tcpwrapped open
3542149.126.72.220 2054 tcp tcpwrapped open
3543149.126.72.220 2055 tcp tcpwrapped open
3544149.126.72.220 2056 tcp tcpwrapped open
3545149.126.72.220 2057 tcp tcpwrapped open
3546149.126.72.220 2058 tcp tcpwrapped open
3547149.126.72.220 2059 tcp tcpwrapped open
3548149.126.72.220 2060 tcp tcpwrapped open
3549149.126.72.220 2061 tcp tcpwrapped open
3550149.126.72.220 2062 tcp tcpwrapped open
3551149.126.72.220 2063 tcp tcpwrapped open
3552149.126.72.220 2064 tcp tcpwrapped open
3553149.126.72.220 2065 tcp tcpwrapped open
3554149.126.72.220 2066 tcp tcpwrapped open
3555149.126.72.220 2067 tcp tcpwrapped open
3556149.126.72.220 2068 tcp tcpwrapped open
3557149.126.72.220 2069 tcp tcpwrapped open
3558149.126.72.220 2070 tcp tcpwrapped open
3559149.126.72.220 2072 tcp tcpwrapped open
3560149.126.72.220 2082 tcp tcpwrapped open
3561149.126.72.220 2083 tcp tcpwrapped open
3562149.126.72.220 2087 tcp tcpwrapped open
3563149.126.72.220 2096 tcp tcpwrapped open
3564149.126.72.220 2100 tcp tcpwrapped open
3565149.126.72.220 2108 tcp tcpwrapped open
3566149.126.72.220 2200 tcp tcpwrapped open
3567149.126.72.220 2209 tcp tcpwrapped open
3568149.126.72.220 2222 tcp tcpwrapped open
3569149.126.72.220 2226 tcp tcpwrapped open
3570149.126.72.220 2248 tcp tcpwrapped open
3571149.126.72.220 2344 tcp tcpwrapped open
3572149.126.72.220 2345 tcp tcpwrapped open
3573149.126.72.220 2353 tcp tcpwrapped open
3574149.126.72.220 2363 tcp tcpwrapped open
3575149.126.72.220 2423 tcp tcpwrapped open
3576149.126.72.220 2433 tcp tcpwrapped open
3577149.126.72.220 2435 tcp tcpwrapped open
3578149.126.72.220 2443 tcp tcpwrapped open
3579149.126.72.220 2453 tcp tcpwrapped open
3580149.126.72.220 2480 tcp tcpwrapped open
3581149.126.72.220 2548 tcp tcpwrapped open
3582149.126.72.220 2549 tcp tcpwrapped open
3583149.126.72.220 2550 tcp tcpwrapped open
3584149.126.72.220 2551 tcp tcpwrapped open
3585149.126.72.220 2552 tcp tcpwrapped open
3586149.126.72.220 2553 tcp tcpwrapped open
3587149.126.72.220 2554 tcp tcpwrapped open
3588149.126.72.220 2555 tcp tcpwrapped open
3589149.126.72.220 2556 tcp tcpwrapped open
3590149.126.72.220 2557 tcp tcpwrapped open
3591149.126.72.220 2558 tcp tcpwrapped open
3592149.126.72.220 2559 tcp tcpwrapped open
3593149.126.72.220 2560 tcp tcpwrapped open
3594149.126.72.220 2561 tcp tcpwrapped open
3595149.126.72.220 2562 tcp tcpwrapped open
3596149.126.72.220 2563 tcp tcpwrapped open
3597149.126.72.220 2566 tcp tcpwrapped open
3598149.126.72.220 2567 tcp tcpwrapped open
3599149.126.72.220 2568 tcp tcpwrapped open
3600149.126.72.220 2569 tcp tcpwrapped open
3601149.126.72.220 2570 tcp tcpwrapped open
3602149.126.72.220 2572 tcp tcpwrapped open
3603149.126.72.220 2598 tcp tcpwrapped open
3604149.126.72.220 2599 tcp tcpwrapped open
3605149.126.72.220 2850 tcp tcpwrapped open
3606149.126.72.220 2985 tcp tcpwrapped open
3607149.126.72.220 2995 tcp tcpwrapped open
3608149.126.72.220 3000 tcp tcpwrapped open
3609149.126.72.220 3001 tcp tcpwrapped open
3610149.126.72.220 3002 tcp tcpwrapped open
3611149.126.72.220 3003 tcp tcpwrapped open
3612149.126.72.220 3004 tcp tcpwrapped open
3613149.126.72.220 3005 tcp tcpwrapped open
3614149.126.72.220 3006 tcp tcpwrapped open
3615149.126.72.220 3007 tcp tcpwrapped open
3616149.126.72.220 3008 tcp tcpwrapped open
3617149.126.72.220 3009 tcp tcpwrapped open
3618149.126.72.220 3010 tcp tcpwrapped open
3619149.126.72.220 3011 tcp tcpwrapped open
3620149.126.72.220 3012 tcp tcpwrapped open
3621149.126.72.220 3013 tcp tcpwrapped open
3622149.126.72.220 3014 tcp tcpwrapped open
3623149.126.72.220 3015 tcp tcpwrapped open
3624149.126.72.220 3016 tcp tcpwrapped open
3625149.126.72.220 3017 tcp tcpwrapped open
3626149.126.72.220 3018 tcp tcpwrapped open
3627149.126.72.220 3019 tcp tcpwrapped open
3628149.126.72.220 3020 tcp tcpwrapped open
3629149.126.72.220 3021 tcp tcpwrapped open
3630149.126.72.220 3022 tcp tcpwrapped open
3631149.126.72.220 3030 tcp tcpwrapped open
3632149.126.72.220 3047 tcp tcpwrapped open
3633149.126.72.220 3048 tcp tcpwrapped open
3634149.126.72.220 3049 tcp tcpwrapped open
3635149.126.72.220 3050 tcp tcpwrapped open
3636149.126.72.220 3051 tcp tcpwrapped open
3637149.126.72.220 3052 tcp tcpwrapped open
3638149.126.72.220 3053 tcp tcpwrapped open
3639149.126.72.220 3054 tcp tcpwrapped open
3640149.126.72.220 3055 tcp tcpwrapped open
3641149.126.72.220 3056 tcp tcpwrapped open
3642149.126.72.220 3057 tcp tcpwrapped open
3643149.126.72.220 3058 tcp tcpwrapped open
3644149.126.72.220 3059 tcp tcpwrapped open
3645149.126.72.220 3060 tcp tcpwrapped open
3646149.126.72.220 3061 tcp tcpwrapped open
3647149.126.72.220 3062 tcp tcpwrapped open
3648149.126.72.220 3063 tcp tcpwrapped open
3649149.126.72.220 3064 tcp tcpwrapped open
3650149.126.72.220 3065 tcp tcpwrapped open
3651149.126.72.220 3066 tcp tcpwrapped open
3652149.126.72.220 3067 tcp tcpwrapped open
3653149.126.72.220 3068 tcp tcpwrapped open
3654149.126.72.220 3069 tcp tcpwrapped open
3655149.126.72.220 3070 tcp tcpwrapped open
3656149.126.72.220 3071 tcp tcpwrapped open
3657149.126.72.220 3072 tcp tcpwrapped open
3658149.126.72.220 3073 tcp tcpwrapped open
3659149.126.72.220 3074 tcp tcpwrapped open
3660149.126.72.220 3075 tcp tcpwrapped open
3661149.126.72.220 3076 tcp tcpwrapped open
3662149.126.72.220 3077 tcp tcpwrapped open
3663149.126.72.220 3078 tcp tcpwrapped open
3664149.126.72.220 3079 tcp tcpwrapped open
3665149.126.72.220 3080 tcp tcpwrapped open
3666149.126.72.220 3081 tcp tcpwrapped open
3667149.126.72.220 3082 tcp tcpwrapped open
3668149.126.72.220 3083 tcp tcpwrapped open
3669149.126.72.220 3084 tcp tcpwrapped open
3670149.126.72.220 3085 tcp tcpwrapped open
3671149.126.72.220 3086 tcp tcpwrapped open
3672149.126.72.220 3087 tcp tcpwrapped open
3673149.126.72.220 3088 tcp tcpwrapped open
3674149.126.72.220 3089 tcp tcpwrapped open
3675149.126.72.220 3090 tcp tcpwrapped open
3676149.126.72.220 3091 tcp tcpwrapped open
3677149.126.72.220 3092 tcp tcpwrapped open
3678149.126.72.220 3093 tcp tcpwrapped open
3679149.126.72.220 3094 tcp tcpwrapped open
3680149.126.72.220 3095 tcp tcpwrapped open
3681149.126.72.220 3096 tcp tcpwrapped open
3682149.126.72.220 3097 tcp tcpwrapped open
3683149.126.72.220 3098 tcp tcpwrapped open
3684149.126.72.220 3099 tcp tcpwrapped open
3685149.126.72.220 3100 tcp tcpwrapped open
3686149.126.72.220 3101 tcp tcpwrapped open
3687149.126.72.220 3102 tcp tcpwrapped open
3688149.126.72.220 3103 tcp tcpwrapped open
3689149.126.72.220 3104 tcp tcpwrapped open
3690149.126.72.220 3105 tcp tcpwrapped open
3691149.126.72.220 3106 tcp tcpwrapped open
3692149.126.72.220 3107 tcp tcpwrapped open
3693149.126.72.220 3108 tcp tcpwrapped open
3694149.126.72.220 3109 tcp tcpwrapped open
3695149.126.72.220 3110 tcp tcpwrapped open
3696149.126.72.220 3111 tcp tcpwrapped open
3697149.126.72.220 3112 tcp tcpwrapped open
3698149.126.72.220 3113 tcp tcpwrapped open
3699149.126.72.220 3114 tcp tcpwrapped open
3700149.126.72.220 3115 tcp tcpwrapped open
3701149.126.72.220 3116 tcp tcpwrapped open
3702149.126.72.220 3117 tcp tcpwrapped open
3703149.126.72.220 3118 tcp tcpwrapped open
3704149.126.72.220 3119 tcp tcpwrapped open
3705149.126.72.220 3120 tcp tcpwrapped open
3706149.126.72.220 3121 tcp tcpwrapped open
3707149.126.72.220 3150 tcp tcpwrapped open
3708149.126.72.220 3155 tcp tcpwrapped open
3709149.126.72.220 3160 tcp tcpwrapped open
3710149.126.72.220 3165 tcp tcpwrapped open
3711149.126.72.220 3270 tcp tcpwrapped open
3712149.126.72.220 3299 tcp tcpwrapped open
3713149.126.72.220 3306 tcp tcpwrapped open
3714149.126.72.220 3333 tcp tcpwrapped open
3715149.126.72.220 3389 tcp tcpwrapped open
3716149.126.72.220 3391 tcp tcpwrapped open
3717149.126.72.220 3400 tcp tcpwrapped open
3718149.126.72.220 3401 tcp tcpwrapped open
3719149.126.72.220 3402 tcp tcpwrapped open
3720149.126.72.220 3403 tcp tcpwrapped open
3721149.126.72.220 3404 tcp tcpwrapped open
3722149.126.72.220 3405 tcp tcpwrapped open
3723149.126.72.220 3406 tcp tcpwrapped open
3724149.126.72.220 3407 tcp tcpwrapped open
3725149.126.72.220 3408 tcp tcpwrapped open
3726149.126.72.220 3409 tcp tcpwrapped open
3727149.126.72.220 3410 tcp tcpwrapped open
3728149.126.72.220 3412 tcp tcpwrapped open
3729149.126.72.220 3443 tcp tcpwrapped open
3730149.126.72.220 3500 tcp tcpwrapped open
3731149.126.72.220 3510 tcp tcpwrapped open
3732149.126.72.220 3521 tcp tcpwrapped open
3733149.126.72.220 3522 tcp tcpwrapped open
3734149.126.72.220 3523 tcp tcpwrapped open
3735149.126.72.220 3524 tcp tcpwrapped open
3736149.126.72.220 3530 tcp tcpwrapped open
3737149.126.72.220 3531 tcp tcpwrapped open
3738149.126.72.220 3540 tcp tcpwrapped open
3739149.126.72.220 3548 tcp tcpwrapped open
3740149.126.72.220 3549 tcp tcpwrapped open
3741149.126.72.220 3550 tcp tcpwrapped open
3742149.126.72.220 3551 tcp tcpwrapped open
3743149.126.72.220 3552 tcp tcpwrapped open
3744149.126.72.220 3553 tcp tcpwrapped open
3745149.126.72.220 3554 tcp tcpwrapped open
3746149.126.72.220 3555 tcp tcpwrapped open
3747149.126.72.220 3556 tcp tcpwrapped open
3748149.126.72.220 3557 tcp tcpwrapped open
3749149.126.72.220 3558 tcp tcpwrapped open
3750149.126.72.220 3559 tcp tcpwrapped open
3751149.126.72.220 3560 tcp tcpwrapped open
3752149.126.72.220 3561 tcp tcpwrapped open
3753149.126.72.220 3562 tcp tcpwrapped open
3754149.126.72.220 3563 tcp tcpwrapped open
3755149.126.72.220 3566 tcp tcpwrapped open
3756149.126.72.220 3567 tcp tcpwrapped open
3757149.126.72.220 3568 tcp tcpwrapped open
3758149.126.72.220 3569 tcp tcpwrapped open
3759149.126.72.220 3570 tcp tcpwrapped open
3760149.126.72.220 3572 tcp tcpwrapped open
3761149.126.72.220 3580 tcp tcpwrapped open
3762149.126.72.220 3590 tcp tcpwrapped open
3763149.126.72.220 3790 tcp tcpwrapped open
3764149.126.72.220 3791 tcp tcpwrapped open
3765149.126.72.220 3792 tcp tcpwrapped open
3766149.126.72.220 3793 tcp tcpwrapped open
3767149.126.72.220 3794 tcp tcpwrapped open
3768149.126.72.220 3838 tcp tcpwrapped open
3769149.126.72.220 3841 tcp tcpwrapped open
3770149.126.72.220 3842 tcp tcpwrapped open
3771149.126.72.220 3950 tcp tcpwrapped open
3772149.126.72.220 3951 tcp tcpwrapped open
3773149.126.72.220 3952 tcp tcpwrapped open
3774149.126.72.220 3953 tcp tcpwrapped open
3775149.126.72.220 3954 tcp adrep open
3776149.126.72.220 4000 tcp tcpwrapped open
3777149.126.72.220 4001 tcp newoak open
3778149.126.72.220 4002 tcp mlchat-proxy open
3779149.126.72.220 4021 tcp nexus-portal open
3780149.126.72.220 4022 tcp dnox open
3781149.126.72.220 4023 tcp esnm-zoning open
3782149.126.72.220 4043 tcp nirp open
3783149.126.72.220 4072 tcp zieto-sock open
3784149.126.72.220 4080 tcp lorica-in open
3785149.126.72.220 4085 tcp ezmessagesrv open
3786149.126.72.220 4120 tcp minirem open
3787149.126.72.220 4147 tcp vrxpservman open
3788149.126.72.220 4148 tcp hhb-handheld open
3789149.126.72.220 4150 tcp poweralert-nsa open
3790149.126.72.220 4155 tcp bzr open
3791149.126.72.220 4160 tcp jini-discovery open
3792149.126.72.220 4165 tcp altcp open
3793149.126.72.220 4172 tcp pcoip open
3794149.126.72.220 4243 tcp vrml-multi-use open
3795149.126.72.220 4244 tcp vrml-multi-use open
3796149.126.72.220 4250 tcp vrml-multi-use open
3797149.126.72.220 4300 tcp corelccam open
3798149.126.72.220 4333 tcp msql open
3799149.126.72.220 4343 tcp unicall open
3800149.126.72.220 4344 tcp vinainstall open
3801149.126.72.220 4400 tcp ds-srv open
3802149.126.72.220 4401 tcp tcpwrapped open
3803149.126.72.220 4402 tcp tcpwrapped open
3804149.126.72.220 4430 tcp tcpwrapped open
3805149.126.72.220 4431 tcp tcpwrapped open
3806149.126.72.220 4432 tcp tcpwrapped open
3807149.126.72.220 4434 tcp tcpwrapped open
3808149.126.72.220 4435 tcp tcpwrapped open
3809149.126.72.220 4436 tcp tcpwrapped open
3810149.126.72.220 4437 tcp tcpwrapped open
3811149.126.72.220 4439 tcp tcpwrapped open
3812149.126.72.220 4440 tcp tcpwrapped open
3813149.126.72.220 4443 tcp tcpwrapped open
3814149.126.72.220 4444 tcp tcpwrapped open
3815149.126.72.220 4445 tcp tcpwrapped open
3816149.126.72.220 4451 tcp tcpwrapped open
3817149.126.72.220 4455 tcp tcpwrapped open
3818149.126.72.220 4457 tcp tcpwrapped open
3819149.126.72.220 4459 tcp tcpwrapped open
3820149.126.72.220 4461 tcp tcpwrapped open
3821149.126.72.220 4463 tcp tcpwrapped open
3822149.126.72.220 4477 tcp tcpwrapped open
3823149.126.72.220 4482 tcp tcpwrapped open
3824149.126.72.220 4500 tcp tcpwrapped open
3825149.126.72.220 4502 tcp tcpwrapped open
3826149.126.72.220 4505 tcp tcpwrapped open
3827149.126.72.220 4572 tcp tcpwrapped open
3828149.126.72.220 4602 tcp tcpwrapped open
3829149.126.72.220 4620 tcp tcpwrapped open
3830149.126.72.220 4643 tcp tcpwrapped open
3831149.126.72.220 4848 tcp tcpwrapped open
3832149.126.72.220 4933 tcp tcpwrapped open
3833149.126.72.220 4993 tcp tcpwrapped open
3834149.126.72.220 5000 tcp tcpwrapped open
3835149.126.72.220 5001 tcp tcpwrapped open
3836149.126.72.220 5002 tcp tcpwrapped open
3837149.126.72.220 5003 tcp tcpwrapped open
3838149.126.72.220 5004 tcp tcpwrapped open
3839149.126.72.220 5005 tcp tcpwrapped open
3840149.126.72.220 5006 tcp tcpwrapped open
3841149.126.72.220 5007 tcp tcpwrapped open
3842149.126.72.220 5008 tcp tcpwrapped open
3843149.126.72.220 5009 tcp tcpwrapped open
3844149.126.72.220 5010 tcp tcpwrapped open
3845149.126.72.220 5011 tcp tcpwrapped open
3846149.126.72.220 5022 tcp tcpwrapped open
3847149.126.72.220 5050 tcp tcpwrapped open
3848149.126.72.220 5053 tcp tcpwrapped open
3849149.126.72.220 5060 tcp tcpwrapped open
3850149.126.72.220 5061 tcp tcpwrapped open
3851149.126.72.220 5080 tcp tcpwrapped open
3852149.126.72.220 5083 tcp tcpwrapped open
3853149.126.72.220 5089 tcp tcpwrapped open
3854149.126.72.220 5090 tcp tcpwrapped open
3855149.126.72.220 5100 tcp tcpwrapped open
3856149.126.72.220 5105 tcp tcpwrapped open
3857149.126.72.220 5119 tcp tcpwrapped open
3858149.126.72.220 5120 tcp tcpwrapped open
3859149.126.72.220 5130 tcp tcpwrapped open
3860149.126.72.220 5140 tcp tcpwrapped open
3861149.126.72.220 5150 tcp tcpwrapped open
3862149.126.72.220 5160 tcp tcpwrapped open
3863149.126.72.220 5180 tcp tcpwrapped open
3864149.126.72.220 5201 tcp tcpwrapped open
3865149.126.72.220 5222 tcp tcpwrapped open
3866149.126.72.220 5223 tcp tcpwrapped open
3867149.126.72.220 5224 tcp tcpwrapped open
3868149.126.72.220 5225 tcp tcpwrapped open
3869149.126.72.220 5226 tcp tcpwrapped open
3870149.126.72.220 5227 tcp tcpwrapped open
3871149.126.72.220 5228 tcp tcpwrapped open
3872149.126.72.220 5229 tcp tcpwrapped open
3873149.126.72.220 5230 tcp tcpwrapped open
3874149.126.72.220 5231 tcp tcpwrapped open
3875149.126.72.220 5232 tcp tcpwrapped open
3876149.126.72.220 5233 tcp tcpwrapped open
3877149.126.72.220 5234 tcp tcpwrapped open
3878149.126.72.220 5235 tcp tcpwrapped open
3879149.126.72.220 5236 tcp tcpwrapped open
3880149.126.72.220 5237 tcp tcpwrapped open
3881149.126.72.220 5238 tcp tcpwrapped open
3882149.126.72.220 5239 tcp tcpwrapped open
3883149.126.72.220 5240 tcp tcpwrapped open
3884149.126.72.220 5241 tcp tcpwrapped open
3885149.126.72.220 5242 tcp tcpwrapped open
3886149.126.72.220 5243 tcp tcpwrapped open
3887149.126.72.220 5244 tcp tcpwrapped open
3888149.126.72.220 5245 tcp tcpwrapped open
3889149.126.72.220 5246 tcp tcpwrapped open
3890149.126.72.220 5247 tcp tcpwrapped open
3891149.126.72.220 5248 tcp tcpwrapped open
3892149.126.72.220 5249 tcp tcpwrapped open
3893149.126.72.220 5250 tcp tcpwrapped open
3894149.126.72.220 5251 tcp tcpwrapped open
3895149.126.72.220 5252 tcp tcpwrapped open
3896149.126.72.220 5253 tcp tcpwrapped open
3897149.126.72.220 5254 tcp tcpwrapped open
3898149.126.72.220 5255 tcp tcpwrapped open
3899149.126.72.220 5256 tcp tcpwrapped open
3900149.126.72.220 5257 tcp tcpwrapped open
3901149.126.72.220 5258 tcp tcpwrapped open
3902149.126.72.220 5259 tcp tcpwrapped open
3903149.126.72.220 5260 tcp tcpwrapped open
3904149.126.72.220 5261 tcp tcpwrapped open
3905149.126.72.220 5262 tcp tcpwrapped open
3906149.126.72.220 5263 tcp tcpwrapped open
3907149.126.72.220 5264 tcp tcpwrapped open
3908149.126.72.220 5265 tcp tcpwrapped open
3909149.126.72.220 5266 tcp tcpwrapped open
3910149.126.72.220 5267 tcp tcpwrapped open
3911149.126.72.220 5268 tcp tcpwrapped open
3912149.126.72.220 5269 tcp tcpwrapped open
3913149.126.72.220 5270 tcp tcpwrapped open
3914149.126.72.220 5271 tcp tcpwrapped open
3915149.126.72.220 5272 tcp tcpwrapped open
3916149.126.72.220 5273 tcp tcpwrapped open
3917149.126.72.220 5274 tcp tcpwrapped open
3918149.126.72.220 5275 tcp tcpwrapped open
3919149.126.72.220 5276 tcp tcpwrapped open
3920149.126.72.220 5277 tcp tcpwrapped open
3921149.126.72.220 5278 tcp tcpwrapped open
3922149.126.72.220 5279 tcp tcpwrapped open
3923149.126.72.220 5280 tcp tcpwrapped open
3924149.126.72.220 5440 tcp tcpwrapped open
3925149.126.72.220 5443 tcp tcpwrapped open
3926149.126.72.220 5456 tcp tcpwrapped open
3927149.126.72.220 5494 tcp tcpwrapped open
3928149.126.72.220 5495 tcp tcpwrapped open
3929149.126.72.220 5500 tcp tcpwrapped open
3930149.126.72.220 5503 tcp tcpwrapped open
3931149.126.72.220 5552 tcp tcpwrapped open
3932149.126.72.220 5555 tcp tcpwrapped open
3933149.126.72.220 5556 tcp tcpwrapped open
3934149.126.72.220 5557 tcp tcpwrapped open
3935149.126.72.220 5567 tcp tcpwrapped open
3936149.126.72.220 5568 tcp tcpwrapped open
3937149.126.72.220 5569 tcp tcpwrapped open
3938149.126.72.220 5590 tcp tcpwrapped open
3939149.126.72.220 5591 tcp tcpwrapped open
3940149.126.72.220 5592 tcp tcpwrapped open
3941149.126.72.220 5593 tcp tcpwrapped open
3942149.126.72.220 5594 tcp tcpwrapped open
3943149.126.72.220 5595 tcp tcpwrapped open
3944149.126.72.220 5596 tcp tcpwrapped open
3945149.126.72.220 5597 tcp tcpwrapped open
3946149.126.72.220 5598 tcp tcpwrapped open
3947149.126.72.220 5599 tcp tcpwrapped open
3948149.126.72.220 5600 tcp tcpwrapped open
3949149.126.72.220 5601 tcp tcpwrapped open
3950149.126.72.220 5602 tcp tcpwrapped open
3951149.126.72.220 5603 tcp tcpwrapped open
3952149.126.72.220 5604 tcp tcpwrapped open
3953149.126.72.220 5605 tcp tcpwrapped open
3954149.126.72.220 5606 tcp tcpwrapped open
3955149.126.72.220 5607 tcp tcpwrapped open
3956149.126.72.220 5608 tcp tcpwrapped open
3957149.126.72.220 5609 tcp tcpwrapped open
3958149.126.72.220 5613 tcp tcpwrapped open
3959149.126.72.220 5614 tcp tcpwrapped open
3960149.126.72.220 5620 tcp tcpwrapped open
3961149.126.72.220 5630 tcp tcpwrapped open
3962149.126.72.220 5640 tcp tcpwrapped open
3963149.126.72.220 5650 tcp tcpwrapped open
3964149.126.72.220 5660 tcp tcpwrapped open
3965149.126.72.220 5671 tcp tcpwrapped open
3966149.126.72.220 5672 tcp tcpwrapped open
3967149.126.72.220 5673 tcp tcpwrapped open
3968149.126.72.220 5680 tcp tcpwrapped open
3969149.126.72.220 5696 tcp tcpwrapped open
3970149.126.72.220 5698 tcp tcpwrapped open
3971149.126.72.220 5701 tcp tcpwrapped open
3972149.126.72.220 5721 tcp tcpwrapped open
3973149.126.72.220 5900 tcp tcpwrapped open
3974149.126.72.220 5901 tcp tcpwrapped open
3975149.126.72.220 5902 tcp tcpwrapped open
3976149.126.72.220 5903 tcp tcpwrapped open
3977149.126.72.220 5904 tcp tcpwrapped open
3978149.126.72.220 5905 tcp tcpwrapped open
3979149.126.72.220 5906 tcp tcpwrapped open
3980149.126.72.220 5907 tcp tcpwrapped open
3981149.126.72.220 5908 tcp tcpwrapped open
3982149.126.72.220 5909 tcp tcpwrapped open
3983149.126.72.220 5910 tcp tcpwrapped open
3984149.126.72.220 5911 tcp tcpwrapped open
3985149.126.72.220 5912 tcp tcpwrapped open
3986149.126.72.220 5913 tcp tcpwrapped open
3987149.126.72.220 5914 tcp tcpwrapped open
3988149.126.72.220 5915 tcp tcpwrapped open
3989149.126.72.220 5916 tcp tcpwrapped open
3990149.126.72.220 5917 tcp tcpwrapped open
3991149.126.72.220 5918 tcp tcpwrapped open
3992149.126.72.220 5919 tcp tcpwrapped open
3993149.126.72.220 5920 tcp tcpwrapped open
3994149.126.72.220 5984 tcp tcpwrapped open
3995149.126.72.220 5985 tcp tcpwrapped open
3996149.126.72.220 5986 tcp tcpwrapped open
3997149.126.72.220 5987 tcp tcpwrapped open
3998149.126.72.220 5988 tcp tcpwrapped open
3999149.126.72.220 5989 tcp tcpwrapped open
4000149.126.72.220 5990 tcp tcpwrapped open
4001149.126.72.220 5991 tcp tcpwrapped open
4002149.126.72.220 5992 tcp tcpwrapped open
4003149.126.72.220 5993 tcp tcpwrapped open
4004149.126.72.220 5994 tcp tcpwrapped open
4005149.126.72.220 5995 tcp tcpwrapped open
4006149.126.72.220 5996 tcp tcpwrapped open
4007149.126.72.220 5997 tcp tcpwrapped open
4008149.126.72.220 5998 tcp tcpwrapped open
4009149.126.72.220 5999 tcp tcpwrapped open
4010149.126.72.220 6000 tcp tcpwrapped open
4011149.126.72.220 6001 tcp tcpwrapped open
4012149.126.72.220 6002 tcp tcpwrapped open
4013149.126.72.220 6003 tcp tcpwrapped open
4014149.126.72.220 6004 tcp tcpwrapped open
4015149.126.72.220 6005 tcp tcpwrapped open
4016149.126.72.220 6006 tcp tcpwrapped open
4017149.126.72.220 6007 tcp tcpwrapped open
4018149.126.72.220 6008 tcp tcpwrapped open
4019149.126.72.220 6009 tcp tcpwrapped open
4020149.126.72.220 6010 tcp tcpwrapped open
4021149.126.72.220 6011 tcp tcpwrapped open
4022149.126.72.220 6021 tcp tcpwrapped open
4023149.126.72.220 6060 tcp tcpwrapped open
4024149.126.72.220 6061 tcp tcpwrapped open
4025149.126.72.220 6081 tcp tcpwrapped open
4026149.126.72.220 6100 tcp tcpwrapped open
4027149.126.72.220 6102 tcp tcpwrapped open
4028149.126.72.220 6134 tcp tcpwrapped open
4029149.126.72.220 6161 tcp tcpwrapped open
4030149.126.72.220 6331 tcp tcpwrapped open
4031149.126.72.220 6348 tcp tcpwrapped open
4032149.126.72.220 6379 tcp tcpwrapped open
4033149.126.72.220 6380 tcp tcpwrapped open
4034149.126.72.220 6433 tcp tcpwrapped open
4035149.126.72.220 6440 tcp tcpwrapped open
4036149.126.72.220 6443 tcp tcpwrapped open
4037149.126.72.220 6488 tcp tcpwrapped open
4038149.126.72.220 6500 tcp tcpwrapped open
4039149.126.72.220 6505 tcp tcpwrapped open
4040149.126.72.220 6510 tcp tcpwrapped open
4041149.126.72.220 6511 tcp tcpwrapped open
4042149.126.72.220 6512 tcp tcpwrapped open
4043149.126.72.220 6514 tcp tcpwrapped open
4044149.126.72.220 6543 tcp tcpwrapped open
4045149.126.72.220 6544 tcp tcpwrapped open
4046149.126.72.220 6560 tcp tcpwrapped open
4047149.126.72.220 6561 tcp tcpwrapped open
4048149.126.72.220 6565 tcp tcpwrapped open
4049149.126.72.220 6580 tcp tcpwrapped open
4050149.126.72.220 6581 tcp tcpwrapped open
4051149.126.72.220 6590 tcp tcpwrapped open
4052149.126.72.220 6601 tcp tcpwrapped open
4053149.126.72.220 6603 tcp tcpwrapped open
4054149.126.72.220 6605 tcp tcpwrapped open
4055149.126.72.220 6661 tcp tcpwrapped open
4056149.126.72.220 6662 tcp tcpwrapped open
4057149.126.72.220 6666 tcp tcpwrapped open
4058149.126.72.220 6686 tcp tcpwrapped open
4059149.126.72.220 6688 tcp tcpwrapped open
4060149.126.72.220 6700 tcp tcpwrapped open
4061149.126.72.220 6755 tcp tcpwrapped open
4062149.126.72.220 6775 tcp tcpwrapped open
4063149.126.72.220 6779 tcp tcpwrapped open
4064149.126.72.220 6789 tcp tcpwrapped open
4065149.126.72.220 6799 tcp tcpwrapped open
4066149.126.72.220 7000 tcp tcpwrapped open
4067149.126.72.220 7001 tcp tcpwrapped open
4068149.126.72.220 7002 tcp tcpwrapped open
4069149.126.72.220 7003 tcp tcpwrapped open
4070149.126.72.220 7004 tcp tcpwrapped open
4071149.126.72.220 7005 tcp tcpwrapped open
4072149.126.72.220 7007 tcp tcpwrapped open
4073149.126.72.220 7010 tcp tcpwrapped open
4074149.126.72.220 7011 tcp tcpwrapped open
4075149.126.72.220 7021 tcp tcpwrapped open
4076149.126.72.220 7070 tcp tcpwrapped open
4077149.126.72.220 7071 tcp tcpwrapped open
4078149.126.72.220 7079 tcp tcpwrapped open
4079149.126.72.220 7080 tcp tcpwrapped open
4080149.126.72.220 7081 tcp tcpwrapped open
4081149.126.72.220 7082 tcp tcpwrapped open
4082149.126.72.220 7083 tcp tcpwrapped open
4083149.126.72.220 7084 tcp tcpwrapped open
4084149.126.72.220 7085 tcp tcpwrapped open
4085149.126.72.220 7086 tcp tcpwrapped open
4086149.126.72.220 7087 tcp tcpwrapped open
4087149.126.72.220 7088 tcp tcpwrapped open
4088149.126.72.220 7090 tcp tcpwrapped open
4089149.126.72.220 7171 tcp tcpwrapped open
4090149.126.72.220 7172 tcp tcpwrapped open
4091149.126.72.220 7272 tcp tcpwrapped open
4092149.126.72.220 7348 tcp tcpwrapped open
4093149.126.72.220 7403 tcp tcpwrapped open
4094149.126.72.220 7433 tcp tcpwrapped open
4095149.126.72.220 7441 tcp tcpwrapped open
4096149.126.72.220 7443 tcp tcpwrapped open
4097149.126.72.220 7444 tcp tcpwrapped open
4098149.126.72.220 7445 tcp tcpwrapped open
4099149.126.72.220 7473 tcp tcpwrapped open
4100149.126.72.220 7500 tcp tcpwrapped open
4101149.126.72.220 7537 tcp tcpwrapped open
4102149.126.72.220 7687 tcp tcpwrapped open
4103149.126.72.220 7700 tcp tcpwrapped open
4104149.126.72.220 7771 tcp tcpwrapped open
4105149.126.72.220 7773 tcp tcpwrapped open
4106149.126.72.220 7774 tcp tcpwrapped open
4107149.126.72.220 7775 tcp tcpwrapped open
4108149.126.72.220 7776 tcp tcpwrapped open
4109149.126.72.220 7777 tcp tcpwrapped open
4110149.126.72.220 7778 tcp tcpwrapped open
4111149.126.72.220 7779 tcp tcpwrapped open
4112149.126.72.220 7788 tcp tcpwrapped open
4113149.126.72.220 7799 tcp tcpwrapped open
4114149.126.72.220 7998 tcp tcpwrapped open
4115149.126.72.220 7999 tcp tcpwrapped open
4116149.126.72.220 8000 tcp tcpwrapped open
4117149.126.72.220 8001 tcp tcpwrapped open
4118149.126.72.220 8002 tcp tcpwrapped open
4119149.126.72.220 8003 tcp tcpwrapped open
4120149.126.72.220 8004 tcp tcpwrapped open
4121149.126.72.220 8005 tcp tcpwrapped open
4122149.126.72.220 8006 tcp tcpwrapped open
4123149.126.72.220 8007 tcp tcpwrapped open
4124149.126.72.220 8008 tcp tcpwrapped open
4125149.126.72.220 8009 tcp tcpwrapped open
4126149.126.72.220 8010 tcp tcpwrapped open
4127149.126.72.220 8011 tcp tcpwrapped open
4128149.126.72.220 8012 tcp tcpwrapped open
4129149.126.72.220 8013 tcp tcpwrapped open
4130149.126.72.220 8014 tcp tcpwrapped open
4131149.126.72.220 8015 tcp tcpwrapped open
4132149.126.72.220 8016 tcp tcpwrapped open
4133149.126.72.220 8017 tcp tcpwrapped open
4134149.126.72.220 8018 tcp tcpwrapped open
4135149.126.72.220 8019 tcp tcpwrapped open
4136149.126.72.220 8020 tcp tcpwrapped open
4137149.126.72.220 8021 tcp tcpwrapped open
4138149.126.72.220 8022 tcp tcpwrapped open
4139149.126.72.220 8023 tcp tcpwrapped open
4140149.126.72.220 8024 tcp tcpwrapped open
4141149.126.72.220 8025 tcp tcpwrapped open
4142149.126.72.220 8026 tcp tcpwrapped open
4143149.126.72.220 8027 tcp tcpwrapped open
4144149.126.72.220 8028 tcp tcpwrapped open
4145149.126.72.220 8029 tcp tcpwrapped open
4146149.126.72.220 8030 tcp tcpwrapped open
4147149.126.72.220 8031 tcp tcpwrapped open
4148149.126.72.220 8032 tcp tcpwrapped open
4149149.126.72.220 8033 tcp tcpwrapped open
4150149.126.72.220 8034 tcp tcpwrapped open
4151149.126.72.220 8035 tcp tcpwrapped open
4152149.126.72.220 8036 tcp tcpwrapped open
4153149.126.72.220 8037 tcp tcpwrapped open
4154149.126.72.220 8038 tcp tcpwrapped open
4155149.126.72.220 8039 tcp tcpwrapped open
4156149.126.72.220 8040 tcp tcpwrapped open
4157149.126.72.220 8041 tcp tcpwrapped open
4158149.126.72.220 8042 tcp tcpwrapped open
4159149.126.72.220 8043 tcp tcpwrapped open
4160149.126.72.220 8044 tcp tcpwrapped open
4161149.126.72.220 8045 tcp tcpwrapped open
4162149.126.72.220 8046 tcp tcpwrapped open
4163149.126.72.220 8047 tcp tcpwrapped open
4164149.126.72.220 8048 tcp tcpwrapped open
4165149.126.72.220 8049 tcp tcpwrapped open
4166149.126.72.220 8050 tcp tcpwrapped open
4167149.126.72.220 8051 tcp tcpwrapped open
4168149.126.72.220 8052 tcp tcpwrapped open
4169149.126.72.220 8053 tcp tcpwrapped open
4170149.126.72.220 8054 tcp tcpwrapped open
4171149.126.72.220 8055 tcp tcpwrapped open
4172149.126.72.220 8056 tcp tcpwrapped open
4173149.126.72.220 8057 tcp tcpwrapped open
4174149.126.72.220 8058 tcp tcpwrapped open
4175149.126.72.220 8060 tcp tcpwrapped open
4176149.126.72.220 8064 tcp tcpwrapped open
4177149.126.72.220 8065 tcp tcpwrapped open
4178149.126.72.220 8069 tcp tcpwrapped open
4179149.126.72.220 8070 tcp tcpwrapped open
4180149.126.72.220 8071 tcp tcpwrapped open
4181149.126.72.220 8072 tcp tcpwrapped open
4182149.126.72.220 8074 tcp tcpwrapped open
4183149.126.72.220 8079 tcp tcpwrapped open
4184149.126.72.220 8080 tcp tcpwrapped open
4185149.126.72.220 8081 tcp tcpwrapped open
4186149.126.72.220 8082 tcp tcpwrapped open
4187149.126.72.220 8083 tcp tcpwrapped open
4188149.126.72.220 8084 tcp tcpwrapped open
4189149.126.72.220 8085 tcp tcpwrapped open
4190149.126.72.220 8086 tcp tcpwrapped open
4191149.126.72.220 8087 tcp tcpwrapped open
4192149.126.72.220 8088 tcp tcpwrapped open
4193149.126.72.220 8089 tcp tcpwrapped open
4194149.126.72.220 8090 tcp tcpwrapped open
4195149.126.72.220 8091 tcp tcpwrapped open
4196149.126.72.220 8092 tcp tcpwrapped open
4197149.126.72.220 8093 tcp tcpwrapped open
4198149.126.72.220 8094 tcp tcpwrapped open
4199149.126.72.220 8095 tcp tcpwrapped open
4200149.126.72.220 8096 tcp tcpwrapped open
4201149.126.72.220 8097 tcp tcpwrapped open
4202149.126.72.220 8098 tcp tcpwrapped open
4203149.126.72.220 8099 tcp tcpwrapped open
4204149.126.72.220 8100 tcp tcpwrapped open
4205149.126.72.220 8101 tcp tcpwrapped open
4206149.126.72.220 8102 tcp tcpwrapped open
4207149.126.72.220 8103 tcp tcpwrapped open
4208149.126.72.220 8104 tcp tcpwrapped open
4209149.126.72.220 8105 tcp tcpwrapped open
4210149.126.72.220 8106 tcp tcpwrapped open
4211149.126.72.220 8107 tcp tcpwrapped open
4212149.126.72.220 8108 tcp tcpwrapped open
4213149.126.72.220 8109 tcp tcpwrapped open
4214149.126.72.220 8110 tcp tcpwrapped open
4215149.126.72.220 8113 tcp tcpwrapped open
4216149.126.72.220 8114 tcp tcpwrapped open
4217149.126.72.220 8115 tcp tcpwrapped open
4218149.126.72.220 8118 tcp tcpwrapped open
4219149.126.72.220 8119 tcp tcpwrapped open
4220149.126.72.220 8120 tcp tcpwrapped open
4221149.126.72.220 8121 tcp tcpwrapped open
4222149.126.72.220 8123 tcp tcpwrapped open
4223149.126.72.220 8125 tcp tcpwrapped open
4224149.126.72.220 8126 tcp tcpwrapped open
4225149.126.72.220 8128 tcp tcpwrapped open
4226149.126.72.220 8129 tcp tcpwrapped open
4227149.126.72.220 8130 tcp tcpwrapped open
4228149.126.72.220 8131 tcp tcpwrapped open
4229149.126.72.220 8132 tcp tcpwrapped open
4230149.126.72.220 8133 tcp tcpwrapped open
4231149.126.72.220 8136 tcp tcpwrapped open
4232149.126.72.220 8140 tcp tcpwrapped open
4233149.126.72.220 8142 tcp tcpwrapped open
4234149.126.72.220 8143 tcp tcpwrapped open
4235149.126.72.220 8144 tcp tcpwrapped open
4236149.126.72.220 8147 tcp tcpwrapped open
4237149.126.72.220 8148 tcp tcpwrapped open
4238149.126.72.220 8149 tcp tcpwrapped open
4239149.126.72.220 8150 tcp tcpwrapped open
4240149.126.72.220 8154 tcp tcpwrapped open
4241149.126.72.220 8156 tcp tcpwrapped open
4242149.126.72.220 8157 tcp tcpwrapped open
4243149.126.72.220 8158 tcp tcpwrapped open
4244149.126.72.220 8160 tcp tcpwrapped open
4245149.126.72.220 8161 tcp tcpwrapped open
4246149.126.72.220 8162 tcp tcpwrapped open
4247149.126.72.220 8163 tcp tcpwrapped open
4248149.126.72.220 8164 tcp tcpwrapped open
4249149.126.72.220 8165 tcp tcpwrapped open
4250149.126.72.220 8166 tcp tcpwrapped open
4251149.126.72.220 8167 tcp tcpwrapped open
4252149.126.72.220 8168 tcp tcpwrapped open
4253149.126.72.220 8169 tcp tcpwrapped open
4254149.126.72.220 8170 tcp tcpwrapped open
4255149.126.72.220 8171 tcp tcpwrapped open
4256149.126.72.220 8172 tcp tcpwrapped open
4257149.126.72.220 8173 tcp tcpwrapped open
4258149.126.72.220 8175 tcp tcpwrapped open
4259149.126.72.220 8176 tcp tcpwrapped open
4260149.126.72.220 8178 tcp tcpwrapped open
4261149.126.72.220 8179 tcp tcpwrapped open
4262149.126.72.220 8180 tcp tcpwrapped open
4263149.126.72.220 8181 tcp tcpwrapped open
4264149.126.72.220 8182 tcp tcpwrapped open
4265149.126.72.220 8183 tcp tcpwrapped open
4266149.126.72.220 8184 tcp tcpwrapped open
4267149.126.72.220 8185 tcp tcpwrapped open
4268149.126.72.220 8186 tcp tcpwrapped open
4269149.126.72.220 8187 tcp tcpwrapped open
4270149.126.72.220 8188 tcp tcpwrapped open
4271149.126.72.220 8189 tcp tcpwrapped open
4272149.126.72.220 8190 tcp tcpwrapped open
4273149.126.72.220 8191 tcp tcpwrapped open
4274149.126.72.220 8192 tcp tcpwrapped open
4275149.126.72.220 8193 tcp tcpwrapped open
4276149.126.72.220 8194 tcp tcpwrapped open
4277149.126.72.220 8195 tcp tcpwrapped open
4278149.126.72.220 8198 tcp tcpwrapped open
4279149.126.72.220 8199 tcp tcpwrapped open
4280149.126.72.220 8200 tcp tcpwrapped open
4281149.126.72.220 8203 tcp tcpwrapped open
4282149.126.72.220 8222 tcp tcpwrapped open
4283149.126.72.220 8230 tcp tcpwrapped open
4284149.126.72.220 8236 tcp tcpwrapped open
4285149.126.72.220 8237 tcp tcpwrapped open
4286149.126.72.220 8238 tcp tcpwrapped open
4287149.126.72.220 8239 tcp tcpwrapped open
4288149.126.72.220 8241 tcp tcpwrapped open
4289149.126.72.220 8243 tcp tcpwrapped open
4290149.126.72.220 8248 tcp tcpwrapped open
4291149.126.72.220 8249 tcp tcpwrapped open
4292149.126.72.220 8250 tcp tcpwrapped open
4293149.126.72.220 8251 tcp tcpwrapped open
4294149.126.72.220 8252 tcp tcpwrapped open
4295149.126.72.220 8280 tcp tcpwrapped open
4296149.126.72.220 8282 tcp tcpwrapped open
4297149.126.72.220 8333 tcp tcpwrapped open
4298149.126.72.220 8340 tcp tcpwrapped open
4299149.126.72.220 8343 tcp tcpwrapped open
4300149.126.72.220 8350 tcp tcpwrapped open
4301149.126.72.220 8381 tcp tcpwrapped open
4302149.126.72.220 8382 tcp tcpwrapped open
4303149.126.72.220 8383 tcp tcpwrapped open
4304149.126.72.220 8384 tcp tcpwrapped open
4305149.126.72.220 8385 tcp tcpwrapped open
4306149.126.72.220 8388 tcp tcpwrapped open
4307149.126.72.220 8393 tcp tcpwrapped open
4308149.126.72.220 8401 tcp tcpwrapped open
4309149.126.72.220 8402 tcp tcpwrapped open
4310149.126.72.220 8403 tcp tcpwrapped open
4311149.126.72.220 8404 tcp tcpwrapped open
4312149.126.72.220 8405 tcp tcpwrapped open
4313149.126.72.220 8406 tcp tcpwrapped open
4314149.126.72.220 8407 tcp tcpwrapped open
4315149.126.72.220 8408 tcp tcpwrapped open
4316149.126.72.220 8409 tcp tcpwrapped open
4317149.126.72.220 8410 tcp tcpwrapped open
4318149.126.72.220 8411 tcp tcpwrapped open
4319149.126.72.220 8412 tcp tcpwrapped open
4320149.126.72.220 8413 tcp tcpwrapped open
4321149.126.72.220 8414 tcp tcpwrapped open
4322149.126.72.220 8415 tcp tcpwrapped open
4323149.126.72.220 8416 tcp tcpwrapped open
4324149.126.72.220 8417 tcp tcpwrapped open
4325149.126.72.220 8418 tcp tcpwrapped open
4326149.126.72.220 8419 tcp tcpwrapped open
4327149.126.72.220 8420 tcp tcpwrapped open
4328149.126.72.220 8421 tcp tcpwrapped open
4329149.126.72.220 8422 tcp tcpwrapped open
4330149.126.72.220 8423 tcp tcpwrapped open
4331149.126.72.220 8424 tcp tcpwrapped open
4332149.126.72.220 8425 tcp tcpwrapped open
4333149.126.72.220 8426 tcp tcpwrapped open
4334149.126.72.220 8427 tcp tcpwrapped open
4335149.126.72.220 8428 tcp tcpwrapped open
4336149.126.72.220 8429 tcp tcpwrapped open
4337149.126.72.220 8430 tcp tcpwrapped open
4338149.126.72.220 8431 tcp tcpwrapped open
4339149.126.72.220 8432 tcp tcpwrapped open
4340149.126.72.220 8433 tcp tcpwrapped open
4341149.126.72.220 8435 tcp tcpwrapped open
4342149.126.72.220 8440 tcp tcpwrapped open
4343149.126.72.220 8441 tcp tcpwrapped open
4344149.126.72.220 8442 tcp tcpwrapped open
4345149.126.72.220 8443 tcp tcpwrapped open
4346149.126.72.220 8444 tcp tcpwrapped open
4347149.126.72.220 8445 tcp tcpwrapped open
4348149.126.72.220 8446 tcp tcpwrapped open
4349149.126.72.220 8447 tcp tcpwrapped open
4350149.126.72.220 8448 tcp tcpwrapped open
4351149.126.72.220 8449 tcp tcpwrapped open
4352149.126.72.220 8450 tcp tcpwrapped open
4353149.126.72.220 8451 tcp tcpwrapped open
4354149.126.72.220 8452 tcp tcpwrapped open
4355149.126.72.220 8453 tcp tcpwrapped open
4356149.126.72.220 8454 tcp tcpwrapped open
4357149.126.72.220 8455 tcp tcpwrapped open
4358149.126.72.220 8456 tcp tcpwrapped open
4359149.126.72.220 8457 tcp tcpwrapped open
4360149.126.72.220 8458 tcp tcpwrapped open
4361149.126.72.220 8459 tcp tcpwrapped open
4362149.126.72.220 8460 tcp tcpwrapped open
4363149.126.72.220 8461 tcp tcpwrapped open
4364149.126.72.220 8462 tcp tcpwrapped open
4365149.126.72.220 8463 tcp tcpwrapped open
4366149.126.72.220 8464 tcp tcpwrapped open
4367149.126.72.220 8465 tcp tcpwrapped open
4368149.126.72.220 8466 tcp tcpwrapped open
4369149.126.72.220 8467 tcp tcpwrapped open
4370149.126.72.220 8470 tcp tcpwrapped open
4371149.126.72.220 8472 tcp tcpwrapped open
4372149.126.72.220 8473 tcp tcpwrapped open
4373149.126.72.220 8475 tcp tcpwrapped open
4374149.126.72.220 8480 tcp tcpwrapped open
4375149.126.72.220 8481 tcp tcpwrapped open
4376149.126.72.220 8482 tcp tcpwrapped open
4377149.126.72.220 8484 tcp tcpwrapped open
4378149.126.72.220 8485 tcp tcpwrapped open
4379149.126.72.220 8488 tcp tcpwrapped open
4380149.126.72.220 8493 tcp tcpwrapped open
4381149.126.72.220 8494 tcp tcpwrapped open
4382149.126.72.220 8500 tcp tcpwrapped open
4383149.126.72.220 8502 tcp tcpwrapped open
4384149.126.72.220 8503 tcp tcpwrapped open
4385149.126.72.220 8504 tcp tcpwrapped open
4386149.126.72.220 8505 tcp tcpwrapped open
4387149.126.72.220 8506 tcp tcpwrapped open
4388149.126.72.220 8510 tcp tcpwrapped open
4389149.126.72.220 8513 tcp tcpwrapped open
4390149.126.72.220 8514 tcp tcpwrapped open
4391149.126.72.220 8515 tcp tcpwrapped open
4392149.126.72.220 8519 tcp tcpwrapped open
4393149.126.72.220 8520 tcp tcpwrapped open
4394149.126.72.220 8521 tcp tcpwrapped open
4395149.126.72.220 8523 tcp tcpwrapped open
4396149.126.72.220 8524 tcp tcpwrapped open
4397149.126.72.220 8525 tcp tcpwrapped open
4398149.126.72.220 8526 tcp tcpwrapped open
4399149.126.72.220 8528 tcp tcpwrapped open
4400149.126.72.220 8529 tcp tcpwrapped open
4401149.126.72.220 8530 tcp tcpwrapped open
4402149.126.72.220 8531 tcp tcpwrapped open
4403149.126.72.220 8532 tcp tcpwrapped open
4404149.126.72.220 8533 tcp tcpwrapped open
4405149.126.72.220 8536 tcp tcpwrapped open
4406149.126.72.220 8540 tcp tcpwrapped open
4407149.126.72.220 8543 tcp tcpwrapped open
4408149.126.72.220 8544 tcp tcpwrapped open
4409149.126.72.220 8548 tcp tcpwrapped open
4410149.126.72.220 8549 tcp tcpwrapped open
4411149.126.72.220 8550 tcp tcpwrapped open
4412149.126.72.220 8551 tcp tcpwrapped open
4413149.126.72.220 8553 tcp tcpwrapped open
4414149.126.72.220 8556 tcp tcpwrapped open
4415149.126.72.220 8557 tcp tcpwrapped open
4416149.126.72.220 8558 tcp tcpwrapped open
4417149.126.72.220 8560 tcp tcpwrapped open
4418149.126.72.220 8561 tcp tcpwrapped open
4419149.126.72.220 8562 tcp tcpwrapped open
4420149.126.72.220 8563 tcp tcpwrapped open
4421149.126.72.220 8564 tcp tcpwrapped open
4422149.126.72.220 8565 tcp tcpwrapped open
4423149.126.72.220 8566 tcp tcpwrapped open
4424149.126.72.220 8567 tcp tcpwrapped open
4425149.126.72.220 8568 tcp tcpwrapped open
4426149.126.72.220 8569 tcp tcpwrapped open
4427149.126.72.220 8570 tcp tcpwrapped open
4428149.126.72.220 8571 tcp tcpwrapped open
4429149.126.72.220 8573 tcp tcpwrapped open
4430149.126.72.220 8574 tcp tcpwrapped open
4431149.126.72.220 8575 tcp tcpwrapped open
4432149.126.72.220 8576 tcp tcpwrapped open
4433149.126.72.220 8577 tcp tcpwrapped open
4434149.126.72.220 8578 tcp tcpwrapped open
4435149.126.72.220 8579 tcp tcpwrapped open
4436149.126.72.220 8580 tcp tcpwrapped open
4437149.126.72.220 8581 tcp tcpwrapped open
4438149.126.72.220 8582 tcp tcpwrapped open
4439149.126.72.220 8583 tcp tcpwrapped open
4440149.126.72.220 8585 tcp tcpwrapped open
4441149.126.72.220 8586 tcp tcpwrapped open
4442149.126.72.220 8588 tcp tcpwrapped open
4443149.126.72.220 8589 tcp tcpwrapped open
4444149.126.72.220 8590 tcp tcpwrapped open
4445149.126.72.220 8591 tcp tcpwrapped open
4446149.126.72.220 8592 tcp tcpwrapped open
4447149.126.72.220 8593 tcp tcpwrapped open
4448149.126.72.220 8594 tcp tcpwrapped open
4449149.126.72.220 8595 tcp tcpwrapped open
4450149.126.72.220 8596 tcp tcpwrapped open
4451149.126.72.220 8597 tcp tcpwrapped open
4452149.126.72.220 8598 tcp tcpwrapped open
4453149.126.72.220 8599 tcp tcpwrapped open
4454149.126.72.220 8600 tcp tcpwrapped open
4455149.126.72.220 8601 tcp tcpwrapped open
4456149.126.72.220 8605 tcp tcpwrapped open
4457149.126.72.220 8606 tcp tcpwrapped open
4458149.126.72.220 8630 tcp tcpwrapped open
4459149.126.72.220 8640 tcp tcpwrapped open
4460149.126.72.220 8641 tcp tcpwrapped open
4461149.126.72.220 8643 tcp tcpwrapped open
4462149.126.72.220 8663 tcp tcpwrapped open
4463149.126.72.220 8666 tcp tcpwrapped open
4464149.126.72.220 8686 tcp tcpwrapped open
4465149.126.72.220 8688 tcp tcpwrapped open
4466149.126.72.220 8700 tcp tcpwrapped open
4467149.126.72.220 8701 tcp tcpwrapped open
4468149.126.72.220 8702 tcp tcpwrapped open
4469149.126.72.220 8703 tcp tcpwrapped open
4470149.126.72.220 8704 tcp tcpwrapped open
4471149.126.72.220 8705 tcp tcpwrapped open
4472149.126.72.220 8706 tcp tcpwrapped open
4473149.126.72.220 8707 tcp tcpwrapped open
4474149.126.72.220 8708 tcp tcpwrapped open
4475149.126.72.220 8709 tcp tcpwrapped open
4476149.126.72.220 8723 tcp tcpwrapped open
4477149.126.72.220 8724 tcp tcpwrapped open
4478149.126.72.220 8731 tcp tcpwrapped open
4479149.126.72.220 8732 tcp tcpwrapped open
4480149.126.72.220 8764 tcp tcpwrapped open
4481149.126.72.220 8765 tcp tcpwrapped open
4482149.126.72.220 8766 tcp tcpwrapped open
4483149.126.72.220 8767 tcp tcpwrapped open
4484149.126.72.220 8771 tcp tcpwrapped open
4485149.126.72.220 8787 tcp tcpwrapped open
4486149.126.72.220 8788 tcp tcpwrapped open
4487149.126.72.220 8789 tcp tcpwrapped open
4488149.126.72.220 8790 tcp tcpwrapped open
4489149.126.72.220 8791 tcp tcpwrapped open
4490149.126.72.220 8800 tcp tcpwrapped open
4491149.126.72.220 8801 tcp tcpwrapped open
4492149.126.72.220 8802 tcp tcpwrapped open
4493149.126.72.220 8803 tcp tcpwrapped open
4494149.126.72.220 8804 tcp tcpwrapped open
4495149.126.72.220 8805 tcp tcpwrapped open
4496149.126.72.220 8806 tcp tcpwrapped open
4497149.126.72.220 8807 tcp tcpwrapped open
4498149.126.72.220 8808 tcp tcpwrapped open
4499149.126.72.220 8809 tcp tcpwrapped open
4500149.126.72.220 8810 tcp tcpwrapped open
4501149.126.72.220 8811 tcp tcpwrapped open
4502149.126.72.220 8812 tcp tcpwrapped open
4503149.126.72.220 8813 tcp tcpwrapped open
4504149.126.72.220 8814 tcp tcpwrapped open
4505149.126.72.220 8815 tcp tcpwrapped open
4506149.126.72.220 8816 tcp tcpwrapped open
4507149.126.72.220 8817 tcp tcpwrapped open
4508149.126.72.220 8818 tcp tcpwrapped open
4509149.126.72.220 8819 tcp tcpwrapped open
4510149.126.72.220 8820 tcp tcpwrapped open
4511149.126.72.220 8821 tcp tcpwrapped open
4512149.126.72.220 8822 tcp tcpwrapped open
4513149.126.72.220 8823 tcp tcpwrapped open
4514149.126.72.220 8824 tcp tcpwrapped open
4515149.126.72.220 8825 tcp tcpwrapped open
4516149.126.72.220 8826 tcp tcpwrapped open
4517149.126.72.220 8827 tcp tcpwrapped open
4518149.126.72.220 8828 tcp tcpwrapped open
4519149.126.72.220 8829 tcp tcpwrapped open
4520149.126.72.220 8830 tcp tcpwrapped open
4521149.126.72.220 8831 tcp tcpwrapped open
4522149.126.72.220 8832 tcp tcpwrapped open
4523149.126.72.220 8833 tcp tcpwrapped open
4524149.126.72.220 8834 tcp tcpwrapped open
4525149.126.72.220 8835 tcp tcpwrapped open
4526149.126.72.220 8836 tcp tcpwrapped open
4527149.126.72.220 8837 tcp tcpwrapped open
4528149.126.72.220 8838 tcp tcpwrapped open
4529149.126.72.220 8839 tcp tcpwrapped open
4530149.126.72.220 8840 tcp tcpwrapped open
4531149.126.72.220 8841 tcp tcpwrapped open
4532149.126.72.220 8842 tcp tcpwrapped open
4533149.126.72.220 8843 tcp tcpwrapped open
4534149.126.72.220 8844 tcp tcpwrapped open
4535149.126.72.220 8845 tcp tcpwrapped open
4536149.126.72.220 8846 tcp tcpwrapped open
4537149.126.72.220 8847 tcp tcpwrapped open
4538149.126.72.220 8848 tcp tcpwrapped open
4539149.126.72.220 8849 tcp tcpwrapped open
4540149.126.72.220 8850 tcp tcpwrapped open
4541149.126.72.220 8851 tcp tcpwrapped open
4542149.126.72.220 8852 tcp tcpwrapped open
4543149.126.72.220 8853 tcp tcpwrapped open
4544149.126.72.220 8854 tcp tcpwrapped open
4545149.126.72.220 8855 tcp tcpwrapped open
4546149.126.72.220 8856 tcp tcpwrapped open
4547149.126.72.220 8857 tcp tcpwrapped open
4548149.126.72.220 8858 tcp tcpwrapped open
4549149.126.72.220 8859 tcp tcpwrapped open
4550149.126.72.220 8860 tcp tcpwrapped open
4551149.126.72.220 8861 tcp tcpwrapped open
4552149.126.72.220 8862 tcp tcpwrapped open
4553149.126.72.220 8863 tcp tcpwrapped open
4554149.126.72.220 8864 tcp tcpwrapped open
4555149.126.72.220 8865 tcp tcpwrapped open
4556149.126.72.220 8866 tcp tcpwrapped open
4557149.126.72.220 8867 tcp tcpwrapped open
4558149.126.72.220 8868 tcp tcpwrapped open
4559149.126.72.220 8869 tcp tcpwrapped open
4560149.126.72.220 8870 tcp tcpwrapped open
4561149.126.72.220 8871 tcp tcpwrapped open
4562149.126.72.220 8872 tcp tcpwrapped open
4563149.126.72.220 8873 tcp tcpwrapped open
4564149.126.72.220 8874 tcp tcpwrapped open
4565149.126.72.220 8875 tcp tcpwrapped open
4566149.126.72.220 8876 tcp tcpwrapped open
4567149.126.72.220 8877 tcp tcpwrapped open
4568149.126.72.220 8878 tcp tcpwrapped open
4569149.126.72.220 8879 tcp tcpwrapped open
4570149.126.72.220 8880 tcp tcpwrapped open
4571149.126.72.220 8881 tcp tcpwrapped open
4572149.126.72.220 8882 tcp tcpwrapped open
4573149.126.72.220 8883 tcp tcpwrapped open
4574149.126.72.220 8884 tcp tcpwrapped open
4575149.126.72.220 8885 tcp tcpwrapped open
4576149.126.72.220 8887 tcp tcpwrapped open
4577149.126.72.220 8888 tcp tcpwrapped open
4578149.126.72.220 8889 tcp tcpwrapped open
4579149.126.72.220 8890 tcp tcpwrapped open
4580149.126.72.220 8891 tcp tcpwrapped open
4581149.126.72.220 8899 tcp tcpwrapped open
4582149.126.72.220 8900 tcp tcpwrapped open
4583149.126.72.220 8901 tcp tcpwrapped open
4584149.126.72.220 8902 tcp tcpwrapped open
4585149.126.72.220 8905 tcp tcpwrapped open
4586149.126.72.220 8906 tcp tcpwrapped open
4587149.126.72.220 8907 tcp tcpwrapped open
4588149.126.72.220 8908 tcp tcpwrapped open
4589149.126.72.220 8910 tcp tcpwrapped open
4590149.126.72.220 8911 tcp tcpwrapped open
4591149.126.72.220 8912 tcp tcpwrapped open
4592149.126.72.220 8913 tcp tcpwrapped open
4593149.126.72.220 8915 tcp tcpwrapped open
4594149.126.72.220 8916 tcp tcpwrapped open
4595149.126.72.220 8935 tcp tcpwrapped open
4596149.126.72.220 8943 tcp tcpwrapped open
4597149.126.72.220 8969 tcp tcpwrapped open
4598149.126.72.220 8988 tcp tcpwrapped open
4599149.126.72.220 8989 tcp tcpwrapped open
4600149.126.72.220 8999 tcp tcpwrapped open
4601149.126.72.220 9000 tcp tcpwrapped open
4602149.126.72.220 9001 tcp tcpwrapped open
4603149.126.72.220 9002 tcp tcpwrapped open
4604149.126.72.220 9003 tcp tcpwrapped open
4605149.126.72.220 9004 tcp tcpwrapped open
4606149.126.72.220 9005 tcp tcpwrapped open
4607149.126.72.220 9006 tcp tcpwrapped open
4608149.126.72.220 9007 tcp tcpwrapped open
4609149.126.72.220 9008 tcp tcpwrapped open
4610149.126.72.220 9009 tcp tcpwrapped open
4611149.126.72.220 9010 tcp tcpwrapped open
4612149.126.72.220 9011 tcp tcpwrapped open
4613149.126.72.220 9012 tcp tcpwrapped open
4614149.126.72.220 9013 tcp tcpwrapped open
4615149.126.72.220 9014 tcp tcpwrapped open
4616149.126.72.220 9015 tcp tcpwrapped open
4617149.126.72.220 9016 tcp tcpwrapped open
4618149.126.72.220 9017 tcp tcpwrapped open
4619149.126.72.220 9018 tcp tcpwrapped open
4620149.126.72.220 9019 tcp tcpwrapped open
4621149.126.72.220 9020 tcp tcpwrapped open
4622149.126.72.220 9021 tcp tcpwrapped open
4623149.126.72.220 9022 tcp tcpwrapped open
4624149.126.72.220 9023 tcp tcpwrapped open
4625149.126.72.220 9024 tcp tcpwrapped open
4626149.126.72.220 9025 tcp tcpwrapped open
4627149.126.72.220 9026 tcp tcpwrapped open
4628149.126.72.220 9027 tcp tcpwrapped open
4629149.126.72.220 9028 tcp tcpwrapped open
4630149.126.72.220 9029 tcp tcpwrapped open
4631149.126.72.220 9030 tcp tcpwrapped open
4632149.126.72.220 9031 tcp tcpwrapped open
4633149.126.72.220 9032 tcp tcpwrapped open
4634149.126.72.220 9033 tcp tcpwrapped open
4635149.126.72.220 9034 tcp tcpwrapped open
4636149.126.72.220 9035 tcp tcpwrapped open
4637149.126.72.220 9036 tcp tcpwrapped open
4638149.126.72.220 9037 tcp tcpwrapped open
4639149.126.72.220 9038 tcp tcpwrapped open
4640149.126.72.220 9039 tcp tcpwrapped open
4641149.126.72.220 9040 tcp tcpwrapped open
4642149.126.72.220 9041 tcp tcpwrapped open
4643149.126.72.220 9042 tcp tcpwrapped open
4644149.126.72.220 9043 tcp tcpwrapped open
4645149.126.72.220 9044 tcp tcpwrapped open
4646149.126.72.220 9045 tcp tcpwrapped open
4647149.126.72.220 9046 tcp tcpwrapped open
4648149.126.72.220 9047 tcp tcpwrapped open
4649149.126.72.220 9048 tcp tcpwrapped open
4650149.126.72.220 9049 tcp tcpwrapped open
4651149.126.72.220 9050 tcp tcpwrapped open
4652149.126.72.220 9051 tcp tcpwrapped open
4653149.126.72.220 9052 tcp tcpwrapped open
4654149.126.72.220 9058 tcp tcpwrapped open
4655149.126.72.220 9060 tcp tcpwrapped open
4656149.126.72.220 9061 tcp tcpwrapped open
4657149.126.72.220 9070 tcp tcpwrapped open
4658149.126.72.220 9080 tcp tcpwrapped open
4659149.126.72.220 9081 tcp tcpwrapped open
4660149.126.72.220 9082 tcp tcpwrapped open
4661149.126.72.220 9084 tcp tcpwrapped open
4662149.126.72.220 9085 tcp tcpwrapped open
4663149.126.72.220 9086 tcp tcpwrapped open
4664149.126.72.220 9088 tcp tcpwrapped open
4665149.126.72.220 9089 tcp tcpwrapped open
4666149.126.72.220 9090 tcp tcpwrapped open
4667149.126.72.220 9091 tcp tcpwrapped open
4668149.126.72.220 9092 tcp tcpwrapped open
4669149.126.72.220 9093 tcp tcpwrapped open
4670149.126.72.220 9094 tcp tcpwrapped open
4671149.126.72.220 9095 tcp tcpwrapped open
4672149.126.72.220 9096 tcp tcpwrapped open
4673149.126.72.220 9097 tcp tcpwrapped open
4674149.126.72.220 9098 tcp tcpwrapped open
4675149.126.72.220 9099 tcp tcpwrapped open
4676149.126.72.220 9100 tcp jetdirect open
4677149.126.72.220 9101 tcp jetdirect open
4678149.126.72.220 9102 tcp jetdirect open
4679149.126.72.220 9103 tcp jetdirect open
4680149.126.72.220 9104 tcp jetdirect open
4681149.126.72.220 9105 tcp jetdirect open
4682149.126.72.220 9106 tcp jetdirect open
4683149.126.72.220 9107 tcp jetdirect open
4684149.126.72.220 9108 tcp tcpwrapped open
4685149.126.72.220 9109 tcp tcpwrapped open
4686149.126.72.220 9110 tcp tcpwrapped open
4687149.126.72.220 9111 tcp tcpwrapped open
4688149.126.72.220 9136 tcp tcpwrapped open
4689149.126.72.220 9143 tcp tcpwrapped open
4690149.126.72.220 9189 tcp tcpwrapped open
4691149.126.72.220 9199 tcp tcpwrapped open
4692149.126.72.220 9200 tcp tcpwrapped open
4693149.126.72.220 9201 tcp tcpwrapped open
4694149.126.72.220 9202 tcp tcpwrapped open
4695149.126.72.220 9203 tcp tcpwrapped open
4696149.126.72.220 9204 tcp tcpwrapped open
4697149.126.72.220 9205 tcp tcpwrapped open
4698149.126.72.220 9206 tcp tcpwrapped open
4699149.126.72.220 9207 tcp tcpwrapped open
4700149.126.72.220 9208 tcp tcpwrapped open
4701149.126.72.220 9209 tcp tcpwrapped open
4702149.126.72.220 9210 tcp tcpwrapped open
4703149.126.72.220 9211 tcp tcpwrapped open
4704149.126.72.220 9212 tcp tcpwrapped open
4705149.126.72.220 9213 tcp tcpwrapped open
4706149.126.72.220 9214 tcp tcpwrapped open
4707149.126.72.220 9215 tcp tcpwrapped open
4708149.126.72.220 9216 tcp tcpwrapped open
4709149.126.72.220 9217 tcp tcpwrapped open
4710149.126.72.220 9218 tcp tcpwrapped open
4711149.126.72.220 9219 tcp tcpwrapped open
4712149.126.72.220 9220 tcp tcpwrapped open
4713149.126.72.220 9221 tcp tcpwrapped open
4714149.126.72.220 9236 tcp tcpwrapped open
4715149.126.72.220 9251 tcp tcpwrapped open
4716149.126.72.220 9289 tcp tcpwrapped open
4717149.126.72.220 9299 tcp tcpwrapped open
4718149.126.72.220 9300 tcp tcpwrapped open
4719149.126.72.220 9301 tcp tcpwrapped open
4720149.126.72.220 9302 tcp tcpwrapped open
4721149.126.72.220 9303 tcp tcpwrapped open
4722149.126.72.220 9304 tcp tcpwrapped open
4723149.126.72.220 9305 tcp tcpwrapped open
4724149.126.72.220 9306 tcp tcpwrapped open
4725149.126.72.220 9307 tcp tcpwrapped open
4726149.126.72.220 9308 tcp tcpwrapped open
4727149.126.72.220 9309 tcp tcpwrapped open
4728149.126.72.220 9310 tcp tcpwrapped open
4729149.126.72.220 9311 tcp tcpwrapped open
4730149.126.72.220 9350 tcp tcpwrapped open
4731149.126.72.220 9383 tcp tcpwrapped open
4732149.126.72.220 9387 tcp tcpwrapped open
4733149.126.72.220 9389 tcp tcpwrapped open
4734149.126.72.220 9433 tcp tcpwrapped open
4735149.126.72.220 9443 tcp tcpwrapped open
4736149.126.72.220 9444 tcp tcpwrapped open
4737149.126.72.220 9446 tcp tcpwrapped open
4738149.126.72.220 9447 tcp tcpwrapped open
4739149.126.72.220 9500 tcp tcpwrapped open
4740149.126.72.220 9510 tcp tcpwrapped open
4741149.126.72.220 9530 tcp tcpwrapped open
4742149.126.72.220 9550 tcp tcpwrapped open
4743149.126.72.220 9600 tcp tcpwrapped open
4744149.126.72.220 9663 tcp tcpwrapped open
4745149.126.72.220 9690 tcp tcpwrapped open
4746149.126.72.220 9704 tcp tcpwrapped open
4747149.126.72.220 9710 tcp tcpwrapped open
4748149.126.72.220 9711 tcp tcpwrapped open
4749149.126.72.220 9765 tcp tcpwrapped open
4750149.126.72.220 9773 tcp tcpwrapped open
4751149.126.72.220 9779 tcp tcpwrapped open
4752149.126.72.220 9800 tcp tcpwrapped open
4753149.126.72.220 9803 tcp tcpwrapped open
4754149.126.72.220 9804 tcp tcpwrapped open
4755149.126.72.220 9950 tcp tcpwrapped open
4756149.126.72.220 9991 tcp tcpwrapped open
4757149.126.72.220 9992 tcp tcpwrapped open
4758149.126.72.220 9993 tcp tcpwrapped open
4759149.126.72.220 9994 tcp tcpwrapped open
4760149.126.72.220 9997 tcp tcpwrapped open
4761149.126.72.220 9998 tcp tcpwrapped open
4762149.126.72.220 9999 tcp tcpwrapped open
4763149.126.72.220 10000 tcp tcpwrapped open
4764149.126.72.220 10001 tcp tcpwrapped open
4765149.126.72.220 10002 tcp tcpwrapped open
4766149.126.72.220 10003 tcp tcpwrapped open
4767149.126.72.220 10004 tcp tcpwrapped open
4768149.126.72.220 10005 tcp tcpwrapped open
4769149.126.72.220 10006 tcp tcpwrapped open
4770149.126.72.220 10007 tcp tcpwrapped open
4771149.126.72.220 10008 tcp tcpwrapped open
4772149.126.72.220 10009 tcp tcpwrapped open
4773149.126.72.220 10010 tcp tcpwrapped open
4774149.126.72.220 10011 tcp tcpwrapped open
4775149.126.72.220 10012 tcp tcpwrapped open
4776149.126.72.220 10013 tcp tcpwrapped open
4777149.126.72.220 10014 tcp tcpwrapped open
4778149.126.72.220 10015 tcp tcpwrapped open
4779149.126.72.220 10016 tcp tcpwrapped open
4780149.126.72.220 10017 tcp tcpwrapped open
4781149.126.72.220 10018 tcp tcpwrapped open
4782149.126.72.220 10019 tcp tcpwrapped open
4783149.126.72.220 10020 tcp tcpwrapped open
4784149.126.72.220 10021 tcp tcpwrapped open
4785149.126.72.220 10022 tcp tcpwrapped open
4786149.126.72.220 10023 tcp tcpwrapped open
4787149.126.72.220 10024 tcp tcpwrapped open
4788149.126.72.220 10025 tcp tcpwrapped open
4789149.126.72.220 10026 tcp tcpwrapped open
4790149.126.72.220 10027 tcp tcpwrapped open
4791149.126.72.220 10028 tcp tcpwrapped open
4792149.126.72.220 10029 tcp tcpwrapped open
4793149.126.72.220 10030 tcp tcpwrapped open
4794149.126.72.220 10031 tcp tcpwrapped open
4795149.126.72.220 10032 tcp tcpwrapped open
4796149.126.72.220 10033 tcp tcpwrapped open
4797149.126.72.220 10034 tcp tcpwrapped open
4798149.126.72.220 10035 tcp tcpwrapped open
4799149.126.72.220 10036 tcp tcpwrapped open
4800149.126.72.220 10037 tcp tcpwrapped open
4801149.126.72.220 10038 tcp tcpwrapped open
4802149.126.72.220 10039 tcp tcpwrapped open
4803149.126.72.220 10040 tcp tcpwrapped open
4804149.126.72.220 10041 tcp tcpwrapped open
4805149.126.72.220 10042 tcp tcpwrapped open
4806149.126.72.220 10043 tcp tcpwrapped open
4807149.126.72.220 10044 tcp tcpwrapped open
4808149.126.72.220 10045 tcp tcpwrapped open
4809149.126.72.220 10046 tcp tcpwrapped open
4810149.126.72.220 10047 tcp tcpwrapped open
4811149.126.72.220 10048 tcp tcpwrapped open
4812149.126.72.220 10049 tcp tcpwrapped open
4813149.126.72.220 10065 tcp tcpwrapped open
4814149.126.72.220 10071 tcp tcpwrapped open
4815149.126.72.220 10075 tcp tcpwrapped open
4816149.126.72.220 10082 tcp tcpwrapped open
4817149.126.72.220 10084 tcp tcpwrapped open
4818149.126.72.220 10100 tcp tcpwrapped open
4819149.126.72.220 10123 tcp tcpwrapped open
4820149.126.72.220 10200 tcp tcpwrapped open
4821149.126.72.220 10443 tcp tcpwrapped open
4822149.126.72.220 10444 tcp tcpwrapped open
4823149.126.72.220 10892 tcp tcpwrapped open
4824149.126.72.220 10894 tcp tcpwrapped open
4825149.126.72.220 11001 tcp tcpwrapped open
4826149.126.72.220 11002 tcp tcpwrapped open
4827149.126.72.220 11007 tcp tcpwrapped open
4828149.126.72.220 11027 tcp tcpwrapped open
4829149.126.72.220 11065 tcp tcpwrapped open
4830149.126.72.220 11075 tcp tcpwrapped open
4831149.126.72.220 11082 tcp tcpwrapped open
4832149.126.72.220 11084 tcp tcpwrapped open
4833149.126.72.220 11110 tcp tcpwrapped open
4834149.126.72.220 11182 tcp tcpwrapped open
4835149.126.72.220 11184 tcp tcpwrapped open
4836149.126.72.220 11443 tcp tcpwrapped open
4837149.126.72.220 12016 tcp tcpwrapped open
4838149.126.72.220 12082 tcp tcpwrapped open
4839149.126.72.220 12084 tcp tcpwrapped open
4840149.126.72.220 12103 tcp tcpwrapped open
4841149.126.72.220 12104 tcp tcpwrapped open
4842149.126.72.220 12105 tcp tcpwrapped open
4843149.126.72.220 12106 tcp tcpwrapped open
4844149.126.72.220 12107 tcp tcpwrapped open
4845149.126.72.220 12108 tcp tcpwrapped open
4846149.126.72.220 12109 tcp tcpwrapped open
4847149.126.72.220 12110 tcp tcpwrapped open
4848149.126.72.220 12111 tcp tcpwrapped open
4849149.126.72.220 12112 tcp tcpwrapped open
4850149.126.72.220 12113 tcp tcpwrapped open
4851149.126.72.220 12114 tcp tcpwrapped open
4852149.126.72.220 12115 tcp tcpwrapped open
4853149.126.72.220 12116 tcp tcpwrapped open
4854149.126.72.220 12117 tcp tcpwrapped open
4855149.126.72.220 12118 tcp tcpwrapped open
4856149.126.72.220 12119 tcp tcpwrapped open
4857149.126.72.220 12120 tcp tcpwrapped open
4858149.126.72.220 12121 tcp tcpwrapped open
4859149.126.72.220 12122 tcp tcpwrapped open
4860149.126.72.220 12123 tcp tcpwrapped open
4861149.126.72.220 12124 tcp tcpwrapped open
4862149.126.72.220 12125 tcp tcpwrapped open
4863149.126.72.220 12126 tcp tcpwrapped open
4864149.126.72.220 12127 tcp tcpwrapped open
4865149.126.72.220 12128 tcp tcpwrapped open
4866149.126.72.220 12129 tcp tcpwrapped open
4867149.126.72.220 12130 tcp tcpwrapped open
4868149.126.72.220 12131 tcp tcpwrapped open
4869149.126.72.220 12132 tcp tcpwrapped open
4870149.126.72.220 12133 tcp tcpwrapped open
4871149.126.72.220 12134 tcp tcpwrapped open
4872149.126.72.220 12135 tcp tcpwrapped open
4873149.126.72.220 12136 tcp tcpwrapped open
4874149.126.72.220 12137 tcp tcpwrapped open
4875149.126.72.220 12138 tcp tcpwrapped open
4876149.126.72.220 12139 tcp tcpwrapped open
4877149.126.72.220 12140 tcp tcpwrapped open
4878149.126.72.220 12141 tcp tcpwrapped open
4879149.126.72.220 12142 tcp tcpwrapped open
4880149.126.72.220 12143 tcp tcpwrapped open
4881149.126.72.220 12144 tcp tcpwrapped open
4882149.126.72.220 12145 tcp tcpwrapped open
4883149.126.72.220 12146 tcp tcpwrapped open
4884149.126.72.220 12147 tcp tcpwrapped open
4885149.126.72.220 12148 tcp tcpwrapped open
4886149.126.72.220 12149 tcp tcpwrapped open
4887149.126.72.220 12150 tcp tcpwrapped open
4888149.126.72.220 12151 tcp tcpwrapped open
4889149.126.72.220 12152 tcp tcpwrapped open
4890149.126.72.220 12153 tcp tcpwrapped open
4891149.126.72.220 12154 tcp tcpwrapped open
4892149.126.72.220 12155 tcp tcpwrapped open
4893149.126.72.220 12156 tcp tcpwrapped open
4894149.126.72.220 12157 tcp tcpwrapped open
4895149.126.72.220 12158 tcp tcpwrapped open
4896149.126.72.220 12159 tcp tcpwrapped open
4897149.126.72.220 12160 tcp tcpwrapped open
4898149.126.72.220 12161 tcp tcpwrapped open
4899149.126.72.220 12162 tcp tcpwrapped open
4900149.126.72.220 12163 tcp tcpwrapped open
4901149.126.72.220 12164 tcp tcpwrapped open
4902149.126.72.220 12165 tcp tcpwrapped open
4903149.126.72.220 12166 tcp tcpwrapped open
4904149.126.72.220 12167 tcp tcpwrapped open
4905149.126.72.220 12168 tcp tcpwrapped open
4906149.126.72.220 12169 tcp tcpwrapped open
4907149.126.72.220 12170 tcp tcpwrapped open
4908149.126.72.220 12171 tcp tcpwrapped open
4909149.126.72.220 12172 tcp tcpwrapped open
4910149.126.72.220 12173 tcp tcpwrapped open
4911149.126.72.220 12174 tcp tcpwrapped open
4912149.126.72.220 12175 tcp tcpwrapped open
4913149.126.72.220 12176 tcp tcpwrapped open
4914149.126.72.220 12177 tcp tcpwrapped open
4915149.126.72.220 12178 tcp tcpwrapped open
4916149.126.72.220 12179 tcp tcpwrapped open
4917149.126.72.220 12180 tcp tcpwrapped open
4918149.126.72.220 12181 tcp tcpwrapped open
4919149.126.72.220 12182 tcp tcpwrapped open
4920149.126.72.220 12183 tcp tcpwrapped open
4921149.126.72.220 12184 tcp tcpwrapped open
4922149.126.72.220 12185 tcp tcpwrapped open
4923149.126.72.220 12186 tcp tcpwrapped open
4924149.126.72.220 12187 tcp tcpwrapped open
4925149.126.72.220 12188 tcp tcpwrapped open
4926149.126.72.220 12189 tcp tcpwrapped open
4927149.126.72.220 12190 tcp tcpwrapped open
4928149.126.72.220 12191 tcp tcpwrapped open
4929149.126.72.220 12192 tcp tcpwrapped open
4930149.126.72.220 12193 tcp tcpwrapped open
4931149.126.72.220 12194 tcp tcpwrapped open
4932149.126.72.220 12195 tcp tcpwrapped open
4933149.126.72.220 12196 tcp tcpwrapped open
4934149.126.72.220 12197 tcp tcpwrapped open
4935149.126.72.220 12198 tcp tcpwrapped open
4936149.126.72.220 12199 tcp tcpwrapped open
4937149.126.72.220 12200 tcp tcpwrapped open
4938149.126.72.220 12201 tcp tcpwrapped open
4939149.126.72.220 12202 tcp tcpwrapped open
4940149.126.72.220 12203 tcp tcpwrapped open
4941149.126.72.220 12204 tcp tcpwrapped open
4942149.126.72.220 12205 tcp tcpwrapped open
4943149.126.72.220 12206 tcp tcpwrapped open
4944149.126.72.220 12207 tcp tcpwrapped open
4945149.126.72.220 12208 tcp tcpwrapped open
4946149.126.72.220 12209 tcp tcpwrapped open
4947149.126.72.220 12210 tcp tcpwrapped open
4948149.126.72.220 12211 tcp tcpwrapped open
4949149.126.72.220 12212 tcp tcpwrapped open
4950149.126.72.220 12213 tcp tcpwrapped open
4951149.126.72.220 12214 tcp tcpwrapped open
4952149.126.72.220 12215 tcp tcpwrapped open
4953149.126.72.220 12216 tcp tcpwrapped open
4954149.126.72.220 12217 tcp tcpwrapped open
4955149.126.72.220 12218 tcp tcpwrapped open
4956149.126.72.220 12219 tcp tcpwrapped open
4957149.126.72.220 12220 tcp tcpwrapped open
4958149.126.72.220 12221 tcp tcpwrapped open
4959149.126.72.220 12222 tcp tcpwrapped open
4960149.126.72.220 12223 tcp tcpwrapped open
4961149.126.72.220 12224 tcp tcpwrapped open
4962149.126.72.220 12225 tcp tcpwrapped open
4963149.126.72.220 12226 tcp tcpwrapped open
4964149.126.72.220 12227 tcp tcpwrapped open
4965149.126.72.220 12228 tcp tcpwrapped open
4966149.126.72.220 12229 tcp tcpwrapped open
4967149.126.72.220 12230 tcp tcpwrapped open
4968149.126.72.220 12231 tcp tcpwrapped open
4969149.126.72.220 12232 tcp tcpwrapped open
4970149.126.72.220 12233 tcp tcpwrapped open
4971149.126.72.220 12234 tcp tcpwrapped open
4972149.126.72.220 12235 tcp tcpwrapped open
4973149.126.72.220 12236 tcp tcpwrapped open
4974149.126.72.220 12237 tcp tcpwrapped open
4975149.126.72.220 12238 tcp tcpwrapped open
4976149.126.72.220 12239 tcp tcpwrapped open
4977149.126.72.220 12240 tcp tcpwrapped open
4978149.126.72.220 12241 tcp tcpwrapped open
4979149.126.72.220 12242 tcp tcpwrapped open
4980149.126.72.220 12243 tcp tcpwrapped open
4981149.126.72.220 12244 tcp tcpwrapped open
4982149.126.72.220 12245 tcp tcpwrapped open
4983149.126.72.220 12246 tcp tcpwrapped open
4984149.126.72.220 12247 tcp tcpwrapped open
4985149.126.72.220 12248 tcp tcpwrapped open
4986149.126.72.220 12249 tcp tcpwrapped open
4987149.126.72.220 12250 tcp tcpwrapped open
4988149.126.72.220 12251 tcp tcpwrapped open
4989149.126.72.220 12252 tcp tcpwrapped open
4990149.126.72.220 12253 tcp tcpwrapped open
4991149.126.72.220 12254 tcp tcpwrapped open
4992149.126.72.220 12255 tcp tcpwrapped open
4993149.126.72.220 12256 tcp tcpwrapped open
4994149.126.72.220 12257 tcp tcpwrapped open
4995149.126.72.220 12258 tcp tcpwrapped open
4996149.126.72.220 12259 tcp tcpwrapped open
4997149.126.72.220 12260 tcp tcpwrapped open
4998149.126.72.220 12261 tcp tcpwrapped open
4999149.126.72.220 12262 tcp tcpwrapped open
5000149.126.72.220 12263 tcp tcpwrapped open
5001149.126.72.220 12264 tcp tcpwrapped open
5002149.126.72.220 12265 tcp tcpwrapped open
5003149.126.72.220 12266 tcp tcpwrapped open
5004149.126.72.220 12267 tcp tcpwrapped open
5005149.126.72.220 12268 tcp tcpwrapped open
5006149.126.72.220 12269 tcp tcpwrapped open
5007149.126.72.220 12270 tcp tcpwrapped open
5008149.126.72.220 12271 tcp tcpwrapped open
5009149.126.72.220 12272 tcp tcpwrapped open
5010149.126.72.220 12273 tcp tcpwrapped open
5011149.126.72.220 12274 tcp tcpwrapped open
5012149.126.72.220 12275 tcp tcpwrapped open
5013149.126.72.220 12276 tcp tcpwrapped open
5014149.126.72.220 12277 tcp tcpwrapped open
5015149.126.72.220 12278 tcp tcpwrapped open
5016149.126.72.220 12279 tcp tcpwrapped open
5017149.126.72.220 12280 tcp tcpwrapped open
5018149.126.72.220 12281 tcp tcpwrapped open
5019149.126.72.220 12282 tcp tcpwrapped open
5020149.126.72.220 12283 tcp tcpwrapped open
5021149.126.72.220 12284 tcp tcpwrapped open
5022149.126.72.220 12285 tcp tcpwrapped open
5023149.126.72.220 12286 tcp tcpwrapped open
5024149.126.72.220 12287 tcp tcpwrapped open
5025149.126.72.220 12288 tcp tcpwrapped open
5026149.126.72.220 12289 tcp tcpwrapped open
5027149.126.72.220 12290 tcp tcpwrapped open
5028149.126.72.220 12291 tcp tcpwrapped open
5029149.126.72.220 12292 tcp tcpwrapped open
5030149.126.72.220 12293 tcp tcpwrapped open
5031149.126.72.220 12294 tcp tcpwrapped open
5032149.126.72.220 12295 tcp tcpwrapped open
5033149.126.72.220 12296 tcp tcpwrapped open
5034149.126.72.220 12297 tcp tcpwrapped open
5035149.126.72.220 12298 tcp tcpwrapped open
5036149.126.72.220 12299 tcp tcpwrapped open
5037149.126.72.220 12300 tcp tcpwrapped open
5038149.126.72.220 12301 tcp tcpwrapped open
5039149.126.72.220 12302 tcp tcpwrapped open
5040149.126.72.220 12303 tcp tcpwrapped open
5041149.126.72.220 12304 tcp tcpwrapped open
5042149.126.72.220 12305 tcp tcpwrapped open
5043149.126.72.220 12306 tcp tcpwrapped open
5044149.126.72.220 12307 tcp tcpwrapped open
5045149.126.72.220 12308 tcp tcpwrapped open
5046149.126.72.220 12309 tcp tcpwrapped open
5047149.126.72.220 12310 tcp tcpwrapped open
5048149.126.72.220 12311 tcp tcpwrapped open
5049149.126.72.220 12312 tcp tcpwrapped open
5050149.126.72.220 12313 tcp tcpwrapped open
5051149.126.72.220 12314 tcp tcpwrapped open
5052149.126.72.220 12315 tcp tcpwrapped open
5053149.126.72.220 12316 tcp tcpwrapped open
5054149.126.72.220 12317 tcp tcpwrapped open
5055149.126.72.220 12318 tcp tcpwrapped open
5056149.126.72.220 12319 tcp tcpwrapped open
5057149.126.72.220 12320 tcp tcpwrapped open
5058149.126.72.220 12321 tcp tcpwrapped open
5059149.126.72.220 12322 tcp tcpwrapped open
5060149.126.72.220 12323 tcp tcpwrapped open
5061149.126.72.220 12324 tcp tcpwrapped open
5062149.126.72.220 12325 tcp tcpwrapped open
5063149.126.72.220 12326 tcp tcpwrapped open
5064149.126.72.220 12327 tcp tcpwrapped open
5065149.126.72.220 12328 tcp tcpwrapped open
5066149.126.72.220 12329 tcp tcpwrapped open
5067149.126.72.220 12330 tcp tcpwrapped open
5068149.126.72.220 12331 tcp tcpwrapped open
5069149.126.72.220 12332 tcp tcpwrapped open
5070149.126.72.220 12333 tcp tcpwrapped open
5071149.126.72.220 12334 tcp tcpwrapped open
5072149.126.72.220 12335 tcp tcpwrapped open
5073149.126.72.220 12336 tcp tcpwrapped open
5074149.126.72.220 12337 tcp tcpwrapped open
5075149.126.72.220 12338 tcp tcpwrapped open
5076149.126.72.220 12339 tcp tcpwrapped open
5077149.126.72.220 12340 tcp tcpwrapped open
5078149.126.72.220 12341 tcp tcpwrapped open
5079149.126.72.220 12342 tcp tcpwrapped open
5080149.126.72.220 12343 tcp tcpwrapped open
5081149.126.72.220 12344 tcp tcpwrapped open
5082149.126.72.220 12345 tcp tcpwrapped open
5083149.126.72.220 12346 tcp tcpwrapped open
5084149.126.72.220 12347 tcp tcpwrapped open
5085149.126.72.220 12348 tcp tcpwrapped open
5086149.126.72.220 12349 tcp tcpwrapped open
5087149.126.72.220 12350 tcp tcpwrapped open
5088149.126.72.220 12351 tcp tcpwrapped open
5089149.126.72.220 12352 tcp tcpwrapped open
5090149.126.72.220 12353 tcp tcpwrapped open
5091149.126.72.220 12354 tcp tcpwrapped open
5092149.126.72.220 12355 tcp tcpwrapped open
5093149.126.72.220 12356 tcp tcpwrapped open
5094149.126.72.220 12357 tcp tcpwrapped open
5095149.126.72.220 12358 tcp tcpwrapped open
5096149.126.72.220 12359 tcp tcpwrapped open
5097149.126.72.220 12360 tcp tcpwrapped open
5098149.126.72.220 12361 tcp tcpwrapped open
5099149.126.72.220 12362 tcp tcpwrapped open
5100149.126.72.220 12363 tcp tcpwrapped open
5101149.126.72.220 12364 tcp tcpwrapped open
5102149.126.72.220 12365 tcp tcpwrapped open
5103149.126.72.220 12366 tcp tcpwrapped open
5104149.126.72.220 12367 tcp tcpwrapped open
5105149.126.72.220 12368 tcp tcpwrapped open
5106149.126.72.220 12369 tcp tcpwrapped open
5107149.126.72.220 12370 tcp tcpwrapped open
5108149.126.72.220 12371 tcp tcpwrapped open
5109149.126.72.220 12372 tcp tcpwrapped open
5110149.126.72.220 12373 tcp tcpwrapped open
5111149.126.72.220 12374 tcp tcpwrapped open
5112149.126.72.220 12375 tcp tcpwrapped open
5113149.126.72.220 12376 tcp tcpwrapped open
5114149.126.72.220 12377 tcp tcpwrapped open
5115149.126.72.220 12378 tcp tcpwrapped open
5116149.126.72.220 12379 tcp tcpwrapped open
5117149.126.72.220 12380 tcp tcpwrapped open
5118149.126.72.220 12381 tcp tcpwrapped open
5119149.126.72.220 12382 tcp tcpwrapped open
5120149.126.72.220 12383 tcp tcpwrapped open
5121149.126.72.220 12384 tcp tcpwrapped open
5122149.126.72.220 12385 tcp tcpwrapped open
5123149.126.72.220 12386 tcp tcpwrapped open
5124149.126.72.220 12387 tcp tcpwrapped open
5125149.126.72.220 12388 tcp tcpwrapped open
5126149.126.72.220 12389 tcp tcpwrapped open
5127149.126.72.220 12390 tcp tcpwrapped open
5128149.126.72.220 12391 tcp tcpwrapped open
5129149.126.72.220 12392 tcp tcpwrapped open
5130149.126.72.220 12393 tcp tcpwrapped open
5131149.126.72.220 12394 tcp tcpwrapped open
5132149.126.72.220 12395 tcp tcpwrapped open
5133149.126.72.220 12396 tcp tcpwrapped open
5134149.126.72.220 12397 tcp tcpwrapped open
5135149.126.72.220 12398 tcp tcpwrapped open
5136149.126.72.220 12399 tcp tcpwrapped open
5137149.126.72.220 12400 tcp tcpwrapped open
5138149.126.72.220 12401 tcp tcpwrapped open
5139149.126.72.220 12402 tcp tcpwrapped open
5140149.126.72.220 12403 tcp tcpwrapped open
5141149.126.72.220 12404 tcp tcpwrapped open
5142149.126.72.220 12405 tcp tcpwrapped open
5143149.126.72.220 12406 tcp tcpwrapped open
5144149.126.72.220 12407 tcp tcpwrapped open
5145149.126.72.220 12408 tcp tcpwrapped open
5146149.126.72.220 12409 tcp tcpwrapped open
5147149.126.72.220 12410 tcp tcpwrapped open
5148149.126.72.220 12411 tcp tcpwrapped open
5149149.126.72.220 12412 tcp tcpwrapped open
5150149.126.72.220 12413 tcp tcpwrapped open
5151149.126.72.220 12414 tcp tcpwrapped open
5152149.126.72.220 12415 tcp tcpwrapped open
5153149.126.72.220 12416 tcp tcpwrapped open
5154149.126.72.220 12417 tcp tcpwrapped open
5155149.126.72.220 12418 tcp tcpwrapped open
5156149.126.72.220 12419 tcp tcpwrapped open
5157149.126.72.220 12420 tcp tcpwrapped open
5158149.126.72.220 12421 tcp tcpwrapped open
5159149.126.72.220 12422 tcp tcpwrapped open
5160149.126.72.220 12423 tcp tcpwrapped open
5161149.126.72.220 12424 tcp tcpwrapped open
5162149.126.72.220 12425 tcp tcpwrapped open
5163149.126.72.220 12426 tcp tcpwrapped open
5164149.126.72.220 12427 tcp tcpwrapped open
5165149.126.72.220 12428 tcp tcpwrapped open
5166149.126.72.220 12429 tcp tcpwrapped open
5167149.126.72.220 12430 tcp tcpwrapped open
5168149.126.72.220 12431 tcp tcpwrapped open
5169149.126.72.220 12432 tcp tcpwrapped open
5170149.126.72.220 12433 tcp tcpwrapped open
5171149.126.72.220 12434 tcp tcpwrapped open
5172149.126.72.220 12435 tcp tcpwrapped open
5173149.126.72.220 12436 tcp tcpwrapped open
5174149.126.72.220 12437 tcp tcpwrapped open
5175149.126.72.220 12438 tcp tcpwrapped open
5176149.126.72.220 12439 tcp tcpwrapped open
5177149.126.72.220 12440 tcp tcpwrapped open
5178149.126.72.220 12441 tcp tcpwrapped open
5179149.126.72.220 12442 tcp tcpwrapped open
5180149.126.72.220 12443 tcp tcpwrapped open
5181149.126.72.220 12444 tcp tcpwrapped open
5182149.126.72.220 12445 tcp tcpwrapped open
5183149.126.72.220 12446 tcp tcpwrapped open
5184149.126.72.220 12447 tcp tcpwrapped open
5185149.126.72.220 12448 tcp tcpwrapped open
5186149.126.72.220 12449 tcp tcpwrapped open
5187149.126.72.220 12450 tcp tcpwrapped open
5188149.126.72.220 12451 tcp tcpwrapped open
5189149.126.72.220 12452 tcp tcpwrapped open
5190149.126.72.220 12453 tcp tcpwrapped open
5191149.126.72.220 12454 tcp tcpwrapped open
5192149.126.72.220 12455 tcp tcpwrapped open
5193149.126.72.220 12456 tcp tcpwrapped open
5194149.126.72.220 12457 tcp tcpwrapped open
5195149.126.72.220 12458 tcp tcpwrapped open
5196149.126.72.220 12459 tcp tcpwrapped open
5197149.126.72.220 12460 tcp tcpwrapped open
5198149.126.72.220 12461 tcp tcpwrapped open
5199149.126.72.220 12462 tcp tcpwrapped open
5200149.126.72.220 12463 tcp tcpwrapped open
5201149.126.72.220 12464 tcp tcpwrapped open
5202149.126.72.220 12465 tcp tcpwrapped open
5203149.126.72.220 12466 tcp tcpwrapped open
5204149.126.72.220 12467 tcp tcpwrapped open
5205149.126.72.220 12468 tcp tcpwrapped open
5206149.126.72.220 12469 tcp tcpwrapped open
5207149.126.72.220 12470 tcp tcpwrapped open
5208149.126.72.220 12471 tcp tcpwrapped open
5209149.126.72.220 12472 tcp tcpwrapped open
5210149.126.72.220 12473 tcp tcpwrapped open
5211149.126.72.220 12474 tcp tcpwrapped open
5212149.126.72.220 12475 tcp tcpwrapped open
5213149.126.72.220 12476 tcp tcpwrapped open
5214149.126.72.220 12477 tcp tcpwrapped open
5215149.126.72.220 12478 tcp tcpwrapped open
5216149.126.72.220 12479 tcp tcpwrapped open
5217149.126.72.220 12480 tcp tcpwrapped open
5218149.126.72.220 12481 tcp tcpwrapped open
5219149.126.72.220 12482 tcp tcpwrapped open
5220149.126.72.220 12483 tcp tcpwrapped open
5221149.126.72.220 12484 tcp tcpwrapped open
5222149.126.72.220 12485 tcp tcpwrapped open
5223149.126.72.220 12486 tcp tcpwrapped open
5224149.126.72.220 12487 tcp tcpwrapped open
5225149.126.72.220 12488 tcp tcpwrapped open
5226149.126.72.220 12489 tcp tcpwrapped open
5227149.126.72.220 12490 tcp tcpwrapped open
5228149.126.72.220 12491 tcp tcpwrapped open
5229149.126.72.220 12492 tcp tcpwrapped open
5230149.126.72.220 12493 tcp tcpwrapped open
5231149.126.72.220 12494 tcp tcpwrapped open
5232149.126.72.220 12495 tcp tcpwrapped open
5233149.126.72.220 12496 tcp tcpwrapped open
5234149.126.72.220 12497 tcp tcpwrapped open
5235149.126.72.220 12498 tcp tcpwrapped open
5236149.126.72.220 12499 tcp tcpwrapped open
5237149.126.72.220 12500 tcp tcpwrapped open
5238149.126.72.220 12501 tcp tcpwrapped open
5239149.126.72.220 12502 tcp tcpwrapped open
5240149.126.72.220 12503 tcp tcpwrapped open
5241149.126.72.220 12504 tcp tcpwrapped open
5242149.126.72.220 12505 tcp tcpwrapped open
5243149.126.72.220 12506 tcp tcpwrapped open
5244149.126.72.220 12507 tcp tcpwrapped open
5245149.126.72.220 12508 tcp tcpwrapped open
5246149.126.72.220 12509 tcp tcpwrapped open
5247149.126.72.220 12510 tcp tcpwrapped open
5248149.126.72.220 12511 tcp tcpwrapped open
5249149.126.72.220 12512 tcp tcpwrapped open
5250149.126.72.220 12513 tcp tcpwrapped open
5251149.126.72.220 12514 tcp tcpwrapped open
5252149.126.72.220 12515 tcp tcpwrapped open
5253149.126.72.220 12516 tcp tcpwrapped open
5254149.126.72.220 12517 tcp tcpwrapped open
5255149.126.72.220 12518 tcp tcpwrapped open
5256149.126.72.220 12519 tcp tcpwrapped open
5257149.126.72.220 12520 tcp tcpwrapped open
5258149.126.72.220 12521 tcp tcpwrapped open
5259149.126.72.220 12522 tcp tcpwrapped open
5260149.126.72.220 12523 tcp tcpwrapped open
5261149.126.72.220 12524 tcp tcpwrapped open
5262149.126.72.220 12525 tcp tcpwrapped open
5263149.126.72.220 12526 tcp tcpwrapped open
5264149.126.72.220 12527 tcp tcpwrapped open
5265149.126.72.220 12528 tcp tcpwrapped open
5266149.126.72.220 12529 tcp tcpwrapped open
5267149.126.72.220 12530 tcp tcpwrapped open
5268149.126.72.220 12531 tcp tcpwrapped open
5269149.126.72.220 12532 tcp tcpwrapped open
5270149.126.72.220 12533 tcp tcpwrapped open
5271149.126.72.220 12534 tcp tcpwrapped open
5272149.126.72.220 12535 tcp tcpwrapped open
5273149.126.72.220 12536 tcp tcpwrapped open
5274149.126.72.220 12537 tcp tcpwrapped open
5275149.126.72.220 12538 tcp tcpwrapped open
5276149.126.72.220 12539 tcp tcpwrapped open
5277149.126.72.220 12540 tcp tcpwrapped open
5278149.126.72.220 12541 tcp tcpwrapped open
5279149.126.72.220 12542 tcp tcpwrapped open
5280149.126.72.220 12543 tcp tcpwrapped open
5281149.126.72.220 12544 tcp tcpwrapped open
5282149.126.72.220 12545 tcp tcpwrapped open
5283149.126.72.220 12546 tcp tcpwrapped open
5284149.126.72.220 12547 tcp tcpwrapped open
5285149.126.72.220 12548 tcp tcpwrapped open
5286149.126.72.220 12549 tcp tcpwrapped open
5287149.126.72.220 12550 tcp tcpwrapped open
5288149.126.72.220 12551 tcp tcpwrapped open
5289149.126.72.220 12552 tcp tcpwrapped open
5290149.126.72.220 12553 tcp tcpwrapped open
5291149.126.72.220 12554 tcp tcpwrapped open
5292149.126.72.220 12555 tcp tcpwrapped open
5293149.126.72.220 12556 tcp tcpwrapped open
5294149.126.72.220 12557 tcp tcpwrapped open
5295149.126.72.220 12558 tcp tcpwrapped open
5296149.126.72.220 12559 tcp tcpwrapped open
5297149.126.72.220 12560 tcp tcpwrapped open
5298149.126.72.220 12561 tcp tcpwrapped open
5299149.126.72.220 12562 tcp tcpwrapped open
5300149.126.72.220 12563 tcp tcpwrapped open
5301149.126.72.220 12564 tcp tcpwrapped open
5302149.126.72.220 12565 tcp tcpwrapped open
5303149.126.72.220 12566 tcp tcpwrapped open
5304149.126.72.220 12567 tcp tcpwrapped open
5305149.126.72.220 12568 tcp tcpwrapped open
5306149.126.72.220 12569 tcp tcpwrapped open
5307149.126.72.220 12570 tcp tcpwrapped open
5308149.126.72.220 12571 tcp tcpwrapped open
5309149.126.72.220 12572 tcp tcpwrapped open
5310149.126.72.220 12573 tcp tcpwrapped open
5311149.126.72.220 12574 tcp tcpwrapped open
5312149.126.72.220 12575 tcp tcpwrapped open
5313149.126.72.220 12576 tcp tcpwrapped open
5314149.126.72.220 12577 tcp tcpwrapped open
5315149.126.72.220 12578 tcp tcpwrapped open
5316149.126.72.220 12579 tcp tcpwrapped open
5317149.126.72.220 12580 tcp tcpwrapped open
5318149.126.72.220 12581 tcp tcpwrapped open
5319149.126.72.220 12582 tcp tcpwrapped open
5320149.126.72.220 12583 tcp tcpwrapped open
5321149.126.72.220 12584 tcp tcpwrapped open
5322149.126.72.220 12585 tcp tcpwrapped open
5323149.126.72.220 12586 tcp tcpwrapped open
5324149.126.72.220 12587 tcp tcpwrapped open
5325149.126.72.220 12588 tcp tcpwrapped open
5326149.126.72.220 12589 tcp tcpwrapped open
5327149.126.72.220 12590 tcp tcpwrapped open
5328149.126.72.220 13082 tcp tcpwrapped open
5329149.126.72.220 13084 tcp tcpwrapped open
5330149.126.72.220 13333 tcp tcpwrapped open
5331149.126.72.220 13443 tcp tcpwrapped open
5332149.126.72.220 14006 tcp tcpwrapped open
5333149.126.72.220 14082 tcp tcpwrapped open
5334149.126.72.220 14084 tcp tcpwrapped open
5335149.126.72.220 14104 tcp tcpwrapped open
5336149.126.72.220 14130 tcp tcpwrapped open
5337149.126.72.220 14182 tcp tcpwrapped open
5338149.126.72.220 14184 tcp tcpwrapped open
5339149.126.72.220 14330 tcp tcpwrapped open
5340149.126.72.220 14443 tcp tcpwrapped open
5341149.126.72.220 14825 tcp tcpwrapped open
5342149.126.72.220 15002 tcp tcpwrapped open
5343149.126.72.220 15006 tcp tcpwrapped open
5344149.126.72.220 15082 tcp tcpwrapped open
5345149.126.72.220 15084 tcp tcpwrapped open
5346149.126.72.220 15151 tcp tcpwrapped open
5347149.126.72.220 15555 tcp tcpwrapped open
5348149.126.72.220 16000 tcp tcpwrapped open
5349149.126.72.220 16001 tcp tcpwrapped open
5350149.126.72.220 16015 tcp tcpwrapped open
5351149.126.72.220 16016 tcp tcpwrapped open
5352149.126.72.220 16017 tcp tcpwrapped open
5353149.126.72.220 16082 tcp tcpwrapped open
5354149.126.72.220 16084 tcp tcpwrapped open
5355149.126.72.220 16311 tcp tcpwrapped open
5356149.126.72.220 16316 tcp tcpwrapped open
5357149.126.72.220 16443 tcp tcpwrapped open
5358149.126.72.220 16800 tcp tcpwrapped open
5359149.126.72.220 16888 tcp tcpwrapped open
5360149.126.72.220 17082 tcp tcpwrapped open
5361149.126.72.220 17084 tcp tcpwrapped open
5362149.126.72.220 17182 tcp tcpwrapped open
5363149.126.72.220 17184 tcp tcpwrapped open
5364149.126.72.220 17770 tcp tcpwrapped open
5365149.126.72.220 17771 tcp tcpwrapped open
5366149.126.72.220 17772 tcp tcpwrapped open
5367149.126.72.220 17773 tcp tcpwrapped open
5368149.126.72.220 17774 tcp tcpwrapped open
5369149.126.72.220 17775 tcp tcpwrapped open
5370149.126.72.220 17776 tcp tcpwrapped open
5371149.126.72.220 17777 tcp tcpwrapped open
5372149.126.72.220 17778 tcp tcpwrapped open
5373149.126.72.220 17779 tcp tcpwrapped open
5374149.126.72.220 17780 tcp tcpwrapped open
5375149.126.72.220 18000 tcp tcpwrapped open
5376149.126.72.220 18001 tcp tcpwrapped open
5377149.126.72.220 18002 tcp tcpwrapped open
5378149.126.72.220 18003 tcp tcpwrapped open
5379149.126.72.220 18004 tcp tcpwrapped open
5380149.126.72.220 18005 tcp tcpwrapped open
5381149.126.72.220 18006 tcp tcpwrapped open
5382149.126.72.220 18007 tcp tcpwrapped open
5383149.126.72.220 18008 tcp tcpwrapped open
5384149.126.72.220 18009 tcp tcpwrapped open
5385149.126.72.220 18010 tcp tcpwrapped open
5386149.126.72.220 18011 tcp tcpwrapped open
5387149.126.72.220 18012 tcp tcpwrapped open
5388149.126.72.220 18013 tcp tcpwrapped open
5389149.126.72.220 18014 tcp tcpwrapped open
5390149.126.72.220 18015 tcp tcpwrapped open
5391149.126.72.220 18016 tcp tcpwrapped open
5392149.126.72.220 18017 tcp tcpwrapped open
5393149.126.72.220 18018 tcp tcpwrapped open
5394149.126.72.220 18019 tcp tcpwrapped open
5395149.126.72.220 18020 tcp tcpwrapped open
5396149.126.72.220 18021 tcp tcpwrapped open
5397149.126.72.220 18022 tcp tcpwrapped open
5398149.126.72.220 18023 tcp tcpwrapped open
5399149.126.72.220 18024 tcp tcpwrapped open
5400149.126.72.220 18025 tcp tcpwrapped open
5401149.126.72.220 18026 tcp tcpwrapped open
5402149.126.72.220 18027 tcp tcpwrapped open
5403149.126.72.220 18028 tcp tcpwrapped open
5404149.126.72.220 18029 tcp tcpwrapped open
5405149.126.72.220 18030 tcp tcpwrapped open
5406149.126.72.220 18031 tcp tcpwrapped open
5407149.126.72.220 18032 tcp tcpwrapped open
5408149.126.72.220 18033 tcp tcpwrapped open
5409149.126.72.220 18034 tcp tcpwrapped open
5410149.126.72.220 18035 tcp tcpwrapped open
5411149.126.72.220 18036 tcp tcpwrapped open
5412149.126.72.220 18037 tcp tcpwrapped open
5413149.126.72.220 18038 tcp tcpwrapped open
5414149.126.72.220 18039 tcp tcpwrapped open
5415149.126.72.220 18040 tcp tcpwrapped open
5416149.126.72.220 18041 tcp tcpwrapped open
5417149.126.72.220 18042 tcp tcpwrapped open
5418149.126.72.220 18043 tcp tcpwrapped open
5419149.126.72.220 18044 tcp tcpwrapped open
5420149.126.72.220 18045 tcp tcpwrapped open
5421149.126.72.220 18046 tcp tcpwrapped open
5422149.126.72.220 18047 tcp tcpwrapped open
5423149.126.72.220 18048 tcp tcpwrapped open
5424149.126.72.220 18049 tcp tcpwrapped open
5425149.126.72.220 18050 tcp tcpwrapped open
5426149.126.72.220 18051 tcp tcpwrapped open
5427149.126.72.220 18052 tcp tcpwrapped open
5428149.126.72.220 18053 tcp tcpwrapped open
5429149.126.72.220 18054 tcp tcpwrapped open
5430149.126.72.220 18055 tcp tcpwrapped open
5431149.126.72.220 18056 tcp tcpwrapped open
5432149.126.72.220 18057 tcp tcpwrapped open
5433149.126.72.220 18058 tcp tcpwrapped open
5434149.126.72.220 18059 tcp tcpwrapped open
5435149.126.72.220 18060 tcp tcpwrapped open
5436149.126.72.220 18061 tcp tcpwrapped open
5437149.126.72.220 18062 tcp tcpwrapped open
5438149.126.72.220 18063 tcp tcpwrapped open
5439149.126.72.220 18064 tcp tcpwrapped open
5440149.126.72.220 18065 tcp tcpwrapped open
5441149.126.72.220 18066 tcp tcpwrapped open
5442149.126.72.220 18067 tcp tcpwrapped open
5443149.126.72.220 18068 tcp tcpwrapped open
5444149.126.72.220 18069 tcp tcpwrapped open
5445149.126.72.220 18070 tcp tcpwrapped open
5446149.126.72.220 18071 tcp tcpwrapped open
5447149.126.72.220 18072 tcp tcpwrapped open
5448149.126.72.220 18073 tcp tcpwrapped open
5449149.126.72.220 18074 tcp tcpwrapped open
5450149.126.72.220 18075 tcp tcpwrapped open
5451149.126.72.220 18076 tcp tcpwrapped open
5452149.126.72.220 18077 tcp tcpwrapped open
5453149.126.72.220 18078 tcp tcpwrapped open
5454149.126.72.220 18079 tcp tcpwrapped open
5455149.126.72.220 18080 tcp tcpwrapped open
5456149.126.72.220 18081 tcp tcpwrapped open
5457149.126.72.220 18082 tcp tcpwrapped open
5458149.126.72.220 18083 tcp tcpwrapped open
5459149.126.72.220 18084 tcp tcpwrapped open
5460149.126.72.220 18085 tcp tcpwrapped open
5461149.126.72.220 18086 tcp tcpwrapped open
5462149.126.72.220 18087 tcp tcpwrapped open
5463149.126.72.220 18088 tcp tcpwrapped open
5464149.126.72.220 18089 tcp tcpwrapped open
5465149.126.72.220 18090 tcp tcpwrapped open
5466149.126.72.220 18091 tcp tcpwrapped open
5467149.126.72.220 18092 tcp tcpwrapped open
5468149.126.72.220 18093 tcp tcpwrapped open
5469149.126.72.220 18094 tcp tcpwrapped open
5470149.126.72.220 18095 tcp tcpwrapped open
5471149.126.72.220 18096 tcp tcpwrapped open
5472149.126.72.220 18097 tcp tcpwrapped open
5473149.126.72.220 18098 tcp tcpwrapped open
5474149.126.72.220 18099 tcp tcpwrapped open
5475149.126.72.220 18100 tcp tcpwrapped open
5476149.126.72.220 18101 tcp tcpwrapped open
5477149.126.72.220 18102 tcp tcpwrapped open
5478149.126.72.220 18103 tcp tcpwrapped open
5479149.126.72.220 18104 tcp tcpwrapped open
5480149.126.72.220 18105 tcp tcpwrapped open
5481149.126.72.220 18106 tcp tcpwrapped open
5482149.126.72.220 18107 tcp tcpwrapped open
5483149.126.72.220 18108 tcp tcpwrapped open
5484149.126.72.220 18109 tcp tcpwrapped open
5485149.126.72.220 18110 tcp tcpwrapped open
5486149.126.72.220 18111 tcp tcpwrapped open
5487149.126.72.220 18112 tcp tcpwrapped open
5488149.126.72.220 18113 tcp tcpwrapped open
5489149.126.72.220 18200 tcp tcpwrapped open
5490149.126.72.220 18239 tcp tcpwrapped open
5491149.126.72.220 18443 tcp tcpwrapped open
5492149.126.72.220 18802 tcp tcpwrapped open
5493149.126.72.220 19013 tcp tcpwrapped open
5494149.126.72.220 19014 tcp tcpwrapped open
5495149.126.72.220 19015 tcp tcpwrapped open
5496149.126.72.220 19016 tcp tcpwrapped open
5497149.126.72.220 19017 tcp tcpwrapped open
5498149.126.72.220 19022 tcp tcpwrapped open
5499149.126.72.220 19080 tcp tcpwrapped open
5500149.126.72.220 19082 tcp tcpwrapped open
5501149.126.72.220 19084 tcp tcpwrapped open
5502149.126.72.220 19443 tcp tcpwrapped open
5503149.126.72.220 20000 tcp tcpwrapped open
5504149.126.72.220 20001 tcp tcpwrapped open
5505149.126.72.220 20010 tcp tcpwrapped open
5506149.126.72.220 20020 tcp tcpwrapped open
5507149.126.72.220 20030 tcp tcpwrapped open
5508149.126.72.220 20040 tcp tcpwrapped open
5509149.126.72.220 20050 tcp tcpwrapped open
5510149.126.72.220 20053 tcp tcpwrapped open
5511149.126.72.220 20060 tcp tcpwrapped open
5512149.126.72.220 20070 tcp tcpwrapped open
5513149.126.72.220 20080 tcp tcpwrapped open
5514149.126.72.220 20082 tcp tcpwrapped open
5515149.126.72.220 20084 tcp tcpwrapped open
5516149.126.72.220 20090 tcp tcpwrapped open
5517149.126.72.220 20100 tcp tcpwrapped open
5518149.126.72.220 20106 tcp tcpwrapped open
5519149.126.72.220 20107 tcp tcpwrapped open
5520149.126.72.220 20110 tcp tcpwrapped open
5521149.126.72.220 20150 tcp tcpwrapped open
5522149.126.72.220 20182 tcp tcpwrapped open
5523149.126.72.220 20184 tcp tcpwrapped open
5524149.126.72.220 20185 tcp tcpwrapped open
5525149.126.72.220 20200 tcp tcpwrapped open
5526149.126.72.220 20208 tcp tcpwrapped open
5527149.126.72.220 20325 tcp tcpwrapped open
5528149.126.72.220 20500 tcp tcpwrapped open
5529149.126.72.220 20512 tcp tcpwrapped open
5530149.126.72.220 20600 tcp tcpwrapped open
5531149.126.72.220 20800 tcp tcpwrapped open
5532149.126.72.220 20892 tcp tcpwrapped open
5533149.126.72.220 20894 tcp tcpwrapped open
5534149.126.72.220 20900 tcp tcpwrapped open
5535149.126.72.220 21081 tcp tcpwrapped open
5536149.126.72.220 21082 tcp tcpwrapped open
5537149.126.72.220 21083 tcp tcpwrapped open
5538149.126.72.220 21084 tcp tcpwrapped open
5539149.126.72.220 21100 tcp tcpwrapped open
5540149.126.72.220 21200 tcp tcpwrapped open
5541149.126.72.220 21300 tcp tcpwrapped open
5542149.126.72.220 21357 tcp tcpwrapped open
5543149.126.72.220 21381 tcp tcpwrapped open
5544149.126.72.220 21400 tcp tcpwrapped open
5545149.126.72.220 21500 tcp tcpwrapped open
5546149.126.72.220 21935 tcp tcpwrapped open
5547149.126.72.220 22082 tcp tcpwrapped open
5548149.126.72.220 22084 tcp tcpwrapped open
5549149.126.72.220 22103 tcp tcpwrapped open
5550149.126.72.220 22107 tcp tcpwrapped open
5551149.126.72.220 22206 tcp tcpwrapped open
5552149.126.72.220 22345 tcp tcpwrapped open
5553149.126.72.220 22403 tcp tcpwrapped open
5554149.126.72.220 22609 tcp tcpwrapped open
5555149.126.72.220 22703 tcp tcpwrapped open
5556149.126.72.220 22705 tcp tcpwrapped open
5557149.126.72.220 23082 tcp tcpwrapped open
5558149.126.72.220 23084 tcp tcpwrapped open
5559149.126.72.220 23182 tcp tcpwrapped open
5560149.126.72.220 23184 tcp tcpwrapped open
5561149.126.72.220 24082 tcp tcpwrapped open
5562149.126.72.220 24084 tcp tcpwrapped open
5563149.126.72.220 24472 tcp tcpwrapped open
5564149.126.72.220 24510 tcp tcpwrapped open
5565149.126.72.220 25000 tcp tcpwrapped open
5566149.126.72.220 25001 tcp tcpwrapped open
5567149.126.72.220 25002 tcp tcpwrapped open
5568149.126.72.220 25003 tcp tcpwrapped open
5569149.126.72.220 25004 tcp tcpwrapped open
5570149.126.72.220 25005 tcp tcpwrapped open
5571149.126.72.220 25006 tcp tcpwrapped open
5572149.126.72.220 25007 tcp tcpwrapped open
5573149.126.72.220 25008 tcp tcpwrapped open
5574149.126.72.220 25009 tcp tcpwrapped open
5575149.126.72.220 25010 tcp tcpwrapped open
5576149.126.72.220 25082 tcp tcpwrapped open
5577149.126.72.220 25084 tcp tcpwrapped open
5578149.126.72.220 25782 tcp tcpwrapped open
5579149.126.72.220 25952 tcp tcpwrapped open
5580149.126.72.220 27571 tcp tcpwrapped open
5581149.126.72.220 28001 tcp tcpwrapped open
5582149.126.72.220 28080 tcp tcpwrapped open
5583149.126.72.220 28818 tcp tcpwrapped open
5584149.126.72.220 29798 tcp tcpwrapped open
5585149.126.72.220 29799 tcp tcpwrapped open
5586149.126.72.220 30000 tcp tcpwrapped open
5587149.126.72.220 30001 tcp tcpwrapped open
5588149.126.72.220 30003 tcp tcpwrapped open
5589149.126.72.220 30005 tcp tcpwrapped open
5590149.126.72.220 30007 tcp tcpwrapped open
5591149.126.72.220 30009 tcp tcpwrapped open
5592149.126.72.220 30011 tcp tcpwrapped open
5593149.126.72.220 30013 tcp tcpwrapped open
5594149.126.72.220 30015 tcp tcpwrapped open
5595149.126.72.220 30017 tcp tcpwrapped open
5596149.126.72.220 30019 tcp tcpwrapped open
5597149.126.72.220 30021 tcp tcpwrapped open
5598149.126.72.220 30050 tcp tcpwrapped open
5599149.126.72.220 30106 tcp tcpwrapped open
5600149.126.72.220 30110 tcp tcpwrapped open
5601149.126.72.220 30111 tcp tcpwrapped open
5602149.126.72.220 30112 tcp tcpwrapped open
5603149.126.72.220 30113 tcp tcpwrapped open
5604149.126.72.220 30120 tcp tcpwrapped open
5605149.126.72.220 30121 tcp tcpwrapped open
5606149.126.72.220 30122 tcp tcpwrapped open
5607149.126.72.220 30123 tcp tcpwrapped open
5608149.126.72.220 30452 tcp tcpwrapped open
5609149.126.72.220 30468 tcp tcpwrapped open
5610149.126.72.220 30473 tcp tcpwrapped open
5611149.126.72.220 30479 tcp tcpwrapped open
5612149.126.72.220 30501 tcp tcpwrapped open
5613149.126.72.220 30700 tcp tcpwrapped open
5614149.126.72.220 30701 tcp tcpwrapped open
5615149.126.72.220 30892 tcp tcpwrapped open
5616149.126.72.220 30894 tcp tcpwrapped open
5617149.126.72.220 31337 tcp tcpwrapped open
5618149.126.72.220 32101 tcp tcpwrapped open
5619149.126.72.220 32102 tcp tcpwrapped open
5620149.126.72.220 32202 tcp tcpwrapped open
5621149.126.72.220 32303 tcp tcpwrapped open
5622149.126.72.220 32443 tcp tcpwrapped open
5623149.126.72.220 32444 tcp tcpwrapped open
5624149.126.72.220 32746 tcp tcpwrapped open
5625149.126.72.220 32800 tcp tcpwrapped open
5626149.126.72.220 34225 tcp tcpwrapped open
5627149.126.72.220 34500 tcp tcpwrapped open
5628149.126.72.220 35522 tcp tcpwrapped open
5629149.126.72.220 35524 tcp tcpwrapped open
5630149.126.72.220 35531 tcp tcpwrapped open
5631149.126.72.220 35554 tcp tcpwrapped open
5632149.126.72.220 35559 tcp tcpwrapped open
5633149.126.72.220 35560 tcp tcpwrapped open
5634149.126.72.220 36982 tcp tcpwrapped open
5635149.126.72.220 36983 tcp tcpwrapped open
5636149.126.72.220 36984 tcp tcpwrapped open
5637149.126.72.220 37080 tcp tcpwrapped open
5638149.126.72.220 38880 tcp tcpwrapped open
5639149.126.72.220 39001 tcp tcpwrapped open
5640149.126.72.220 40070 tcp tcpwrapped open
5641149.126.72.220 40099 tcp tcpwrapped open
5642149.126.72.220 40892 tcp tcpwrapped open
5643149.126.72.220 40894 tcp tcpwrapped open
5644149.126.72.220 42208 tcp tcpwrapped open
5645149.126.72.220 42424 tcp tcpwrapped open
5646149.126.72.220 42901 tcp tcpwrapped open
5647149.126.72.220 43008 tcp tcpwrapped open
5648149.126.72.220 43009 tcp tcpwrapped open
5649149.126.72.220 43200 tcp tcpwrapped open
5650149.126.72.220 44100 tcp tcpwrapped open
5651149.126.72.220 44300 tcp tcpwrapped open
5652149.126.72.220 44301 tcp tcpwrapped open
5653149.126.72.220 44302 tcp tcpwrapped open
5654149.126.72.220 44303 tcp tcpwrapped open
5655149.126.72.220 44304 tcp tcpwrapped open
5656149.126.72.220 44305 tcp tcpwrapped open
5657149.126.72.220 44306 tcp tcpwrapped open
5658149.126.72.220 44307 tcp tcpwrapped open
5659149.126.72.220 44308 tcp tcpwrapped open
5660149.126.72.220 44309 tcp tcpwrapped open
5661149.126.72.220 44310 tcp tcpwrapped open
5662149.126.72.220 44320 tcp tcpwrapped open
5663149.126.72.220 44332 tcp tcpwrapped open
5664149.126.72.220 44333 tcp tcpwrapped open
5665149.126.72.220 44334 tcp tcpwrapped open
5666149.126.72.220 44336 tcp tcpwrapped open
5667149.126.72.220 44337 tcp tcpwrapped open
5668149.126.72.220 44340 tcp tcpwrapped open
5669149.126.72.220 44341 tcp tcpwrapped open
5670149.126.72.220 44345 tcp tcpwrapped open
5671149.126.72.220 44400 tcp tcpwrapped open
5672149.126.72.220 44410 tcp tcpwrapped open
5673149.126.72.220 44420 tcp tcpwrapped open
5674149.126.72.220 45000 tcp tcpwrapped open
5675149.126.72.220 45555 tcp tcpwrapped open
5676149.126.72.220 45666 tcp tcpwrapped open
5677149.126.72.220 45667 tcp tcpwrapped open
5678149.126.72.220 45668 tcp tcpwrapped open
5679149.126.72.220 45677 tcp tcpwrapped open
5680149.126.72.220 45777 tcp tcpwrapped open
5681149.126.72.220 45788 tcp tcpwrapped open
5682149.126.72.220 45821 tcp tcpwrapped open
5683149.126.72.220 45886 tcp tcpwrapped open
5684149.126.72.220 45888 tcp tcpwrapped open
5685149.126.72.220 46000 tcp tcpwrapped open
5686149.126.72.220 46443 tcp tcpwrapped open
5687149.126.72.220 46862 tcp tcpwrapped open
5688149.126.72.220 47000 tcp tcpwrapped open
5689149.126.72.220 47080 tcp tcpwrapped open
5690149.126.72.220 47534 tcp tcpwrapped open
5691149.126.72.220 48888 tcp tcpwrapped open
5692149.126.72.220 48889 tcp tcpwrapped open
5693149.126.72.220 49200 tcp tcpwrapped open
5694149.126.72.220 49210 tcp tcpwrapped open
5695149.126.72.220 49443 tcp tcpwrapped open
5696149.126.72.220 49682 tcp tcpwrapped open
5697149.126.72.220 49684 tcp tcpwrapped open
5698149.126.72.220 49686 tcp tcpwrapped open
5699149.126.72.220 49688 tcp tcpwrapped open
5700149.126.72.220 49690 tcp tcpwrapped open
5701149.126.72.220 49692 tcp tcpwrapped open
5702149.126.72.220 49694 tcp tcpwrapped open
5703149.126.72.220 50000 tcp tcpwrapped open
5704149.126.72.220 50001 tcp tcpwrapped open
5705149.126.72.220 50042 tcp tcpwrapped open
5706149.126.72.220 50050 tcp tcpwrapped open
5707149.126.72.220 50073 tcp tcpwrapped open
5708149.126.72.220 50085 tcp tcpwrapped open
5709149.126.72.220 50101 tcp tcpwrapped open
5710149.126.72.220 50102 tcp tcpwrapped open
5711149.126.72.220 50103 tcp tcpwrapped open
5712149.126.72.220 50104 tcp tcpwrapped open
5713149.126.72.220 50105 tcp tcpwrapped open
5714149.126.72.220 50106 tcp tcpwrapped open
5715149.126.72.220 50107 tcp tcpwrapped open
5716149.126.72.220 50112 tcp tcpwrapped open
5717149.126.72.220 50113 tcp tcpwrapped open
5718149.126.72.220 50122 tcp tcpwrapped open
5719149.126.72.220 50160 tcp tcpwrapped open
5720149.126.72.220 50443 tcp tcpwrapped open
5721149.126.72.220 51002 tcp tcpwrapped open
5722149.126.72.220 51003 tcp tcpwrapped open
5723149.126.72.220 51434 tcp tcpwrapped open
5724149.126.72.220 52010 tcp tcpwrapped open
5725149.126.72.220 52230 tcp tcpwrapped open
5726149.126.72.220 52311 tcp tcpwrapped open
5727149.126.72.220 52536 tcp tcpwrapped open
5728149.126.72.220 53480 tcp tcpwrapped open
5729149.126.72.220 53481 tcp tcpwrapped open
5730149.126.72.220 53482 tcp tcpwrapped open
5731149.126.72.220 53483 tcp tcpwrapped open
5732149.126.72.220 53484 tcp tcpwrapped open
5733149.126.72.220 53485 tcp tcpwrapped open
5734149.126.72.220 53490 tcp tcpwrapped open
5735149.126.72.220 53805 tcp tcpwrapped open
5736149.126.72.220 53806 tcp tcpwrapped open
5737149.126.72.220 54327 tcp tcpwrapped open
5738149.126.72.220 54490 tcp tcpwrapped open
5739149.126.72.220 54545 tcp tcpwrapped open
5740149.126.72.220 55055 tcp tcpwrapped open
5741149.126.72.220 55080 tcp tcpwrapped open
5742149.126.72.220 55081 tcp tcpwrapped open
5743149.126.72.220 55350 tcp tcpwrapped open
5744149.126.72.220 55388 tcp tcpwrapped open
5745149.126.72.220 55470 tcp tcpwrapped open
5746149.126.72.220 55475 tcp tcpwrapped open
5747149.126.72.220 55481 tcp tcpwrapped open
5748149.126.72.220 55490 tcp tcpwrapped open
5749149.126.72.220 57778 tcp tcpwrapped open
5750149.126.72.220 57779 tcp tcpwrapped open
5751149.126.72.220 57780 tcp tcpwrapped open
5752149.126.72.220 57781 tcp tcpwrapped open
5753149.126.72.220 57782 tcp tcpwrapped open
5754149.126.72.220 57783 tcp tcpwrapped open
5755149.126.72.220 57784 tcp tcpwrapped open
5756149.126.72.220 57785 tcp tcpwrapped open
5757149.126.72.220 57786 tcp tcpwrapped open
5758149.126.72.220 57787 tcp tcpwrapped open
5759149.126.72.220 57788 tcp tcpwrapped open
5760149.126.72.220 58443 tcp tcpwrapped open
5761149.126.72.220 58585 tcp tcpwrapped open
5762149.126.72.220 59012 tcp tcpwrapped open
5763149.126.72.220 59443 tcp tcpwrapped open
5764149.126.72.220 60021 tcp tcpwrapped open
5765149.126.72.220 60023 tcp tcpwrapped open
5766149.126.72.220 60443 tcp tcpwrapped open
5767149.126.72.220 62080 tcp tcpwrapped open
5768149.126.72.220 62237 tcp tcpwrapped open
5769149.126.72.220 62443 tcp tcpwrapped open
5770149.126.72.220 62865 tcp tcpwrapped open
5771149.126.72.220 63443 tcp tcpwrapped open
5772149.126.72.220 64477 tcp tcpwrapped open
5773149.126.72.220 64671 tcp tcpwrapped open
5774151.106.38.107 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 12:11. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
5775151.106.38.107 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
5776151.106.38.107 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
5777151.106.38.107 67 tcp dhcps filtered
5778151.106.38.107 67 udp dhcps unknown
5779151.106.38.107 68 tcp dhcpc filtered
5780151.106.38.107 68 udp dhcpc unknown
5781151.106.38.107 69 tcp tftp filtered
5782151.106.38.107 69 udp tftp unknown
5783151.106.38.107 88 tcp kerberos-sec filtered
5784151.106.38.107 88 udp kerberos-sec unknown
5785151.106.38.107 123 tcp ntp filtered
5786151.106.38.107 123 udp ntp unknown
5787151.106.38.107 137 tcp netbios-ns filtered
5788151.106.38.107 137 udp netbios-ns unknown
5789151.106.38.107 138 tcp netbios-dgm filtered
5790151.106.38.107 138 udp netbios-dgm unknown
5791151.106.38.107 139 tcp netbios-ssn filtered
5792151.106.38.107 139 udp netbios-ssn unknown
5793151.106.38.107 161 tcp snmp filtered
5794151.106.38.107 161 udp snmp unknown
5795151.106.38.107 162 tcp snmptrap filtered
5796151.106.38.107 162 udp snmptrap unknown
5797151.106.38.107 389 tcp ldap filtered
5798151.106.38.107 389 udp ldap unknown
5799151.106.38.107 520 tcp efs filtered
5800151.106.38.107 520 udp route unknown
5801151.106.38.107 2049 tcp nfs filtered
5802151.106.38.107 2049 udp nfs unknown
5803169.239.218.20 25 tcp smtp closed
5804169.239.218.20 53 tcp domain filtered
5805169.239.218.20 53 udp domain unknown
5806169.239.218.20 67 tcp dhcps filtered
5807169.239.218.20 67 udp dhcps unknown
5808169.239.218.20 68 tcp dhcpc filtered
5809169.239.218.20 68 udp dhcpc unknown
5810169.239.218.20 69 tcp tftp filtered
5811169.239.218.20 69 udp tftp unknown
5812169.239.218.20 88 tcp kerberos-sec filtered
5813169.239.218.20 88 udp kerberos-sec unknown
5814169.239.218.20 113 tcp ident closed
5815169.239.218.20 123 tcp ntp filtered
5816169.239.218.20 123 udp ntp unknown
5817169.239.218.20 137 tcp netbios-ns filtered
5818169.239.218.20 137 udp netbios-ns filtered
5819169.239.218.20 138 tcp netbios-dgm filtered
5820169.239.218.20 138 udp netbios-dgm filtered
5821169.239.218.20 139 tcp netbios-ssn closed
5822169.239.218.20 139 udp netbios-ssn unknown
5823169.239.218.20 161 tcp snmp filtered
5824169.239.218.20 161 udp snmp unknown
5825169.239.218.20 162 tcp snmptrap filtered
5826169.239.218.20 162 udp snmptrap unknown
5827169.239.218.20 389 tcp ldap filtered
5828169.239.218.20 389 udp ldap unknown
5829169.239.218.20 445 tcp microsoft-ds closed
5830169.239.218.20 520 tcp efs filtered
5831169.239.218.20 520 udp route unknown
5832169.239.218.20 2049 tcp nfs filtered
5833169.239.218.20 2049 udp nfs unknown
5834169.239.218.20 8008 tcp tcpwrapped open
5835174.142.53.51 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 13:59. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
5836174.142.53.51 22 tcp ssh open SSH-2.0-OpenSSH_7.4
5837174.142.53.51 25 tcp smtp closed
5838174.142.53.51 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
5839174.142.53.51 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
5840174.142.53.51 67 tcp dhcps filtered
5841174.142.53.51 67 udp dhcps unknown
5842174.142.53.51 68 tcp dhcpc filtered
5843174.142.53.51 68 udp dhcpc unknown
5844174.142.53.51 69 tcp tftp filtered
5845174.142.53.51 69 udp tftp unknown
5846174.142.53.51 88 tcp kerberos-sec filtered
5847174.142.53.51 88 udp kerberos-sec unknown
5848174.142.53.51 123 tcp ntp filtered
5849174.142.53.51 123 udp ntp unknown
5850174.142.53.51 137 tcp netbios-ns filtered
5851174.142.53.51 137 udp netbios-ns filtered
5852174.142.53.51 138 tcp netbios-dgm filtered
5853174.142.53.51 138 udp netbios-dgm filtered
5854174.142.53.51 139 tcp netbios-ssn closed
5855174.142.53.51 139 udp netbios-ssn unknown
5856174.142.53.51 161 tcp snmp filtered
5857174.142.53.51 161 udp snmp unknown
5858174.142.53.51 162 tcp snmptrap filtered
5859174.142.53.51 162 udp snmptrap unknown
5860174.142.53.51 389 tcp ldap filtered
5861174.142.53.51 389 udp ldap unknown
5862174.142.53.51 445 tcp microsoft-ds closed
5863174.142.53.51 520 tcp efs filtered
5864174.142.53.51 520 udp route unknown
5865174.142.53.51 2049 tcp nfs filtered
5866174.142.53.51 2049 udp nfs unknown
5867211.13.196.135 25 tcp smtp closed
5868211.13.196.135 53 tcp domain filtered
5869211.13.196.135 53 udp domain unknown
5870211.13.196.135 67 tcp dhcps filtered
5871211.13.196.135 67 udp dhcps unknown
5872211.13.196.135 68 tcp dhcpc filtered
5873211.13.196.135 68 udp dhcpc unknown
5874211.13.196.135 69 tcp tftp filtered
5875211.13.196.135 69 udp tftp unknown
5876211.13.196.135 80 tcp http open Apache httpd
5877211.13.196.135 88 tcp kerberos-sec filtered
5878211.13.196.135 88 udp kerberos-sec unknown
5879211.13.196.135 113 tcp ident closed
5880211.13.196.135 123 tcp ntp filtered
5881211.13.196.135 123 udp ntp unknown
5882211.13.196.135 137 tcp netbios-ns filtered
5883211.13.196.135 137 udp netbios-ns filtered
5884211.13.196.135 138 tcp netbios-dgm filtered
5885211.13.196.135 138 udp netbios-dgm filtered
5886211.13.196.135 139 tcp netbios-ssn closed
5887211.13.196.135 139 udp netbios-ssn unknown
5888211.13.196.135 161 tcp snmp filtered
5889211.13.196.135 161 udp snmp unknown
5890211.13.196.135 162 tcp snmptrap filtered
5891211.13.196.135 162 udp snmptrap unknown
5892211.13.196.135 389 tcp ldap filtered
5893211.13.196.135 389 udp ldap unknown
5894211.13.196.135 443 tcp ssl/http open Apache httpd
5895211.13.196.135 445 tcp microsoft-ds closed
5896211.13.196.135 520 tcp efs filtered
5897211.13.196.135 520 udp route unknown
5898211.13.196.135 2049 tcp nfs filtered
5899211.13.196.135 2049 udp nfs unknown
5900218.45.5.97 25 tcp smtp closed
5901218.45.5.97 53 tcp domain filtered
5902218.45.5.97 53 udp domain unknown
5903218.45.5.97 67 tcp dhcps filtered
5904218.45.5.97 67 udp dhcps unknown
5905218.45.5.97 68 tcp dhcpc filtered
5906218.45.5.97 68 udp dhcpc unknown
5907218.45.5.97 69 tcp tftp filtered
5908218.45.5.97 69 udp tftp unknown
5909218.45.5.97 80 tcp http open Apache httpd 2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.2.15
5910218.45.5.97 88 tcp kerberos-sec filtered
5911218.45.5.97 88 udp kerberos-sec unknown
5912218.45.5.97 113 tcp ident closed
5913218.45.5.97 123 tcp ntp filtered
5914218.45.5.97 123 udp ntp unknown
5915218.45.5.97 137 tcp netbios-ns filtered
5916218.45.5.97 137 udp netbios-ns filtered
5917218.45.5.97 138 tcp netbios-dgm filtered
5918218.45.5.97 138 udp netbios-dgm filtered
5919218.45.5.97 139 tcp netbios-ssn closed
5920218.45.5.97 139 udp netbios-ssn unknown
5921218.45.5.97 161 tcp snmp filtered
5922218.45.5.97 161 udp snmp unknown
5923218.45.5.97 162 tcp snmptrap filtered
5924218.45.5.97 162 udp snmptrap unknown
5925218.45.5.97 389 tcp ldap filtered
5926218.45.5.97 389 udp ldap unknown
5927218.45.5.97 443 tcp ssl/http open Apache httpd 2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.2.15
5928218.45.5.97 445 tcp microsoft-ds closed
5929218.45.5.97 520 tcp efs filtered
5930218.45.5.97 520 udp route unknown
5931218.45.5.97 2049 tcp nfs filtered
5932218.45.5.97 2049 udp nfs ######################################################################################################################################
5933Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-21 13:05 EST
5934Nmap scan report for ns3152160.ip-151-106-38.eu (151.106.38.107)
5935Host is up (0.18s latency).
5936Not shown: 985 closed ports
5937PORT STATE SERVICE VERSION
593821/tcp open ftp Pure-FTPd
5939| vulscan: VulDB - https://vuldb.com:
5940| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
5941| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
5942| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
5943|
5944| MITRE CVE - https://cve.mitre.org:
5945| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
5946|
5947| SecurityFocus - https://www.securityfocus.com/bid/:
5948| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
5949|
5950| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5951| No findings
5952|
5953| Exploit-DB - https://www.exploit-db.com:
5954| No findings
5955|
5956| OpenVAS (Nessus) - http://www.openvas.org:
5957| No findings
5958|
5959| SecurityTracker - https://www.securitytracker.com:
5960| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
5961| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
5962| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
5963| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
5964|
5965| OSVDB - http://www.osvdb.org:
5966| No findings
5967|_
596822/tcp open ssh OpenSSH 7.4 (protocol 2.0)
5969| vulscan: VulDB - https://vuldb.com:
5970| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
5971| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
5972| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
5973| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
5974| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
5975| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
5976| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
5977| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
5978| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
5979| [94611] OpenSSH up to 7.3 Access Control privilege escalation
5980| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
5981| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
5982| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
5983| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
5984| [90405] OpenSSH up to 7.2p2 sshd information disclosure
5985| [90404] OpenSSH up to 7.2p2 sshd information disclosure
5986| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
5987| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
5988| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
5989| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
5990| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
5991|
5992| MITRE CVE - https://cve.mitre.org:
5993| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
5994| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
5995|
5996| SecurityFocus - https://www.securityfocus.com/bid/:
5997| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
5998| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
5999| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
6000| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
6001| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
6002| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
6003| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
6004| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
6005| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
6006| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
6007| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
6008| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
6009| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
6010| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
6011| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
6012| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
6013| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
6014| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
6015| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
6016| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
6017| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
6018| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
6019| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
6020| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
6021| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
6022| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
6023| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
6024| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
6025| [75990] OpenSSH Login Handling Security Bypass Weakness
6026| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
6027| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
6028| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
6029| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
6030| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
6031| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
6032| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
6033| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
6034| [61286] OpenSSH Remote Denial of Service Vulnerability
6035| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
6036| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
6037| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
6038| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
6039| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
6040| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
6041| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
6042| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
6043| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
6044| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
6045| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
6046| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
6047| [30794] Red Hat OpenSSH Backdoor Vulnerability
6048| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
6049| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
6050| [28531] OpenSSH ForceCommand Command Execution Weakness
6051| [28444] OpenSSH X Connections Session Hijacking Vulnerability
6052| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
6053| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
6054| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
6055| [20956] OpenSSH Privilege Separation Key Signature Weakness
6056| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
6057| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
6058| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
6059| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
6060| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
6061| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
6062| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
6063| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
6064| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
6065| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
6066| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
6067| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
6068| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
6069| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
6070| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
6071| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
6072| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
6073| [6168] OpenSSH Visible Password Vulnerability
6074| [5374] OpenSSH Trojan Horse Vulnerability
6075| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
6076| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
6077| [4241] OpenSSH Channel Code Off-By-One Vulnerability
6078| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
6079| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
6080| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
6081| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
6082| [2917] OpenSSH PAM Session Evasion Vulnerability
6083| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
6084| [2356] OpenSSH Private Key Authentication Check Vulnerability
6085| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
6086| [1334] OpenSSH UseLogin Vulnerability
6087|
6088| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6089| [83258] GSI-OpenSSH auth-pam.c security bypass
6090| [82781] OpenSSH time limit denial of service
6091| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
6092| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
6093| [72756] Debian openssh-server commands information disclosure
6094| [68339] OpenSSH pam_thread buffer overflow
6095| [67264] OpenSSH ssh-keysign unauthorized access
6096| [65910] OpenSSH remote_glob function denial of service
6097| [65163] OpenSSH certificate information disclosure
6098| [64387] OpenSSH J-PAKE security bypass
6099| [63337] Cisco Unified Videoconferencing OpenSSH weak security
6100| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
6101| [45202] OpenSSH signal handler denial of service
6102| [44747] RHEL OpenSSH backdoor
6103| [44280] OpenSSH PermitRootLogin information disclosure
6104| [44279] OpenSSH sshd weak security
6105| [44037] OpenSSH sshd SELinux role unauthorized access
6106| [43940] OpenSSH X11 forwarding information disclosure
6107| [41549] OpenSSH ForceCommand directive security bypass
6108| [41438] OpenSSH sshd session hijacking
6109| [40897] OpenSSH known_hosts weak security
6110| [40587] OpenSSH username weak security
6111| [37371] OpenSSH username data manipulation
6112| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
6113| [37112] RHSA update for OpenSSH signal handler race condition not installed
6114| [37107] RHSA update for OpenSSH identical block denial of service not installed
6115| [36637] OpenSSH X11 cookie privilege escalation
6116| [35167] OpenSSH packet.c newkeys[mode] denial of service
6117| [34490] OpenSSH OPIE information disclosure
6118| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
6119| [32975] Apple Mac OS X OpenSSH denial of service
6120| [32387] RHSA-2006:0738 updates for openssh not installed
6121| [32359] RHSA-2006:0697 updates for openssh not installed
6122| [32230] RHSA-2006:0298 updates for openssh not installed
6123| [32132] RHSA-2006:0044 updates for openssh not installed
6124| [30120] OpenSSH privilege separation monitor authentication verification weakness
6125| [29255] OpenSSH GSSAPI user enumeration
6126| [29254] OpenSSH signal handler race condition
6127| [29158] OpenSSH identical block denial of service
6128| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
6129| [25116] OpenSSH OpenPAM denial of service
6130| [24305] OpenSSH SCP shell expansion command execution
6131| [22665] RHSA-2005:106 updates for openssh not installed
6132| [22117] OpenSSH GSSAPI allows elevated privileges
6133| [22115] OpenSSH GatewayPorts security bypass
6134| [20930] OpenSSH sshd.c LoginGraceTime denial of service
6135| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
6136| [17213] OpenSSH allows port bouncing attacks
6137| [16323] OpenSSH scp file overwrite
6138| [13797] OpenSSH PAM information leak
6139| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
6140| [13264] OpenSSH PAM code could allow an attacker to gain access
6141| [13215] OpenSSH buffer management errors could allow an attacker to execute code
6142| [13214] OpenSSH memory vulnerabilities
6143| [13191] OpenSSH large packet buffer overflow
6144| [12196] OpenSSH could allow an attacker to bypass login restrictions
6145| [11970] OpenSSH could allow an attacker to obtain valid administrative account
6146| [11902] OpenSSH PAM support enabled information leak
6147| [9803] OpenSSH "
6148| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
6149| [9307] OpenSSH is running on the system
6150| [9169] OpenSSH "
6151| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
6152| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
6153| [8383] OpenSSH off-by-one error in channel code
6154| [7647] OpenSSH UseLogin option arbitrary code execution
6155| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
6156| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
6157| [7179] OpenSSH source IP access control bypass
6158| [6757] OpenSSH "
6159| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
6160| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
6161| [5517] OpenSSH allows unauthorized access to resources
6162| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
6163|
6164| Exploit-DB - https://www.exploit-db.com:
6165| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
6166| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
6167| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
6168| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
6169| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
6170| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
6171| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
6172| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
6173| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
6174| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
6175| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
6176| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
6177| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
6178| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
6179|
6180| OpenVAS (Nessus) - http://www.openvas.org:
6181| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
6182| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
6183| [881183] CentOS Update for openssh CESA-2012:0884 centos6
6184| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
6185| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
6186| [870763] RedHat Update for openssh RHSA-2012:0884-04
6187| [870129] RedHat Update for openssh RHSA-2008:0855-01
6188| [861813] Fedora Update for openssh FEDORA-2010-5429
6189| [861319] Fedora Update for openssh FEDORA-2007-395
6190| [861170] Fedora Update for openssh FEDORA-2007-394
6191| [861012] Fedora Update for openssh FEDORA-2007-715
6192| [840345] Ubuntu Update for openssh vulnerability USN-597-1
6193| [840300] Ubuntu Update for openssh update USN-612-5
6194| [840271] Ubuntu Update for openssh vulnerability USN-612-2
6195| [840268] Ubuntu Update for openssh update USN-612-7
6196| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
6197| [840214] Ubuntu Update for openssh vulnerability USN-566-1
6198| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
6199| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
6200| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
6201| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
6202| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
6203| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
6204| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
6205| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
6206| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
6207| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
6208| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
6209| [100584] OpenSSH X Connections Session Hijacking Vulnerability
6210| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
6211| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
6212| [65987] SLES10: Security update for OpenSSH
6213| [65819] SLES10: Security update for OpenSSH
6214| [65514] SLES9: Security update for OpenSSH
6215| [65513] SLES9: Security update for OpenSSH
6216| [65334] SLES9: Security update for OpenSSH
6217| [65248] SLES9: Security update for OpenSSH
6218| [65218] SLES9: Security update for OpenSSH
6219| [65169] SLES9: Security update for openssh,openssh-askpass
6220| [65126] SLES9: Security update for OpenSSH
6221| [65019] SLES9: Security update for OpenSSH
6222| [65015] SLES9: Security update for OpenSSH
6223| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
6224| [61639] Debian Security Advisory DSA 1638-1 (openssh)
6225| [61030] Debian Security Advisory DSA 1576-2 (openssh)
6226| [61029] Debian Security Advisory DSA 1576-1 (openssh)
6227| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
6228| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
6229| [60667] Slackware Advisory SSA:2008-095-01 openssh
6230| [59014] Slackware Advisory SSA:2007-255-01 openssh
6231| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
6232| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
6233| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
6234| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
6235| [57492] Slackware Advisory SSA:2006-272-02 openssh
6236| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
6237| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
6238| [57470] FreeBSD Ports: openssh
6239| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
6240| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
6241| [56294] Slackware Advisory SSA:2006-045-06 openssh
6242| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
6243| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
6244| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
6245| [53788] Debian Security Advisory DSA 025-1 (openssh)
6246| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
6247| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
6248| [11343] OpenSSH Client Unauthorized Remote Forwarding
6249| [10954] OpenSSH AFS/Kerberos ticket/token passing
6250| [10883] OpenSSH Channel Code Off by 1
6251| [10823] OpenSSH UseLogin Environment Variables
6252|
6253| SecurityTracker - https://www.securitytracker.com:
6254| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
6255| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
6256| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
6257| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
6258| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
6259| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
6260| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
6261| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
6262| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
6263| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
6264| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
6265| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
6266| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
6267| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
6268| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
6269| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
6270| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
6271| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
6272| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
6273| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
6274| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
6275| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
6276| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
6277| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
6278| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
6279| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
6280| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
6281| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
6282| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
6283| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
6284| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
6285| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
6286| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
6287| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
6288| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
6289| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
6290| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
6291| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
6292|
6293| OSVDB - http://www.osvdb.org:
6294| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
6295| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
6296| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
6297| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
6298| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
6299| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
6300| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
6301| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
6302| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
6303| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
6304| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
6305| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
6306| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
6307| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
6308| [56921] OpenSSH Unspecified Remote Compromise
6309| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
6310| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
6311| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
6312| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
6313| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
6314| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
6315| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
6316| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
6317| [43745] OpenSSH X11 Forwarding Local Session Hijacking
6318| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
6319| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
6320| [37315] pam_usb OpenSSH Authentication Unspecified Issue
6321| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
6322| [34601] OPIE w/ OpenSSH Account Enumeration
6323| [34600] OpenSSH S/KEY Authentication Account Enumeration
6324| [32721] OpenSSH Username Password Complexity Account Enumeration
6325| [30232] OpenSSH Privilege Separation Monitor Weakness
6326| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
6327| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
6328| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
6329| [29152] OpenSSH Identical Block Packet DoS
6330| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
6331| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
6332| [22692] OpenSSH scp Command Line Filename Processing Command Injection
6333| [20216] OpenSSH with KerberosV Remote Authentication Bypass
6334| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
6335| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
6336| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
6337| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
6338| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
6339| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
6340| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
6341| [6601] OpenSSH *realloc() Unspecified Memory Errors
6342| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
6343| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
6344| [6072] OpenSSH PAM Conversation Function Stack Modification
6345| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
6346| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
6347| [5408] OpenSSH echo simulation Information Disclosure
6348| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
6349| [4536] OpenSSH Portable AIX linker Privilege Escalation
6350| [3938] OpenSSL and OpenSSH /dev/random Check Failure
6351| [3456] OpenSSH buffer_append_space() Heap Corruption
6352| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
6353| [2140] OpenSSH w/ PAM Username Validity Timing Attack
6354| [2112] OpenSSH Reverse DNS Lookup Bypass
6355| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
6356| [1853] OpenSSH Symbolic Link 'cookies' File Removal
6357| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
6358| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
6359| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
6360| [688] OpenSSH UseLogin Environment Variable Local Command Execution
6361| [642] OpenSSH Multiple Key Type ACL Bypass
6362| [504] OpenSSH SSHv2 Public Key Authentication Bypass
6363| [341] OpenSSH UseLogin Local Privilege Escalation
6364|_
636525/tcp open smtp?
636653/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
6367| vulscan: VulDB - https://vuldb.com:
6368| [129818] ISC BIND up to 9.11.4/9.12.2 DDNS privilege escalation
6369| [129803] ISC BIND up to 9.11.1 Response Policy Zone Query Loop denial of service
6370| [129802] ISC BIND up to 9.11.0-P1 nxdomain-redirect Query Assertion denial of service
6371| [102965] ISC BIND up to 9.11.1-P1 TSIG weak authentication
6372| [102964] ISC BIND up to 9.11.1-P1 TSIG weak authentication
6373| [99868] ISC BIND up to 9.11.1rc2 Control Channel Crash denial of service
6374| [99867] ISC BIND up to 9.11.1rc1 DNS64 State Crash denial of service
6375| [99866] ISC BIND up to 9.11.1rc1 CNAME/DNAME Crash denial of service
6376| [96827] ISC BIND up to 9.11.1b1 RPZ/DNS64 State Error NULL Pointer Dereference denial of service
6377|
6378| MITRE CVE - https://cve.mitre.org:
6379| [CVE-2007-0494] ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
6380| [CVE-2013-4869] Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
6381| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
6382| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
6383| [CVE-2013-3434] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
6384| [CVE-2013-3433] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
6385| [CVE-2013-3412] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
6386| [CVE-2013-3404] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
6387| [CVE-2013-3403] Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
6388| [CVE-2013-3402] An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
6389| [CVE-2013-3382] The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
6390| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
6391| [CVE-2013-1150] The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.
6392| [CVE-2013-1139] The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
6393| [CVE-2013-1137] Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
6394| [CVE-2013-1134] The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
6395| [CVE-2013-0149] The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
6396| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
6397| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
6398| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
6399| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
6400| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
6401| [CVE-2012-3817] ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2
6402| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
6403| [CVE-2012-1328] Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
6404| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
6405| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
6406| [CVE-2011-5184] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover
6407| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
6408| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
6409| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
6410| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
6411| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
6412| [CVE-2011-0414] ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
6413| [CVE-2010-3762] ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.
6414| [CVE-2010-3615] named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
6415| [CVE-2010-3614] named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
6416| [CVE-2010-3613] named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
6417| [CVE-2010-0382] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
6418| [CVE-2010-0290] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
6419| [CVE-2010-0218] ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
6420| [CVE-2010-0097] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
6421| [CVE-2009-4022] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
6422| [CVE-2009-2028] Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
6423| [CVE-2009-1905] The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
6424| [CVE-2009-0696] The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
6425| [CVE-2009-0265] Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
6426| [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
6427| [CVE-2008-0122] Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
6428| [CVE-2007-2926] ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
6429| [CVE-2007-2925] The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
6430| [CVE-2007-2241] Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
6431| [CVE-2007-0493] Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
6432| [CVE-2002-2037] The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
6433| [CVE-2002-0400] ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
6434| [CVE-2001-0497] dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
6435| [CVE-2000-0855] SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline.
6436| [CVE-2000-0368] Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
6437| [CVE-1999-1466] Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
6438| [CVE-1999-1306] Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
6439| [CVE-1999-1216] Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
6440|
6441| SecurityFocus - https://www.securityfocus.com/bid/:
6442| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
6443| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
6444| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
6445| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
6446| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
6447| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
6448| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
6449| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
6450| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
6451| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
6452| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
6453| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
6454| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
6455| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
6456| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
6457| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
6458| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
6459| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
6460| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
6461| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
6462| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
6463| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
6464| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
6465| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
6466| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
6467| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
6468| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
6469| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
6470| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
6471| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
6472| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
6473| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
6474| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
6475| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
6476| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
6477| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
6478| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
6479| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
6480| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
6481| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
6482| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
6483| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
6484| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
6485| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
6486| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
6487| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
6488| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
6489| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
6490| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
6491| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
6492| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
6493| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
6494| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
6495| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
6496| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
6497| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
6498| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
6499| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
6500| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
6501| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
6502| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
6503| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
6504| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
6505| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
6506| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
6507| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
6508| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
6509| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
6510| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
6511| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
6512| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
6513| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
6514| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
6515| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
6516|
6517| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6518| [85799] Cisco Unified IP Phones 9900 Series directory traversal
6519| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
6520| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
6521| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
6522| [9250] BIND 9 dns_message_findtype() denial of service
6523| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
6524| [539] Microsoft Windows 95 and Internet Explorer password disclosure
6525| [86004] ISC BIND RDATA denial of service
6526| [84767] ISC BIND denial of service
6527| [83066] ISC BIND denial of service
6528| [81504] ISC BIND AAAA denial of service
6529| [80510] ISC BIND DNS64 denial of service
6530| [79121] ISC BIND queries denial of service
6531| [78479] ISC BIND RDATA denial of service
6532| [77185] ISC BIND TCP queries denial of service
6533| [77184] ISC BIND bad cache denial of service
6534| [76034] ISC BIND rdata denial of service
6535| [73053] ISC BIND cache update policy security bypass
6536| [71332] ISC BIND recursive queries denial of service
6537| [68375] ISC BIND UPDATE denial of service
6538| [68374] ISC BIND Response Policy Zones denial of service
6539| [67665] ISC BIND RRSIG Rrsets denial of service
6540| [67297] ISC BIND RRSIG denial of service
6541| [65554] ISC BIND IXFR transfer denial of service
6542| [63602] ISC BIND allow-query security bypass
6543| [63596] ISC BIND zone data security bypass
6544| [63595] ISC BIND RRSIG denial of service
6545| [62072] ISC BIND DNSSEC query denial of service
6546| [62071] ISC BIND ACL security bypass
6547| [61871] ISC BIND anchors denial of service
6548| [60421] ISC BIND RRSIG denial of service
6549| [56049] ISC BIND out-of-bailiwick weak security
6550| [55937] ISC Bind unspecified cache poisoning
6551| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
6552| [54416] ISC BIND DNSSEC cache poisoning
6553| [52073] ISC BIND dns_db_findrdataset() denial of service
6554| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
6555| [45234] ISC BIND UDP denial of service
6556| [39670] ISC BIND inet_network buffer overflow
6557| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
6558| [37128] RHSA update for ISC BIND RRset denial of service not installed
6559| [37127] RHSA update for ISC BIND named service denial of service not installed
6560| [36275] ISC BIND DNS query spoofing
6561| [35575] ISC BIND query ID cache poisoning
6562| [35571] ISC BIND ACL security bypass
6563| [31838] ISC BIND RRset denial of service
6564| [31799] ISC BIND named service denial of service
6565| [29876] HP Tru64 ypbind core dump information disclosure
6566| [28745] ISC BIND DNSSEC RRset denial of service
6567| [28744] ISC BIND recursive INSIST denial of service
6568| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
6569| [18836] BIND hostname disclosure
6570| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
6571| [10333] ISC BIND SIG null pointer dereference denial of service
6572| [10332] ISC BIND OPT resource record (RR) denial of service
6573| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
6574| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
6575| [5814] ISC BIND "
6576| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
6577| [5462] ISC BIND AXFR host command remote buffer overflow
6578|
6579| Exploit-DB - https://www.exploit-db.com:
6580| [25305] ColdFusion 9-10 - Credential Disclosure Exploit
6581| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
6582| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
6583| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
6584| [21812] MS Word 95/97/98/2000/2002 INCLUDEPICTURE Document Sharing File Disclosure
6585| [21764] MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure
6586| [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure
6587| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
6588| [13448] linux/x86 portbind port 5074 92 bytes
6589| [13388] linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes
6590| [13360] linux/x86 setuid/portbind shellcode 96 bytes
6591| [13245] bsd/x86 setuid/portbind shellcode 94 bytes
6592| [10638] Web Wiz Forums 9.64 - Database Disclosure Vulnerability
6593| [6775] Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS Exploit
6594| [6236] BIND 9.5.0-P2 (randomized ports) Remote DNS Cache Poisoning Exploit
6595| [6130] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
6596| [6123] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
6597| [6122] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
6598| [4292] Diskeeper 9 Remote Memory Disclosure Exploit
6599| [4266] BIND 9 0.3beta - DNS Cache Poisoning Exploit
6600|
6601| OpenVAS (Nessus) - http://www.openvas.org:
6602| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
6603| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
6604| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
6605| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
6606| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
6607| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
6608| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
6609| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
6610| [11226] Oracle 9iAS default error information disclosure
6611|
6612| SecurityTracker - https://www.securitytracker.com:
6613| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
6614| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
6615| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
6616| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
6617| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
6618| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6619| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6620| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6621| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6622| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6623| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6624| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6625| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6626| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
6627| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
6628| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
6629| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
6630| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
6631| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
6632| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
6633| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
6634| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
6635| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
6636| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
6637| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
6638| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
6639|
6640| OSVDB - http://www.osvdb.org:
6641| [95373] Cisco Unified IP Phones 9900 Series Serviceability Servlet Path Value Handling Arbitrary File Access
6642| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
6643| [76009] Cisco IOS DLSw FST IP Protocol 91 Packet Memory Leak Remote DoS
6644| [73985] Cisco ASR 9000 Series Line Card IPv4 Packet Parsing Remote DoS
6645| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
6646| [34520] Cisco Linksys Multiple Router UDP 916 Remote Information Disclosure
6647| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
6648| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
6649| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
6650| [18220] Oracle 9iAS httpd.confg /perl Location Alias Arbitrary CGI File Script Disclosure
6651| [18218] Oracle 9iAS echo2 Sample Application Information Disclosure
6652| [18217] Oracle 9iAS echo Sample Application Information Disclosure
6653| [18216] Oracle 9iAS printenv Sample Application Information Disclosure
6654| [18215] Oracle 9iAS info.jsp Sample Application Information Disclosure
6655| [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure
6656| [3108] Microsoft Office 98 Macintosh Information Disclosure
6657| [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
6658| [665] Microsoft Windows 95 Online Registration Information Disclosure
6659| [95707] ISC BIND rdata.c RFC 5011 Implementation Malformed RDATA Section Handling Remote DoS
6660| [93913] ISC BIND Recursive Resolver resolver.c Malformed Zone Query Handling Remote DoS
6661| [91712] ISC BIND Crafted Regular Expression Handling Memory Exhaustion Remote DoS
6662| [89584] ISC BIND DNS64 Nameserver Response Policy Zone (RPZ) AAAA Record Query Remapping Remote DoS
6663| [89401] Foswiki LocalSite.cfg LDAP BindPassword Plaintext Local Disclosure
6664| [88126] ISC BIND DNS64 IPv6 Transition Mechanism DNS Query Parsing Remote DoS
6665| [86118] ISC BIND Nameserver RDATA Record Query Parsing Remote DoS
6666| [85417] ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS
6667| [84229] ISC BIND Memory Leak TCP Query Parsing ns_client Object Out-of-memory Remote DoS
6668| [84228] ISC BIND Query Handling Bad Cache Data Structure Assertion Remote DoS
6669| [82609] ISC BIND named DNS Resource Record Zero Length Rdata Handling Remote Information Disclosure
6670| [78916] ISC BIND Cache Update Policy Deleted Domain Name Resolving Weakness
6671| [77159] ISC BIND Recursive Query Parsing Remote DoS
6672| [73605] ISC BIND UPDATE Request Parsing Remote DoS
6673| [73604] ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS
6674| [72540] ISC BIND Caching Resolver Large RRSIG RRsets Negative Caching Remote DoS
6675| [72539] ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS
6676| [72172] ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS
6677| [69568] ISC BIND named allow-query ACL Restriction Bypass
6678| [69559] ISC BIND named Key Algorithm Rollover Weakness
6679| [69558] ISC BIND named RRSIG Negative Caching DoS
6680| [68271] ISC BIND DNSSEC Query Validation Response Signature Handling Remote DoS
6681| [68270] ISC BIND ACL Application Weakness Cache Recursion Access Restriction Bypass
6682| [66395] ISC BIND RRSIG Requests Infinite Loop DoS
6683| [63373] Apple Mac OS X Server Admin Authenticated Directory Binding Handling Unspecified Open Directory Information Disclosure
6684| [62008] ISC BIND Secure Response Refetch Weakness Unspecified Issue
6685| [62007] ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning
6686| [61853] ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning
6687| [60493] ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning
6688| [59272] ISC BIND named Multiple Symlink Arbitrary File Overwrite
6689| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6690| [57060] ISC BIND DNS Message Malformed TSIG Remote DoS
6691| [56584] ISC BIND Dynamic Update Message Handling Remote DoS
6692| [56411] GNU wget DNS Rebinding Information Disclosure Weakness
6693| [53115] ISC BIND EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
6694| [48243] ISC BIND for Windows UDP Client Handler Remote DoS
6695| [46776] ISC BIND DNS Query ID Field Prediction Cache Poisoning
6696| [42655] ISC BIND on Red Hat Linux /etc/rndc.key Insecure File Permission Local named Manipulation
6697| [41211] ISC BIND libbind inet_network() Function Off-By-One Memory Corruption
6698| [40935] ISC BIND on SUSE Linux Enterprise Server libgssapi named GSS-TSIG Request Remote DoS
6699| [37301] ISC BIND Signed Zone Signature Verification Remote DoS
6700| [36796] ISC BIND Outgoing Query Predictable DNS Query ID
6701| [36236] ISC BIND allow-query-cache/allow-recursion ACL Bypass
6702| [36235] ISC BIND Predictable DNS Query IDs Cache Poisoning
6703| [34753] ISC BIND stub Resolver libbind Crafted Query Remote DoS
6704| [34752] ISC BIND so_linger Remote DoS
6705| [34751] ISC BIND Malformed SIG Record Remote DoS
6706| [34750] ISC BIND Malformed NAPTR Record Local DoS
6707| [34749] ISC BIND named maxdname DoS
6708| [34748] ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS
6709| [31923] ISC BIND Crafted ANY Request Response Multiple RRsets DoS
6710| [31922] ISC BIND Unspecified Freed Fetch Context Dereference DoS
6711| [28558] ISC BIND Recursive Query Saturation DoS
6712| [28557] ISC BIND SIG Query Multiple RRsets Response DoS
6713| [25895] ISC BIND Cached Recursive Query DoS
6714| [24263] Samba winbindd Debug Log Server Credentials Local Disclosure
6715| [21353] BindView NetInventory HOSTCFG._NI Deletion Cleartext Password Disclosure
6716| [14878] ISC BIND rdataset Parameter Malformed DNS Packet DoS
6717| [14877] ISC BIND stub Resolver Libraries Malformed DNS Response DoS
6718| [14795] ISC BIND TSIG Handling Code Remote Overflow
6719| [14432] ISC BIND Multiple DNS Resolver Functions Remote Overflow
6720| [13752] ISC BIND host Command AXFR Response Remote Overflow
6721| [13176] ISC BIND q_usedns Array Remote Overflow DoS
6722| [13175] ISC BIND dnssec authvalidated Crafted Packet Remote DoS
6723| [9736] ISC BIND fdmax File Descriptor Consumption DoS
6724| [9735] ISC BIND -DALLOW_UPDATES Option Remote Record Modification
6725| [9734] ISC BIND CNAME Record Zone Transfer DoS
6726| [9733] ISC BIND Malformed DNS Message DoS
6727| [9725] ISC BIND SIG RR Elements Invalid Expirty Times DoS
6728| [9724] ISC BIND OPT Resource Record Large UDP Payload DoS
6729| [9723] Multiple Vendor LDAP Server NULL Bind Connection Information Disclosure
6730| [8330] ISC BIND DNS stub resolver (libresolv.a) DNS Response Overflow
6731| [7990] ISC BIND gethostbyname() DNS Handling Remote Overflow
6732| [5828] ISC BIND named SRV Remote DoS
6733| [5609] ISC BIND dnskeygen HMAC-MD5 Shared Secret Key File Disclosure
6734| [2866] ISC BIND Negative Record Cache Poisoning
6735| [1751] ISC BIND Environment Variable Information Disclosure
6736| [1747] ISC BIND 4 nslookupComplain() Remote Format String
6737| [1746] ISC BIND 4 nslookupComplain() Remote Overflow
6738| [913] ISC BIND Inverse-Query Remote Overflow
6739| [869] ISC BIND named SIG Resource Server Response RR Overflow
6740| [448] ISC BIND Compressed ZXFR Name Service Query Remote DoS
6741| [438] ISC BIND Predictable Query ID DNS Cache Poisoning
6742| [24] ISC BIND NXT Record Overflow
6743|_
674480/tcp open http Apache httpd
6745|_http-server-header: Apache
6746| vulscan: VulDB - https://vuldb.com:
6747| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
6748| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
6749| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
6750| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
6751| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
6752| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
6753| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
6754| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
6755| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
6756| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
6757| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
6758| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
6759| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
6760| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
6761| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
6762| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
6763| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
6764| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
6765| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
6766| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
6767| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
6768| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
6769| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
6770| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
6771| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
6772| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
6773| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
6774| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
6775| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
6776| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
6777| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
6778| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
6779| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6780| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6781| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
6782| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
6783| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
6784| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
6785| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
6786| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
6787| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6788| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6789| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
6790| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
6791| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
6792| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6793| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6794| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
6795| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
6796| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6797| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6798| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
6799| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
6800| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
6801| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
6802| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
6803| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
6804| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
6805| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
6806| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
6807| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
6808| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6809| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6810| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
6811| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
6812| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6813| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
6814| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
6815| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
6816| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
6817| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
6818| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
6819| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
6820| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
6821| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
6822| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
6823| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
6824| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
6825| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
6826| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
6827| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
6828| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
6829| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
6830| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
6831| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
6832| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
6833| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
6834| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
6835| [136370] Apache Fineract up to 1.2.x sql injection
6836| [136369] Apache Fineract up to 1.2.x sql injection
6837| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
6838| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
6839| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
6840| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
6841| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
6842| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
6843| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
6844| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
6845| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
6846| [134416] Apache Sanselan 0.97-incubator Loop denial of service
6847| [134415] Apache Sanselan 0.97-incubator Hang denial of service
6848| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
6849| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
6850| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
6851| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
6852| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
6853| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
6854| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
6855| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
6856| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
6857| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
6858| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
6859| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
6860| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
6861| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
6862| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
6863| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
6864| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
6865| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
6866| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
6867| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
6868| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
6869| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
6870| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
6871| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
6872| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
6873| [131859] Apache Hadoop up to 2.9.1 privilege escalation
6874| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
6875| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
6876| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
6877| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
6878| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
6879| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
6880| [130629] Apache Guacamole Cookie Flag weak encryption
6881| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
6882| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
6883| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
6884| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
6885| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
6886| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
6887| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
6888| [130123] Apache Airflow up to 1.8.2 information disclosure
6889| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
6890| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
6891| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
6892| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
6893| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
6894| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
6895| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
6896| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
6897| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
6898| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
6899| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
6900| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
6901| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
6902| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
6903| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
6904| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
6905| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
6906| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
6907| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6908| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
6909| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6910| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
6911| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
6912| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
6913| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
6914| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
6915| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
6916| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
6917| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
6918| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
6919| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
6920| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
6921| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
6922| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
6923| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
6924| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
6925| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
6926| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
6927| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
6928| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
6929| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
6930| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
6931| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
6932| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
6933| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
6934| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
6935| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
6936| [127007] Apache Spark Request Code Execution
6937| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
6938| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
6939| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
6940| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
6941| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
6942| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
6943| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
6944| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
6945| [126346] Apache Tomcat Path privilege escalation
6946| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
6947| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
6948| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
6949| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
6950| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
6951| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
6952| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
6953| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
6954| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
6955| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
6956| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
6957| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
6958| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
6959| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
6960| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
6961| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
6962| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
6963| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
6964| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
6965| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
6966| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
6967| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
6968| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
6969| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
6970| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
6971| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
6972| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
6973| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
6974| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
6975| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
6976| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
6977| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
6978| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
6979| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
6980| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
6981| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
6982| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
6983| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
6984| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
6985| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
6986| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
6987| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
6988| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
6989| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
6990| [123197] Apache Sentry up to 2.0.0 privilege escalation
6991| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
6992| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
6993| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
6994| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
6995| [122800] Apache Spark 1.3.0 REST API weak authentication
6996| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
6997| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
6998| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
6999| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7000| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7001| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7002| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7003| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7004| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7005| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7006| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7007| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7008| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7009| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7010| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7011| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7012| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7013| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7014| [121354] Apache CouchDB HTTP API Code Execution
7015| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7016| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7017| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7018| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7019| [120168] Apache CXF weak authentication
7020| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7021| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7022| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7023| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7024| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7025| [119306] Apache MXNet Network Interface privilege escalation
7026| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7027| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7028| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7029| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7030| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7031| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7032| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7033| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7034| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7035| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7036| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7037| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7038| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7039| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7040| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7041| [117115] Apache Tika up to 1.17 tika-server command injection
7042| [116929] Apache Fineract getReportType Parameter privilege escalation
7043| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7044| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7045| [116926] Apache Fineract REST Parameter privilege escalation
7046| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7047| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7048| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7049| [115883] Apache Hive up to 2.3.2 privilege escalation
7050| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7051| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7052| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7053| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7054| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7055| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7056| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7057| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7058| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7059| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7060| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7061| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7062| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7063| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7064| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7065| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7066| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7067| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7068| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7069| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7070| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7071| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7072| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7073| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7074| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7075| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7076| [113895] Apache Geode up to 1.3.x Code Execution
7077| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7078| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7079| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7080| [113747] Apache Tomcat Servlets privilege escalation
7081| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7082| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7083| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7084| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7085| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7086| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7087| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7088| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7089| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7090| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7091| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7092| [112885] Apache Allura up to 1.8.0 File information disclosure
7093| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7094| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7095| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7096| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7097| [112625] Apache POI up to 3.16 Loop denial of service
7098| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7099| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7100| [112339] Apache NiFi 1.5.0 Header privilege escalation
7101| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7102| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7103| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7104| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7105| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7106| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7107| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7108| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7109| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7110| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7111| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7112| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7113| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7114| [112114] Oracle 9.1 Apache Log4j privilege escalation
7115| [112113] Oracle 9.1 Apache Log4j privilege escalation
7116| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7117| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7118| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7119| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7120| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7121| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7122| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7123| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7124| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7125| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7126| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7127| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7128| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7129| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7130| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7131| [110701] Apache Fineract Query Parameter sql injection
7132| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7133| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7134| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7135| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7136| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7137| [110106] Apache CXF Fediz Spring cross site request forgery
7138| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7139| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7140| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7141| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7142| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7143| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7144| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7145| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7146| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7147| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7148| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7149| [108938] Apple macOS up to 10.13.1 apache denial of service
7150| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7151| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7152| [108935] Apple macOS up to 10.13.1 apache denial of service
7153| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7154| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7155| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7156| [108931] Apple macOS up to 10.13.1 apache denial of service
7157| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7158| [108929] Apple macOS up to 10.13.1 apache denial of service
7159| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7160| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7161| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7162| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7163| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7164| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7165| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7166| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7167| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7168| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7169| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7170| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7171| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7172| [108782] Apache Xerces2 XML Service denial of service
7173| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7174| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7175| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7176| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7177| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7178| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7179| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7180| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7181| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7182| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7183| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7184| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7185| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7186| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7187| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7188| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7189| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7190| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7191| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7192| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7193| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7194| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7195| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7196| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7197| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7198| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7199| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7200| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7201| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7202| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7203| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7204| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7205| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7206| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7207| [107639] Apache NiFi 1.4.0 XML External Entity
7208| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7209| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7210| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7211| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7212| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7213| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7214| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7215| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7216| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7217| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7218| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7219| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7220| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7221| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7222| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7223| [107084] Apache Struts up to 2.3.19 cross site scripting
7224| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7225| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7226| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7227| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7228| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7229| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7230| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7231| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7232| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7233| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7234| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7235| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7236| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7237| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7238| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7239| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7240| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7241| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7242| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7243| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7244| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7245| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7246| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7247| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7248| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7249| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7250| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7251| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7252| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7253| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7254| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7255| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7256| [105643] Apache Pony Mail up to 0.8b weak authentication
7257| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7258| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7259| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7260| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7261| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7262| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7263| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7264| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7265| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7266| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7267| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7268| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7269| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7270| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7271| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7272| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7273| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7274| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7275| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7276| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7277| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7278| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7279| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7280| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7281| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7282| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7283| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7284| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7285| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7286| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7287| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7288| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7289| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7290| [103690] Apache OpenMeetings 1.0.0 sql injection
7291| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7292| [103688] Apache OpenMeetings 1.0.0 weak encryption
7293| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7294| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7295| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7296| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7297| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7298| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7299| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7300| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7301| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7302| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7303| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7304| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7305| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7306| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7307| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7308| [103352] Apache Solr Node weak authentication
7309| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7310| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7311| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7312| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7313| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7314| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7315| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7316| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7317| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7318| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7319| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7320| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7321| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7322| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7323| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7324| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7325| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7326| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7327| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7328| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7329| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7330| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7331| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7332| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7333| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7334| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7335| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7336| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7337| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7338| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7339| [99937] Apache Batik up to 1.8 privilege escalation
7340| [99936] Apache FOP up to 2.1 privilege escalation
7341| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7342| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7343| [99930] Apache Traffic Server up to 6.2.0 denial of service
7344| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7345| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7346| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7347| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7348| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7349| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7350| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7351| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7352| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7353| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7354| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7355| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7356| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7357| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7358| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7359| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7360| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7361| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7362| [98605] Apple macOS up to 10.12.3 Apache denial of service
7363| [98604] Apple macOS up to 10.12.3 Apache denial of service
7364| [98603] Apple macOS up to 10.12.3 Apache denial of service
7365| [98602] Apple macOS up to 10.12.3 Apache denial of service
7366| [98601] Apple macOS up to 10.12.3 Apache denial of service
7367| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7368| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7369| [98199] Apache Camel Validation XML External Entity
7370| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7371| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7372| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7373| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7374| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7375| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7376| [97081] Apache Tomcat HTTPS Request denial of service
7377| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7378| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7379| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7380| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7381| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7382| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7383| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7384| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7385| [95311] Apache Storm UI Daemon privilege escalation
7386| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7387| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7388| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7389| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7390| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7391| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7392| [94540] Apache Tika 1.9 tika-server File information disclosure
7393| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7394| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7395| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7396| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7397| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7398| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7399| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7400| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7401| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7402| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7403| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7404| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7405| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7406| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7407| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7408| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7409| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7410| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7411| [93532] Apache Commons Collections Library Java privilege escalation
7412| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7413| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7414| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7415| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7416| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7417| [93098] Apache Commons FileUpload privilege escalation
7418| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7419| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7420| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7421| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7422| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7423| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7424| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7425| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7426| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7427| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7428| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7429| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7430| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7431| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7432| [92549] Apache Tomcat on Red Hat privilege escalation
7433| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7434| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7435| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7436| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7437| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7438| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7439| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7440| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7441| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7442| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7443| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7444| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7445| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7446| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7447| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7448| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7449| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7450| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7451| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7452| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7453| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7454| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7455| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7456| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7457| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7458| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7459| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7460| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7461| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7462| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7463| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7464| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7465| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7466| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7467| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7468| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7469| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7470| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7471| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7472| [90263] Apache Archiva Header denial of service
7473| [90262] Apache Archiva Deserialize privilege escalation
7474| [90261] Apache Archiva XML DTD Connection privilege escalation
7475| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7476| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7477| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7478| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7479| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7480| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7481| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7482| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7483| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7484| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7485| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7486| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7487| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7488| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7489| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7490| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7491| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7492| [87765] Apache James Server 2.3.2 Command privilege escalation
7493| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7494| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7495| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7496| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7497| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7498| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7499| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7500| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7501| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7502| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7503| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7504| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7505| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7506| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7507| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7508| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7509| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7510| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
7511| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7512| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7513| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7514| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7515| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7516| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7517| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7518| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7519| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7520| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7521| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7522| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7523| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7524| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7525| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7526| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7527| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7528| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7529| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7530| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7531| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7532| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7533| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7534| [82076] Apache Ranger up to 0.5.1 privilege escalation
7535| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7536| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7537| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7538| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7539| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7540| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7541| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7542| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7543| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7544| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7545| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7546| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7547| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7548| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7549| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7550| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7551| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7552| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7553| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7554| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7555| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7556| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7557| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7558| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7559| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7560| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7561| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7562| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7563| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7564| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7565| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7566| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7567| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7568| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7569| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7570| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7571| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7572| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
7573| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
7574| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
7575| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
7576| [79791] Cisco Products Apache Commons Collections Library privilege escalation
7577| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7578| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7579| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
7580| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
7581| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
7582| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
7583| [78989] Apache Ambari up to 2.1.1 Open Redirect
7584| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
7585| [78987] Apache Ambari up to 2.0.x cross site scripting
7586| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
7587| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7588| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7589| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7590| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7591| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7592| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7593| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7594| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
7595| [77406] Apache Flex BlazeDS AMF Message XML External Entity
7596| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
7597| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
7598| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
7599| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
7600| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
7601| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
7602| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
7603| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7604| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7605| [76567] Apache Struts 2.3.20 unknown vulnerability
7606| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
7607| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
7608| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
7609| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
7610| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
7611| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
7612| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
7613| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
7614| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
7615| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
7616| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
7617| [74793] Apache Tomcat File Upload denial of service
7618| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
7619| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
7620| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
7621| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
7622| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
7623| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
7624| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
7625| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
7626| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
7627| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
7628| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
7629| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
7630| [74468] Apache Batik up to 1.6 denial of service
7631| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
7632| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
7633| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
7634| [74174] Apache WSS4J up to 2.0.0 privilege escalation
7635| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
7636| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
7637| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
7638| [73731] Apache XML Security unknown vulnerability
7639| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
7640| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
7641| [73593] Apache Traffic Server up to 5.1.0 denial of service
7642| [73511] Apache POI up to 3.10 Deadlock denial of service
7643| [73510] Apache Solr up to 4.3.0 cross site scripting
7644| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
7645| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
7646| [73173] Apache CloudStack Stack-Based unknown vulnerability
7647| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
7648| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
7649| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
7650| [72890] Apache Qpid 0.30 unknown vulnerability
7651| [72887] Apache Hive 0.13.0 File Permission privilege escalation
7652| [72878] Apache Cordova 3.5.0 cross site request forgery
7653| [72877] Apache Cordova 3.5.0 cross site request forgery
7654| [72876] Apache Cordova 3.5.0 cross site request forgery
7655| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
7656| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
7657| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
7658| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
7659| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7660| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7661| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
7662| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
7663| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
7664| [71629] Apache Axis2/C spoofing
7665| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
7666| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
7667| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
7668| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
7669| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
7670| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
7671| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
7672| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
7673| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
7674| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
7675| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
7676| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
7677| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
7678| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
7679| [70809] Apache POI up to 3.11 Crash denial of service
7680| [70808] Apache POI up to 3.10 unknown vulnerability
7681| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
7682| [70749] Apache Axis up to 1.4 getCN spoofing
7683| [70701] Apache Traffic Server up to 3.3.5 denial of service
7684| [70700] Apache OFBiz up to 12.04.03 cross site scripting
7685| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
7686| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
7687| [70661] Apache Subversion up to 1.6.17 denial of service
7688| [70660] Apache Subversion up to 1.6.17 spoofing
7689| [70659] Apache Subversion up to 1.6.17 spoofing
7690| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
7691| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
7692| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
7693| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
7694| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
7695| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
7696| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
7697| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
7698| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
7699| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
7700| [69846] Apache HBase up to 0.94.8 information disclosure
7701| [69783] Apache CouchDB up to 1.2.0 memory corruption
7702| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
7703| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
7704| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
7705| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
7706| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
7707| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
7708| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
7709| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
7710| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
7711| [69431] Apache Archiva up to 1.3.6 cross site scripting
7712| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
7713| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
7714| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
7715| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
7716| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
7717| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
7718| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
7719| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
7720| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
7721| [66739] Apache Camel up to 2.12.2 unknown vulnerability
7722| [66738] Apache Camel up to 2.12.2 unknown vulnerability
7723| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
7724| [66695] Apache CouchDB up to 1.2.0 cross site scripting
7725| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
7726| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
7727| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
7728| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
7729| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
7730| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
7731| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
7732| [66356] Apache Wicket up to 6.8.0 information disclosure
7733| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
7734| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
7735| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
7736| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
7737| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
7738| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7739| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7740| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
7741| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
7742| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
7743| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
7744| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
7745| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
7746| [65668] Apache Solr 4.0.0 Updater denial of service
7747| [65665] Apache Solr up to 4.3.0 denial of service
7748| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
7749| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
7750| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
7751| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
7752| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
7753| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
7754| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
7755| [65410] Apache Struts 2.3.15.3 cross site scripting
7756| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
7757| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
7758| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
7759| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
7760| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
7761| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
7762| [65340] Apache Shindig 2.5.0 information disclosure
7763| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
7764| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
7765| [10826] Apache Struts 2 File privilege escalation
7766| [65204] Apache Camel up to 2.10.1 unknown vulnerability
7767| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
7768| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
7769| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
7770| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
7771| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
7772| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
7773| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
7774| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
7775| [64722] Apache XML Security for C++ Heap-based memory corruption
7776| [64719] Apache XML Security for C++ Heap-based memory corruption
7777| [64718] Apache XML Security for C++ verify denial of service
7778| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
7779| [64716] Apache XML Security for C++ spoofing
7780| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
7781| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
7782| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
7783| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
7784| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
7785| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
7786| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
7787| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
7788| [64485] Apache Struts up to 2.2.3.0 privilege escalation
7789| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
7790| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
7791| [64467] Apache Geronimo 3.0 memory corruption
7792| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
7793| [64457] Apache Struts up to 2.2.3.0 cross site scripting
7794| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
7795| [9184] Apache Qpid up to 0.20 SSL misconfiguration
7796| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
7797| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
7798| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
7799| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
7800| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
7801| [8873] Apache Struts 2.3.14 privilege escalation
7802| [8872] Apache Struts 2.3.14 privilege escalation
7803| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
7804| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
7805| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
7806| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
7807| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
7808| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7809| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7810| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
7811| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
7812| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
7813| [64006] Apache ActiveMQ up to 5.7.0 denial of service
7814| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
7815| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
7816| [8427] Apache Tomcat Session Transaction weak authentication
7817| [63960] Apache Maven 3.0.4 Default Configuration spoofing
7818| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
7819| [63750] Apache qpid up to 0.20 checkAvailable denial of service
7820| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
7821| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
7822| [63747] Apache Rave up to 0.20 User Account information disclosure
7823| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
7824| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
7825| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
7826| [7687] Apache CXF up to 2.7.2 Token weak authentication
7827| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
7828| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
7829| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
7830| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
7831| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
7832| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
7833| [63090] Apache Tomcat up to 4.1.24 denial of service
7834| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
7835| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
7836| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
7837| [62833] Apache CXF -/2.6.0 spoofing
7838| [62832] Apache Axis2 up to 1.6.2 spoofing
7839| [62831] Apache Axis up to 1.4 Java Message Service spoofing
7840| [62830] Apache Commons-httpclient 3.0 Payments spoofing
7841| [62826] Apache Libcloud up to 0.11.0 spoofing
7842| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
7843| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
7844| [62661] Apache Axis2 unknown vulnerability
7845| [62658] Apache Axis2 unknown vulnerability
7846| [62467] Apache Qpid up to 0.17 denial of service
7847| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
7848| [6301] Apache HTTP Server mod_pagespeed cross site scripting
7849| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
7850| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
7851| [62035] Apache Struts up to 2.3.4 denial of service
7852| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
7853| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
7854| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
7855| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
7856| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
7857| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
7858| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
7859| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
7860| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
7861| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
7862| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
7863| [61229] Apache Sling up to 2.1.1 denial of service
7864| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
7865| [61094] Apache Roller up to 5.0 cross site scripting
7866| [61093] Apache Roller up to 5.0 cross site request forgery
7867| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
7868| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
7869| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
7870| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
7871| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
7872| [60708] Apache Qpid 0.12 unknown vulnerability
7873| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
7874| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
7875| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
7876| [4882] Apache Wicket up to 1.5.4 directory traversal
7877| [4881] Apache Wicket up to 1.4.19 cross site scripting
7878| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
7879| [60352] Apache Struts up to 2.2.3 memory corruption
7880| [60153] Apache Portable Runtime up to 1.4.3 denial of service
7881| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
7882| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
7883| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
7884| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
7885| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
7886| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
7887| [4571] Apache Struts up to 2.3.1.2 privilege escalation
7888| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
7889| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
7890| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
7891| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
7892| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
7893| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
7894| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
7895| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
7896| [59888] Apache Tomcat up to 6.0.6 denial of service
7897| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
7898| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
7899| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
7900| [59850] Apache Geronimo up to 2.2.1 denial of service
7901| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
7902| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
7903| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
7904| [58413] Apache Tomcat up to 6.0.10 spoofing
7905| [58381] Apache Wicket up to 1.4.17 cross site scripting
7906| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
7907| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
7908| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
7909| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
7910| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
7911| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
7912| [57568] Apache Archiva up to 1.3.4 cross site scripting
7913| [57567] Apache Archiva up to 1.3.4 cross site request forgery
7914| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
7915| [4355] Apache HTTP Server APR apr_fnmatch denial of service
7916| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
7917| [57425] Apache Struts up to 2.2.1.1 cross site scripting
7918| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
7919| [57025] Apache Tomcat up to 7.0.11 information disclosure
7920| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
7921| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
7922| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
7923| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
7924| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
7925| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
7926| [56512] Apache Continuum up to 1.4.0 cross site scripting
7927| [4285] Apache Tomcat 5.x JVM getLocale denial of service
7928| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
7929| [4283] Apache Tomcat 5.x ServletContect privilege escalation
7930| [56441] Apache Tomcat up to 7.0.6 denial of service
7931| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
7932| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
7933| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
7934| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
7935| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
7936| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
7937| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
7938| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
7939| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
7940| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
7941| [54693] Apache Traffic Server DNS Cache unknown vulnerability
7942| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
7943| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
7944| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
7945| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
7946| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
7947| [54012] Apache Tomcat up to 6.0.10 denial of service
7948| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
7949| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
7950| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
7951| [52894] Apache Tomcat up to 6.0.7 information disclosure
7952| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
7953| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
7954| [52786] Apache Open For Business Project up to 09.04 cross site scripting
7955| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
7956| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
7957| [52584] Apache CouchDB up to 0.10.1 information disclosure
7958| [51757] Apache HTTP Server 2.0.44 cross site scripting
7959| [51756] Apache HTTP Server 2.0.44 spoofing
7960| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
7961| [51690] Apache Tomcat up to 6.0 directory traversal
7962| [51689] Apache Tomcat up to 6.0 information disclosure
7963| [51688] Apache Tomcat up to 6.0 directory traversal
7964| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
7965| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
7966| [50626] Apache Solr 1.0.0 cross site scripting
7967| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
7968| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
7969| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
7970| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
7971| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
7972| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
7973| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
7974| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
7975| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
7976| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
7977| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
7978| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
7979| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
7980| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
7981| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
7982| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
7983| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
7984| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
7985| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
7986| [47214] Apachefriends xampp 1.6.8 spoofing
7987| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
7988| [47162] Apachefriends XAMPP 1.4.4 weak authentication
7989| [47065] Apache Tomcat 4.1.23 cross site scripting
7990| [46834] Apache Tomcat up to 5.5.20 cross site scripting
7991| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
7992| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
7993| [86625] Apache Struts directory traversal
7994| [44461] Apache Tomcat up to 5.5.0 information disclosure
7995| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
7996| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
7997| [43663] Apache Tomcat up to 6.0.16 directory traversal
7998| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
7999| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8000| [43516] Apache Tomcat up to 4.1.20 directory traversal
8001| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8002| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8003| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8004| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8005| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8006| [40924] Apache Tomcat up to 6.0.15 information disclosure
8007| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8008| [40922] Apache Tomcat up to 6.0 information disclosure
8009| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8010| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8011| [40656] Apache Tomcat 5.5.20 information disclosure
8012| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8013| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8014| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8015| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8016| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8017| [40234] Apache Tomcat up to 6.0.15 directory traversal
8018| [40221] Apache HTTP Server 2.2.6 information disclosure
8019| [40027] David Castro Apache Authcas 0.4 sql injection
8020| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8021| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8022| [3414] Apache Tomcat WebDAV Stored privilege escalation
8023| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8024| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8025| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8026| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8027| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8028| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8029| [38524] Apache Geronimo 2.0 unknown vulnerability
8030| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8031| [38331] Apache Tomcat 4.1.24 information disclosure
8032| [38330] Apache Tomcat 4.1.24 information disclosure
8033| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8034| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8035| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8036| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8037| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8038| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8039| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8040| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8041| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8042| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8043| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8044| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8045| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8046| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8047| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8048| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8049| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8050| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8051| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8052| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8053| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8054| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8055| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8056| [34252] Apache HTTP Server denial of service
8057| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8058| [33877] Apache Opentaps 0.9.3 cross site scripting
8059| [33876] Apache Open For Business Project unknown vulnerability
8060| [33875] Apache Open For Business Project cross site scripting
8061| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8062| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8063|
8064| MITRE CVE - https://cve.mitre.org:
8065| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8066| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8067| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8068| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8069| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8070| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8071| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8072| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8073| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8074| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8075| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8076| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8077| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8078| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8079| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8080| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8081| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8082| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8083| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8084| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8085| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8086| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8087| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8088| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8089| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8090| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8091| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8092| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8093| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8094| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8095| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8096| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8097| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8098| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8099| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8100| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8101| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8102| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8103| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8104| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8105| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8106| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8107| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8108| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8109| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8110| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8111| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8112| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8113| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8114| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8115| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8116| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8117| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8118| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8119| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8120| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8121| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8122| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8123| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8124| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8125| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8126| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8127| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8128| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8129| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8130| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8131| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8132| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8133| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8134| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8135| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8136| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8137| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8138| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8139| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8140| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8141| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8142| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8143| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8144| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8145| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8146| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8147| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8148| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8149| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8150| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8151| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8152| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8153| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8154| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8155| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8156| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8157| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8158| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8159| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8160| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8161| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8162| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8163| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8164| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8165| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8166| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8167| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8168| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8169| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8170| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8171| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8172| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8173| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8174| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8175| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8176| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8177| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8178| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8179| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8180| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8181| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8182| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8183| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8184| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8185| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8186| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8187| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8188| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8189| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8190| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8191| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8192| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8193| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8194| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8195| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8196| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8197| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8198| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8199| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8200| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8201| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8202| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8203| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8204| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8205| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8206| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8207| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8208| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8209| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8210| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8211| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8212| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8213| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8214| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8215| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8216| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8217| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8218| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8219| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8220| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8221| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8222| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8223| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8224| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8225| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8226| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8227| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8228| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8229| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8230| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8231| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8232| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8233| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8234| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8235| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8236| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8237| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8238| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8239| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8240| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8241| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8242| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8243| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8244| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8245| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8246| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8247| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8248| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8249| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8250| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8251| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8252| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8253| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8254| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8255| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8256| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8257| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8258| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8259| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8260| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8261| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8262| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8263| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8264| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8265| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8266| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8267| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8268| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8269| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8270| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8271| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8272| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8273| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8274| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8275| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8276| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8277| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8278| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8279| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8280| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8281| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8282| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8283| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8284| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8285| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8286| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8287| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8288| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8289| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8290| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8291| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8292| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8293| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8294| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8295| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8296| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8297| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8298| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8299| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8300| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8301| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8302| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8303| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8304| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8305| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8306| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8307| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8308| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8309| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8310| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8311| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8312| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8313| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8314| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8315| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8316| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8317| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8318| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8319| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8320| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8321| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8322| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8323| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8324| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8325| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8326| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8327| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8328| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8329| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8330| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8331| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8332| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8333| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8334| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8335| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8336| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8337| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8338| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8339| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8340| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8341| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8342| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8343| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8344| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8345| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8346| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8347| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8348| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8349| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8350| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8351| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8352| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8353| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8354| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8355| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8356| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8357| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8358| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8359| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8360| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8361| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8362| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8363| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8364| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8365| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8366| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8367| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8368| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8369| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8370| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8371| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8372| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8373| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8374| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8375| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8376| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8377| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8378| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8379| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8380| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8381| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8382| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8383| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8384| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8385| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8386| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8387| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8388| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8389| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8390| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8391| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8392| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8393| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8394| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8395| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8396| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8397| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8398| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8399| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8400| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8401| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8402| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8403| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8404| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8405| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8406| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8407| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8408| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8409| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8410| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8411| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8412| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8413| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8414| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8415| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8416| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8417| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8418| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8419| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8420| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8421| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8422| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8423| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8424| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8425| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8426| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8427| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8428| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8429| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8430| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8431| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8432| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8433| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8434| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8435| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8436| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8437| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8438| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8439| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8440| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8441| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8442| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8443| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8444| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8445| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8446| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8447| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8448| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8449| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8450| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8451| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8452| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8453| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8454| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8455| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8456| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8457| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8458| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8459| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8460| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8461| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8462| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8463| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8464| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8465| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8466| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8467| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8468| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8469| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8470| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8471| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8472| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8473| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8474| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8475| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8476| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8477| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8478| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8479| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8480| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8481| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8482| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8483| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8484| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8485| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8486| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8487| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8488| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8489| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8490| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8491| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8492| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8493| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8494| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8495| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8496| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8497| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8498| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8499| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8500| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8501| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8502| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8503| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8504| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8505| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8506| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8507| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8508| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8509| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8510| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8511| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8512| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8513| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8514| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8515| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8516| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8517| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8518| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8519| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8520| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8521| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8522| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8523| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8524| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8525| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8526| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8527| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8528| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8529| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8530| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8531| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8532| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8533| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8534| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8535| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8536| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8537| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8538| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8539| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8540| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8541| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8542| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8543| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8544| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8545| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8546| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8547| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8548| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8549| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8550| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8551| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8552| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8553| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8554| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8555| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8556| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8557| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8558| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8559| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8560| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8561| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8562| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8563| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8564| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8565| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8566| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8567| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8568| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8569| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8570| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8571| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8572| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
8573| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
8574| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
8575| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
8576| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
8577| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
8578| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
8579| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
8580| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
8581| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
8582| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
8583| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
8584| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
8585| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
8586| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
8587| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
8588| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
8589| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
8590| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
8591| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
8592| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
8593| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
8594| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
8595| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
8596| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
8597| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
8598| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
8599| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8600| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
8601| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
8602| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
8603| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
8604| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
8605| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
8606| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
8607| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
8608| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
8609| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
8610| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
8611| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
8612| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
8613| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
8614| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
8615| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
8616| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
8617| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
8618| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
8619| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
8620| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
8621| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
8622| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
8623| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
8624| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
8625| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
8626| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
8627| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
8628| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
8629| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
8630| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
8631| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
8632| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
8633| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
8634| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
8635| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
8636| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
8637| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
8638| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
8639| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
8640| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
8641| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
8642| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
8643| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
8644| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
8645| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
8646| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
8647| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
8648| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
8649| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
8650| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
8651| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
8652| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
8653| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
8654| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
8655| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
8656| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
8657| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
8658| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
8659| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
8660| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
8661| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
8662| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
8663| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
8664| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
8665| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
8666| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
8667| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
8668| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
8669| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
8670| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
8671| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
8672| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
8673| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
8674|
8675| SecurityFocus - https://www.securityfocus.com/bid/:
8676| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
8677| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
8678| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
8679| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
8680| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
8681| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
8682| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
8683| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
8684| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
8685| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
8686| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
8687| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
8688| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
8689| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
8690| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
8691| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
8692| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
8693| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
8694| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
8695| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
8696| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
8697| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
8698| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
8699| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
8700| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
8701| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
8702| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
8703| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
8704| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
8705| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
8706| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
8707| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
8708| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
8709| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
8710| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
8711| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
8712| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
8713| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
8714| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
8715| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
8716| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
8717| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
8718| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
8719| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
8720| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
8721| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
8722| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
8723| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
8724| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
8725| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
8726| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
8727| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
8728| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
8729| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
8730| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
8731| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
8732| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
8733| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
8734| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
8735| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
8736| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
8737| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
8738| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
8739| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
8740| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
8741| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
8742| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
8743| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
8744| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
8745| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
8746| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
8747| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
8748| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
8749| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
8750| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
8751| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
8752| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
8753| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
8754| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
8755| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
8756| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
8757| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
8758| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
8759| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
8760| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
8761| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
8762| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
8763| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
8764| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
8765| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
8766| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
8767| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
8768| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
8769| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
8770| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
8771| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
8772| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
8773| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
8774| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
8775| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
8776| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
8777| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
8778| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
8779| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
8780| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
8781| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
8782| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
8783| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
8784| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
8785| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
8786| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
8787| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
8788| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
8789| [100447] Apache2Triad Multiple Security Vulnerabilities
8790| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
8791| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
8792| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
8793| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
8794| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
8795| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
8796| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
8797| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
8798| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
8799| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
8800| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
8801| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
8802| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
8803| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
8804| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
8805| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
8806| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
8807| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
8808| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
8809| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
8810| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
8811| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
8812| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
8813| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
8814| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
8815| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
8816| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
8817| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
8818| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
8819| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
8820| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
8821| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
8822| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
8823| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
8824| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
8825| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
8826| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
8827| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
8828| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
8829| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
8830| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
8831| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
8832| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
8833| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
8834| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
8835| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
8836| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
8837| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
8838| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
8839| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
8840| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
8841| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
8842| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
8843| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
8844| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
8845| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
8846| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
8847| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
8848| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
8849| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
8850| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
8851| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
8852| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
8853| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
8854| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
8855| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
8856| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
8857| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
8858| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
8859| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
8860| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
8861| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
8862| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
8863| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
8864| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
8865| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
8866| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
8867| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
8868| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
8869| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
8870| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
8871| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
8872| [95675] Apache Struts Remote Code Execution Vulnerability
8873| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
8874| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
8875| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
8876| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
8877| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
8878| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
8879| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
8880| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
8881| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
8882| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
8883| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
8884| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
8885| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
8886| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
8887| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
8888| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
8889| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
8890| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
8891| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
8892| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
8893| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
8894| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
8895| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
8896| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
8897| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
8898| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
8899| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
8900| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
8901| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
8902| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
8903| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
8904| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
8905| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
8906| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
8907| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
8908| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
8909| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
8910| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
8911| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
8912| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
8913| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
8914| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
8915| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
8916| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
8917| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
8918| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
8919| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
8920| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
8921| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
8922| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
8923| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
8924| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
8925| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
8926| [91736] Apache XML-RPC Multiple Security Vulnerabilities
8927| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
8928| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
8929| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
8930| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
8931| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
8932| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
8933| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
8934| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
8935| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
8936| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
8937| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
8938| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
8939| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
8940| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
8941| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
8942| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
8943| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
8944| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
8945| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
8946| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
8947| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
8948| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
8949| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
8950| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
8951| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
8952| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
8953| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
8954| [90482] Apache CVE-2004-1387 Local Security Vulnerability
8955| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
8956| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
8957| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
8958| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
8959| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
8960| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
8961| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
8962| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
8963| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
8964| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
8965| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
8966| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
8967| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
8968| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
8969| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
8970| [86399] Apache CVE-2007-1743 Local Security Vulnerability
8971| [86397] Apache CVE-2007-1742 Local Security Vulnerability
8972| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
8973| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
8974| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
8975| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
8976| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
8977| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
8978| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
8979| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
8980| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
8981| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
8982| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
8983| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
8984| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
8985| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
8986| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
8987| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
8988| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
8989| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
8990| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
8991| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
8992| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
8993| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
8994| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
8995| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
8996| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
8997| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
8998| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
8999| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9000| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9001| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9002| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9003| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9004| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9005| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9006| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9007| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9008| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9009| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9010| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9011| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9012| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9013| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9014| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9015| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9016| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9017| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9018| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9019| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9020| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9021| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9022| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9023| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9024| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9025| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9026| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9027| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9028| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9029| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9030| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9031| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9032| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9033| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9034| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9035| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9036| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9037| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9038| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9039| [76933] Apache James Server Unspecified Command Execution Vulnerability
9040| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9041| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9042| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9043| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9044| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9045| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9046| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9047| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9048| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9049| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9050| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9051| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9052| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9053| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9054| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9055| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9056| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9057| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9058| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9059| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9060| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9061| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9062| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9063| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9064| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9065| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9066| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9067| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9068| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9069| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9070| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9071| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9072| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9073| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9074| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9075| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9076| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9077| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9078| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9079| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9080| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9081| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9082| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9083| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9084| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9085| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9086| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9087| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9088| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9089| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9090| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9091| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9092| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9093| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9094| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9095| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9096| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9097| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9098| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9099| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9100| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9101| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9102| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9103| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9104| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9105| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9106| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9107| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9108| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9109| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9110| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9111| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9112| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9113| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9114| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9115| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9116| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9117| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9118| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9119| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9120| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9121| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9122| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9123| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9124| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9125| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9126| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9127| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9128| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9129| [68229] Apache Harmony PRNG Entropy Weakness
9130| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9131| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9132| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9133| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9134| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9135| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9136| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9137| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9138| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9139| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9140| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9141| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9142| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9143| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9144| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9145| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9146| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9147| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9148| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9149| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9150| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9151| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9152| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9153| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9154| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9155| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9156| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9157| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9158| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9159| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9160| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9161| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9162| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9163| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9164| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9165| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9166| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9167| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9168| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9169| [64780] Apache CloudStack Unauthorized Access Vulnerability
9170| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9171| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9172| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9173| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9174| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9175| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9176| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9177| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9178| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9179| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9180| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9181| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9182| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9183| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9184| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9185| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9186| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9187| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9188| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9189| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9190| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9191| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9192| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9193| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9194| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9195| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9196| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9197| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9198| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9199| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9200| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9201| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9202| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9203| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9204| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9205| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9206| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9207| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9208| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9209| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9210| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9211| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9212| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9213| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9214| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9215| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9216| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9217| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9218| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9219| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9220| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9221| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9222| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9223| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9224| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9225| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9226| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9227| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9228| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9229| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9230| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9231| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9232| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9233| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9234| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9235| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9236| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9237| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9238| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9239| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9240| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9241| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9242| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9243| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9244| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9245| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9246| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9247| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9248| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9249| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9250| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9251| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9252| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9253| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9254| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9255| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9256| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9257| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9258| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9259| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9260| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9261| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9262| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9263| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9264| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9265| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9266| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9267| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9268| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9269| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9270| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9271| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9272| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9273| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9274| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9275| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9276| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9277| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9278| [54798] Apache Libcloud Man In The Middle Vulnerability
9279| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9280| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9281| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9282| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9283| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9284| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9285| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9286| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9287| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9288| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9289| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9290| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9291| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9292| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9293| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9294| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9295| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9296| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9297| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9298| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9299| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9300| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9301| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9302| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9303| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9304| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9305| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9306| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9307| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9308| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9309| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9310| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9311| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9312| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9313| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9314| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9315| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9316| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9317| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9318| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9319| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9320| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9321| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9322| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9323| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9324| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9325| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9326| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9327| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9328| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9329| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9330| [49290] Apache Wicket Cross Site Scripting Vulnerability
9331| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9332| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9333| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9334| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9335| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9336| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9337| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9338| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9339| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9340| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9341| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9342| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9343| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9344| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9345| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9346| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9347| [46953] Apache MPM-ITK Module Security Weakness
9348| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9349| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9350| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9351| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9352| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9353| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9354| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9355| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9356| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9357| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9358| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9359| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9360| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9361| [44616] Apache Shiro Directory Traversal Vulnerability
9362| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9363| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9364| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9365| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9366| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9367| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9368| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9369| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9370| [42492] Apache CXF XML DTD Processing Security Vulnerability
9371| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9372| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9373| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9374| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9375| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9376| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9377| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9378| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9379| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9380| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9381| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9382| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9383| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9384| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9385| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9386| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9387| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9388| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9389| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9390| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9391| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9392| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9393| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9394| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9395| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9396| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9397| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9398| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9399| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9400| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9401| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9402| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9403| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9404| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9405| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9406| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9407| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9408| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9409| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9410| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9411| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9412| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9413| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9414| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9415| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9416| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9417| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9418| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9419| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9420| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9421| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9422| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9423| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9424| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9425| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9426| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9427| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9428| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9429| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9430| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9431| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9432| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9433| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9434| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9435| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9436| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9437| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9438| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9439| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9440| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9441| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9442| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9443| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9444| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9445| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9446| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9447| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9448| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9449| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9450| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9451| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9452| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9453| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9454| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9455| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9456| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9457| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9458| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9459| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9460| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9461| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9462| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9463| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9464| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9465| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9466| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9467| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9468| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9469| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9470| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9471| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9472| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9473| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9474| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9475| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9476| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9477| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9478| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9479| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9480| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9481| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9482| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9483| [20527] Apache Mod_TCL Remote Format String Vulnerability
9484| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9485| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9486| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9487| [19106] Apache Tomcat Information Disclosure Vulnerability
9488| [18138] Apache James SMTP Denial Of Service Vulnerability
9489| [17342] Apache Struts Multiple Remote Vulnerabilities
9490| [17095] Apache Log4Net Denial Of Service Vulnerability
9491| [16916] Apache mod_python FileSession Code Execution Vulnerability
9492| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9493| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9494| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9495| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9496| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9497| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9498| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9499| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9500| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9501| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9502| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9503| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9504| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9505| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9506| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9507| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9508| [14106] Apache HTTP Request Smuggling Vulnerability
9509| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9510| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9511| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9512| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9513| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9514| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9515| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9516| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9517| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9518| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9519| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9520| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9521| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9522| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9523| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9524| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9525| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9526| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9527| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9528| [11094] Apache mod_ssl Denial Of Service Vulnerability
9529| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9530| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9531| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9532| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9533| [10478] ClueCentral Apache Suexec Patch Security Weakness
9534| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9535| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9536| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9537| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9538| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9539| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9540| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9541| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9542| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9543| [9733] Apache Cygwin Directory Traversal Vulnerability
9544| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9545| [9590] Apache-SSL Client Certificate Forging Vulnerability
9546| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9547| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9548| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9549| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9550| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9551| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9552| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9553| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9554| [8898] Red Hat Apache Directory Index Default Configuration Error
9555| [8883] Apache Cocoon Directory Traversal Vulnerability
9556| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9557| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9558| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9559| [8707] Apache htpasswd Password Entropy Weakness
9560| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9561| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9562| [8226] Apache HTTP Server Multiple Vulnerabilities
9563| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9564| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9565| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9566| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9567| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9568| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9569| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9570| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9571| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9572| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
9573| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
9574| [7255] Apache Web Server File Descriptor Leakage Vulnerability
9575| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9576| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
9577| [6939] Apache Web Server ETag Header Information Disclosure Weakness
9578| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
9579| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
9580| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
9581| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
9582| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
9583| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
9584| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
9585| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
9586| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
9587| [6117] Apache mod_php File Descriptor Leakage Vulnerability
9588| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9589| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
9590| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
9591| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
9592| [5992] Apache HTDigest Insecure Temporary File Vulnerability
9593| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
9594| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
9595| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
9596| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
9597| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
9598| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9599| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9600| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
9601| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
9602| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
9603| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9604| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9605| [5485] Apache 2.0 Path Disclosure Vulnerability
9606| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9607| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9608| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
9609| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
9610| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
9611| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
9612| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
9613| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
9614| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
9615| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
9616| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
9617| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
9618| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
9619| [4437] Apache Error Message Cross-Site Scripting Vulnerability
9620| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
9621| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
9622| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
9623| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
9624| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
9625| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
9626| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
9627| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
9628| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
9629| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
9630| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
9631| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
9632| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
9633| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
9634| [3596] Apache Split-Logfile File Append Vulnerability
9635| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
9636| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
9637| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
9638| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
9639| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
9640| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
9641| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
9642| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
9643| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
9644| [3169] Apache Server Address Disclosure Vulnerability
9645| [3009] Apache Possible Directory Index Disclosure Vulnerability
9646| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
9647| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
9648| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
9649| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
9650| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
9651| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
9652| [2216] Apache Web Server DoS Vulnerability
9653| [2182] Apache /tmp File Race Vulnerability
9654| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
9655| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
9656| [1821] Apache mod_cookies Buffer Overflow Vulnerability
9657| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
9658| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
9659| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
9660| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
9661| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
9662| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
9663| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
9664| [1457] Apache::ASP source.asp Example Script Vulnerability
9665| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
9666| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
9667|
9668| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9669| [86258] Apache CloudStack text fields cross-site scripting
9670| [85983] Apache Subversion mod_dav_svn module denial of service
9671| [85875] Apache OFBiz UEL code execution
9672| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
9673| [85871] Apache HTTP Server mod_session_dbd unspecified
9674| [85756] Apache Struts OGNL expression command execution
9675| [85755] Apache Struts DefaultActionMapper class open redirect
9676| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
9677| [85574] Apache HTTP Server mod_dav denial of service
9678| [85573] Apache Struts Showcase App OGNL code execution
9679| [85496] Apache CXF denial of service
9680| [85423] Apache Geronimo RMI classloader code execution
9681| [85326] Apache Santuario XML Security for C++ buffer overflow
9682| [85323] Apache Santuario XML Security for Java spoofing
9683| [85319] Apache Qpid Python client SSL spoofing
9684| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
9685| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
9686| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
9687| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
9688| [84952] Apache Tomcat CVE-2012-3544 denial of service
9689| [84763] Apache Struts CVE-2013-2135 security bypass
9690| [84762] Apache Struts CVE-2013-2134 security bypass
9691| [84719] Apache Subversion CVE-2013-2088 command execution
9692| [84718] Apache Subversion CVE-2013-2112 denial of service
9693| [84717] Apache Subversion CVE-2013-1968 denial of service
9694| [84577] Apache Tomcat security bypass
9695| [84576] Apache Tomcat symlink
9696| [84543] Apache Struts CVE-2013-2115 security bypass
9697| [84542] Apache Struts CVE-2013-1966 security bypass
9698| [84154] Apache Tomcat session hijacking
9699| [84144] Apache Tomcat denial of service
9700| [84143] Apache Tomcat information disclosure
9701| [84111] Apache HTTP Server command execution
9702| [84043] Apache Virtual Computing Lab cross-site scripting
9703| [84042] Apache Virtual Computing Lab cross-site scripting
9704| [83782] Apache CloudStack information disclosure
9705| [83781] Apache CloudStack security bypass
9706| [83720] Apache ActiveMQ cross-site scripting
9707| [83719] Apache ActiveMQ denial of service
9708| [83718] Apache ActiveMQ denial of service
9709| [83263] Apache Subversion denial of service
9710| [83262] Apache Subversion denial of service
9711| [83261] Apache Subversion denial of service
9712| [83259] Apache Subversion denial of service
9713| [83035] Apache mod_ruid2 security bypass
9714| [82852] Apache Qpid federation_tag security bypass
9715| [82851] Apache Qpid qpid::framing::Buffer denial of service
9716| [82758] Apache Rave User RPC API information disclosure
9717| [82663] Apache Subversion svn_fs_file_length() denial of service
9718| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
9719| [82641] Apache Qpid AMQP denial of service
9720| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
9721| [82618] Apache Commons FileUpload symlink
9722| [82360] Apache HTTP Server manager interface cross-site scripting
9723| [82359] Apache HTTP Server hostnames cross-site scripting
9724| [82338] Apache Tomcat log/logdir information disclosure
9725| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
9726| [82268] Apache OpenJPA deserialization command execution
9727| [81981] Apache CXF UsernameTokens security bypass
9728| [81980] Apache CXF WS-Security security bypass
9729| [81398] Apache OFBiz cross-site scripting
9730| [81240] Apache CouchDB directory traversal
9731| [81226] Apache CouchDB JSONP code execution
9732| [81225] Apache CouchDB Futon user interface cross-site scripting
9733| [81211] Apache Axis2/C SSL spoofing
9734| [81167] Apache CloudStack DeployVM information disclosure
9735| [81166] Apache CloudStack AddHost API information disclosure
9736| [81165] Apache CloudStack createSSHKeyPair API information disclosure
9737| [80518] Apache Tomcat cross-site request forgery security bypass
9738| [80517] Apache Tomcat FormAuthenticator security bypass
9739| [80516] Apache Tomcat NIO denial of service
9740| [80408] Apache Tomcat replay-countermeasure security bypass
9741| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
9742| [80317] Apache Tomcat slowloris denial of service
9743| [79984] Apache Commons HttpClient SSL spoofing
9744| [79983] Apache CXF SSL spoofing
9745| [79830] Apache Axis2/Java SSL spoofing
9746| [79829] Apache Axis SSL spoofing
9747| [79809] Apache Tomcat DIGEST security bypass
9748| [79806] Apache Tomcat parseHeaders() denial of service
9749| [79540] Apache OFBiz unspecified
9750| [79487] Apache Axis2 SAML security bypass
9751| [79212] Apache Cloudstack code execution
9752| [78734] Apache CXF SOAP Action security bypass
9753| [78730] Apache Qpid broker denial of service
9754| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
9755| [78563] Apache mod_pagespeed module unspecified cross-site scripting
9756| [78562] Apache mod_pagespeed module security bypass
9757| [78454] Apache Axis2 security bypass
9758| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
9759| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
9760| [78321] Apache Wicket unspecified cross-site scripting
9761| [78183] Apache Struts parameters denial of service
9762| [78182] Apache Struts cross-site request forgery
9763| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
9764| [77987] mod_rpaf module for Apache denial of service
9765| [77958] Apache Struts skill name code execution
9766| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
9767| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
9768| [77568] Apache Qpid broker security bypass
9769| [77421] Apache Libcloud spoofing
9770| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
9771| [77046] Oracle Solaris Apache HTTP Server information disclosure
9772| [76837] Apache Hadoop information disclosure
9773| [76802] Apache Sling CopyFrom denial of service
9774| [76692] Apache Hadoop symlink
9775| [76535] Apache Roller console cross-site request forgery
9776| [76534] Apache Roller weblog cross-site scripting
9777| [76152] Apache CXF elements security bypass
9778| [76151] Apache CXF child policies security bypass
9779| [75983] MapServer for Windows Apache file include
9780| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
9781| [75558] Apache POI denial of service
9782| [75545] PHP apache_request_headers() buffer overflow
9783| [75302] Apache Qpid SASL security bypass
9784| [75211] Debian GNU/Linux apache 2 cross-site scripting
9785| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
9786| [74871] Apache OFBiz FlexibleStringExpander code execution
9787| [74870] Apache OFBiz multiple cross-site scripting
9788| [74750] Apache Hadoop unspecified spoofing
9789| [74319] Apache Struts XSLTResult.java file upload
9790| [74313] Apache Traffic Server header buffer overflow
9791| [74276] Apache Wicket directory traversal
9792| [74273] Apache Wicket unspecified cross-site scripting
9793| [74181] Apache HTTP Server mod_fcgid module denial of service
9794| [73690] Apache Struts OGNL code execution
9795| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
9796| [73100] Apache MyFaces in directory traversal
9797| [73096] Apache APR hash denial of service
9798| [73052] Apache Struts name cross-site scripting
9799| [73030] Apache CXF UsernameToken security bypass
9800| [72888] Apache Struts lastName cross-site scripting
9801| [72758] Apache HTTP Server httpOnly information disclosure
9802| [72757] Apache HTTP Server MPM denial of service
9803| [72585] Apache Struts ParameterInterceptor security bypass
9804| [72438] Apache Tomcat Digest security bypass
9805| [72437] Apache Tomcat Digest security bypass
9806| [72436] Apache Tomcat DIGEST security bypass
9807| [72425] Apache Tomcat parameter denial of service
9808| [72422] Apache Tomcat request object information disclosure
9809| [72377] Apache HTTP Server scoreboard security bypass
9810| [72345] Apache HTTP Server HTTP request denial of service
9811| [72229] Apache Struts ExceptionDelegator command execution
9812| [72089] Apache Struts ParameterInterceptor directory traversal
9813| [72088] Apache Struts CookieInterceptor command execution
9814| [72047] Apache Geronimo hash denial of service
9815| [72016] Apache Tomcat hash denial of service
9816| [71711] Apache Struts OGNL expression code execution
9817| [71654] Apache Struts interfaces security bypass
9818| [71620] Apache ActiveMQ failover denial of service
9819| [71617] Apache HTTP Server mod_proxy module information disclosure
9820| [71508] Apache MyFaces EL security bypass
9821| [71445] Apache HTTP Server mod_proxy security bypass
9822| [71203] Apache Tomcat servlets privilege escalation
9823| [71181] Apache HTTP Server ap_pregsub() denial of service
9824| [71093] Apache HTTP Server ap_pregsub() buffer overflow
9825| [70336] Apache HTTP Server mod_proxy information disclosure
9826| [69804] Apache HTTP Server mod_proxy_ajp denial of service
9827| [69472] Apache Tomcat AJP security bypass
9828| [69396] Apache HTTP Server ByteRange filter denial of service
9829| [69394] Apache Wicket multi window support cross-site scripting
9830| [69176] Apache Tomcat XML information disclosure
9831| [69161] Apache Tomcat jsvc information disclosure
9832| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
9833| [68541] Apache Tomcat sendfile information disclosure
9834| [68420] Apache XML Security denial of service
9835| [68238] Apache Tomcat JMX information disclosure
9836| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
9837| [67804] Apache Subversion control rules information disclosure
9838| [67803] Apache Subversion control rules denial of service
9839| [67802] Apache Subversion baselined denial of service
9840| [67672] Apache Archiva multiple cross-site scripting
9841| [67671] Apache Archiva multiple cross-site request forgery
9842| [67564] Apache APR apr_fnmatch() denial of service
9843| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
9844| [67515] Apache Tomcat annotations security bypass
9845| [67480] Apache Struts s:submit information disclosure
9846| [67414] Apache APR apr_fnmatch() denial of service
9847| [67356] Apache Struts javatemplates cross-site scripting
9848| [67354] Apache Struts Xwork cross-site scripting
9849| [66676] Apache Tomcat HTTP BIO information disclosure
9850| [66675] Apache Tomcat web.xml security bypass
9851| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
9852| [66241] Apache HttpComponents information disclosure
9853| [66154] Apache Tomcat ServletSecurity security bypass
9854| [65971] Apache Tomcat ServletSecurity security bypass
9855| [65876] Apache Subversion mod_dav_svn denial of service
9856| [65343] Apache Continuum unspecified cross-site scripting
9857| [65162] Apache Tomcat NIO connector denial of service
9858| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
9859| [65160] Apache Tomcat HTML Manager interface cross-site scripting
9860| [65159] Apache Tomcat ServletContect security bypass
9861| [65050] Apache CouchDB web-based administration UI cross-site scripting
9862| [64773] Oracle HTTP Server Apache Plugin unauthorized access
9863| [64473] Apache Subversion blame -g denial of service
9864| [64472] Apache Subversion walk() denial of service
9865| [64407] Apache Axis2 CVE-2010-0219 code execution
9866| [63926] Apache Archiva password privilege escalation
9867| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
9868| [63493] Apache Archiva credentials cross-site request forgery
9869| [63477] Apache Tomcat HttpOnly session hijacking
9870| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
9871| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
9872| [62959] Apache Shiro filters security bypass
9873| [62790] Apache Perl cgi module denial of service
9874| [62576] Apache Qpid exchange denial of service
9875| [62575] Apache Qpid AMQP denial of service
9876| [62354] Apache Qpid SSL denial of service
9877| [62235] Apache APR-util apr_brigade_split_line() denial of service
9878| [62181] Apache XML-RPC SAX Parser information disclosure
9879| [61721] Apache Traffic Server cache poisoning
9880| [61202] Apache Derby BUILTIN authentication functionality information disclosure
9881| [61186] Apache CouchDB Futon cross-site request forgery
9882| [61169] Apache CXF DTD denial of service
9883| [61070] Apache Jackrabbit search.jsp SQL injection
9884| [61006] Apache SLMS Quoting cross-site request forgery
9885| [60962] Apache Tomcat time cross-site scripting
9886| [60883] Apache mod_proxy_http information disclosure
9887| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
9888| [60264] Apache Tomcat Transfer-Encoding denial of service
9889| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
9890| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
9891| [59413] Apache mod_proxy_http timeout information disclosure
9892| [59058] Apache MyFaces unencrypted view state cross-site scripting
9893| [58827] Apache Axis2 xsd file include
9894| [58790] Apache Axis2 modules cross-site scripting
9895| [58299] Apache ActiveMQ queueBrowse cross-site scripting
9896| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
9897| [58056] Apache ActiveMQ .jsp source code disclosure
9898| [58055] Apache Tomcat realm name information disclosure
9899| [58046] Apache HTTP Server mod_auth_shadow security bypass
9900| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
9901| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
9902| [57429] Apache CouchDB algorithms information disclosure
9903| [57398] Apache ActiveMQ Web console cross-site request forgery
9904| [57397] Apache ActiveMQ createDestination.action cross-site scripting
9905| [56653] Apache HTTP Server DNS spoofing
9906| [56652] Apache HTTP Server DNS cross-site scripting
9907| [56625] Apache HTTP Server request header information disclosure
9908| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
9909| [56623] Apache HTTP Server mod_proxy_ajp denial of service
9910| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
9911| [55857] Apache Tomcat WAR files directory traversal
9912| [55856] Apache Tomcat autoDeploy attribute security bypass
9913| [55855] Apache Tomcat WAR directory traversal
9914| [55210] Intuit component for Joomla! Apache information disclosure
9915| [54533] Apache Tomcat 404 error page cross-site scripting
9916| [54182] Apache Tomcat admin default password
9917| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
9918| [53666] Apache HTTP Server Solaris pollset support denial of service
9919| [53650] Apache HTTP Server HTTP basic-auth module security bypass
9920| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
9921| [53041] mod_proxy_ftp module for Apache denial of service
9922| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
9923| [51953] Apache Tomcat Path Disclosure
9924| [51952] Apache Tomcat Path Traversal
9925| [51951] Apache stronghold-status Information Disclosure
9926| [51950] Apache stronghold-info Information Disclosure
9927| [51949] Apache PHP Source Code Disclosure
9928| [51948] Apache Multiviews Attack
9929| [51946] Apache JServ Environment Status Information Disclosure
9930| [51945] Apache error_log Information Disclosure
9931| [51944] Apache Default Installation Page Pattern Found
9932| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
9933| [51942] Apache AXIS XML External Entity File Retrieval
9934| [51941] Apache AXIS Sample Servlet Information Leak
9935| [51940] Apache access_log Information Disclosure
9936| [51626] Apache mod_deflate denial of service
9937| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
9938| [51365] Apache Tomcat RequestDispatcher security bypass
9939| [51273] Apache HTTP Server Incomplete Request denial of service
9940| [51195] Apache Tomcat XML information disclosure
9941| [50994] Apache APR-util xml/apr_xml.c denial of service
9942| [50993] Apache APR-util apr_brigade_vprintf denial of service
9943| [50964] Apache APR-util apr_strmatch_precompile() denial of service
9944| [50930] Apache Tomcat j_security_check information disclosure
9945| [50928] Apache Tomcat AJP denial of service
9946| [50884] Apache HTTP Server XML ENTITY denial of service
9947| [50808] Apache HTTP Server AllowOverride privilege escalation
9948| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
9949| [50059] Apache mod_proxy_ajp information disclosure
9950| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
9951| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
9952| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
9953| [49921] Apache ActiveMQ Web interface cross-site scripting
9954| [49898] Apache Geronimo Services/Repository directory traversal
9955| [49725] Apache Tomcat mod_jk module information disclosure
9956| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
9957| [49712] Apache Struts unspecified cross-site scripting
9958| [49213] Apache Tomcat cal2.jsp cross-site scripting
9959| [48934] Apache Tomcat POST doRead method information disclosure
9960| [48211] Apache Tomcat header HTTP request smuggling
9961| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
9962| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
9963| [47709] Apache Roller "
9964| [47104] Novell Netware ApacheAdmin console security bypass
9965| [47086] Apache HTTP Server OS fingerprinting unspecified
9966| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
9967| [45791] Apache Tomcat RemoteFilterValve security bypass
9968| [44435] Oracle WebLogic Apache Connector buffer overflow
9969| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
9970| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
9971| [44156] Apache Tomcat RequestDispatcher directory traversal
9972| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
9973| [43885] Oracle WebLogic Server Apache Connector buffer overflow
9974| [42987] Apache HTTP Server mod_proxy module denial of service
9975| [42915] Apache Tomcat JSP files path disclosure
9976| [42914] Apache Tomcat MS-DOS path disclosure
9977| [42892] Apache Tomcat unspecified unauthorized access
9978| [42816] Apache Tomcat Host Manager cross-site scripting
9979| [42303] Apache 403 error cross-site scripting
9980| [41618] Apache-SSL ExpandCert() authentication bypass
9981| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
9982| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
9983| [40614] Apache mod_jk2 HTTP Host header buffer overflow
9984| [40562] Apache Geronimo init information disclosure
9985| [40478] Novell Web Manager webadmin-apache.conf security bypass
9986| [40411] Apache Tomcat exception handling information disclosure
9987| [40409] Apache Tomcat native (APR based) connector weak security
9988| [40403] Apache Tomcat quotes and %5C cookie information disclosure
9989| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
9990| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
9991| [39867] Apache HTTP Server mod_negotiation cross-site scripting
9992| [39804] Apache Tomcat SingleSignOn information disclosure
9993| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
9994| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
9995| [39608] Apache HTTP Server balancer manager cross-site request forgery
9996| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
9997| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
9998| [39472] Apache HTTP Server mod_status cross-site scripting
9999| [39201] Apache Tomcat JULI logging weak security
10000| [39158] Apache HTTP Server Windows SMB shares information disclosure
10001| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10002| [38951] Apache::AuthCAS Perl module cookie SQL injection
10003| [38800] Apache HTTP Server 413 error page cross-site scripting
10004| [38211] Apache Geronimo SQLLoginModule authentication bypass
10005| [37243] Apache Tomcat WebDAV directory traversal
10006| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10007| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10008| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10009| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10010| [36782] Apache Geronimo MEJB unauthorized access
10011| [36586] Apache HTTP Server UTF-7 cross-site scripting
10012| [36468] Apache Geronimo LoginModule security bypass
10013| [36467] Apache Tomcat functions.jsp cross-site scripting
10014| [36402] Apache Tomcat calendar cross-site request forgery
10015| [36354] Apache HTTP Server mod_proxy module denial of service
10016| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10017| [36336] Apache Derby lock table privilege escalation
10018| [36335] Apache Derby schema privilege escalation
10019| [36006] Apache Tomcat "
10020| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10021| [35999] Apache Tomcat \"
10022| [35795] Apache Tomcat CookieExample cross-site scripting
10023| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10024| [35384] Apache HTTP Server mod_cache module denial of service
10025| [35097] Apache HTTP Server mod_status module cross-site scripting
10026| [35095] Apache HTTP Server Prefork MPM module denial of service
10027| [34984] Apache HTTP Server recall_headers information disclosure
10028| [34966] Apache HTTP Server MPM content spoofing
10029| [34965] Apache HTTP Server MPM information disclosure
10030| [34963] Apache HTTP Server MPM multiple denial of service
10031| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10032| [34869] Apache Tomcat JSP example Web application cross-site scripting
10033| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10034| [34496] Apache Tomcat JK Connector security bypass
10035| [34377] Apache Tomcat hello.jsp cross-site scripting
10036| [34212] Apache Tomcat SSL configuration security bypass
10037| [34210] Apache Tomcat Accept-Language cross-site scripting
10038| [34209] Apache Tomcat calendar application cross-site scripting
10039| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10040| [34167] Apache Axis WSDL file path disclosure
10041| [34068] Apache Tomcat AJP connector information disclosure
10042| [33584] Apache HTTP Server suEXEC privilege escalation
10043| [32988] Apache Tomcat proxy module directory traversal
10044| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10045| [32708] Debian Apache tty privilege escalation
10046| [32441] ApacheStats extract() PHP call unspecified
10047| [32128] Apache Tomcat default account
10048| [31680] Apache Tomcat RequestParamExample cross-site scripting
10049| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10050| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10051| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10052| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10053| [29550] Apache mod_tcl set_var() format string
10054| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10055| [28357] Apache HTTP Server mod_alias script source information disclosure
10056| [28063] Apache mod_rewrite off-by-one buffer overflow
10057| [27902] Apache Tomcat URL information disclosure
10058| [26786] Apache James SMTP server denial of service
10059| [25680] libapache2 /tmp/svn file upload
10060| [25614] Apache Struts lookupMap cross-site scripting
10061| [25613] Apache Struts ActionForm denial of service
10062| [25612] Apache Struts isCancelled() security bypass
10063| [24965] Apache mod_python FileSession command execution
10064| [24716] Apache James spooler memory leak denial of service
10065| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10066| [24158] Apache Geronimo jsp-examples cross-site scripting
10067| [24030] Apache auth_ldap module multiple format strings
10068| [24008] Apache mod_ssl custom error message denial of service
10069| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10070| [23612] Apache mod_imap referer field cross-site scripting
10071| [23173] Apache Struts error message cross-site scripting
10072| [22942] Apache Tomcat directory listing denial of service
10073| [22858] Apache Multi-Processing Module code allows denial of service
10074| [22602] RHSA-2005:582 updates for Apache httpd not installed
10075| [22520] Apache mod-auth-shadow "
10076| [22466] ApacheTop symlink
10077| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10078| [22006] Apache HTTP Server byte-range filter denial of service
10079| [21567] Apache mod_ssl off-by-one buffer overflow
10080| [21195] Apache HTTP Server header HTTP request smuggling
10081| [20383] Apache HTTP Server htdigest buffer overflow
10082| [19681] Apache Tomcat AJP12 request denial of service
10083| [18993] Apache HTTP server check_forensic symlink attack
10084| [18790] Apache Tomcat Manager cross-site scripting
10085| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10086| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10087| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10088| [17961] Apache Web server ServerTokens has not been set
10089| [17930] Apache HTTP Server HTTP GET request denial of service
10090| [17785] Apache mod_include module buffer overflow
10091| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10092| [17473] Apache HTTP Server Satisfy directive allows access to resources
10093| [17413] Apache htpasswd buffer overflow
10094| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10095| [17382] Apache HTTP Server IPv6 apr_util denial of service
10096| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10097| [17273] Apache HTTP Server speculative mode denial of service
10098| [17200] Apache HTTP Server mod_ssl denial of service
10099| [16890] Apache HTTP Server server-info request has been detected
10100| [16889] Apache HTTP Server server-status request has been detected
10101| [16705] Apache mod_ssl format string attack
10102| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10103| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10104| [16230] Apache HTTP Server PHP denial of service
10105| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10106| [15958] Apache HTTP Server authentication modules memory corruption
10107| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10108| [15540] Apache HTTP Server socket starvation denial of service
10109| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10110| [15422] Apache HTTP Server mod_access information disclosure
10111| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10112| [15293] Apache for Cygwin "
10113| [15065] Apache-SSL has a default password
10114| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10115| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10116| [14751] Apache Mod_python output filter information disclosure
10117| [14125] Apache HTTP Server mod_userdir module information disclosure
10118| [14075] Apache HTTP Server mod_php file descriptor leak
10119| [13703] Apache HTTP Server account
10120| [13689] Apache HTTP Server configuration allows symlinks
10121| [13688] Apache HTTP Server configuration allows SSI
10122| [13687] Apache HTTP Server Server: header value
10123| [13685] Apache HTTP Server ServerTokens value
10124| [13684] Apache HTTP Server ServerSignature value
10125| [13672] Apache HTTP Server config allows directory autoindexing
10126| [13671] Apache HTTP Server default content
10127| [13670] Apache HTTP Server config file directive references outside content root
10128| [13668] Apache HTTP Server httpd not running in chroot environment
10129| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10130| [13664] Apache HTTP Server config file contains ScriptAlias entry
10131| [13663] Apache HTTP Server CGI support modules loaded
10132| [13661] Apache HTTP Server config file contains AddHandler entry
10133| [13660] Apache HTTP Server 500 error page not CGI script
10134| [13659] Apache HTTP Server 413 error page not CGI script
10135| [13658] Apache HTTP Server 403 error page not CGI script
10136| [13657] Apache HTTP Server 401 error page not CGI script
10137| [13552] Apache HTTP Server mod_cgid module information disclosure
10138| [13550] Apache GET request directory traversal
10139| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10140| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10141| [13429] Apache Tomcat non-HTTP request denial of service
10142| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10143| [13295] Apache weak password encryption
10144| [13254] Apache Tomcat .jsp cross-site scripting
10145| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10146| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10147| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10148| [12662] Apache HTTP Server rotatelogs denial of service
10149| [12554] Apache Tomcat stores password in plain text
10150| [12553] Apache HTTP Server redirects and subrequests denial of service
10151| [12552] Apache HTTP Server FTP proxy server denial of service
10152| [12551] Apache HTTP Server prefork MPM denial of service
10153| [12550] Apache HTTP Server weaker than expected encryption
10154| [12549] Apache HTTP Server type-map file denial of service
10155| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10156| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10157| [12091] Apache HTTP Server apr_password_validate denial of service
10158| [12090] Apache HTTP Server apr_psprintf code execution
10159| [11804] Apache HTTP Server mod_access_referer denial of service
10160| [11750] Apache HTTP Server could leak sensitive file descriptors
10161| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10162| [11703] Apache long slash path allows directory listing
10163| [11695] Apache HTTP Server LF (Line Feed) denial of service
10164| [11694] Apache HTTP Server filestat.c denial of service
10165| [11438] Apache HTTP Server MIME message boundaries information disclosure
10166| [11412] Apache HTTP Server error log terminal escape sequence injection
10167| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10168| [11195] Apache Tomcat web.xml could be used to read files
10169| [11194] Apache Tomcat URL appended with a null character could list directories
10170| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10171| [11126] Apache HTTP Server illegal character file disclosure
10172| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10173| [11124] Apache HTTP Server DOS device name denial of service
10174| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10175| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10176| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10177| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10178| [10499] Apache HTTP Server WebDAV HTTP POST view source
10179| [10457] Apache HTTP Server mod_ssl "
10180| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10181| [10414] Apache HTTP Server htdigest multiple buffer overflows
10182| [10413] Apache HTTP Server htdigest temporary file race condition
10183| [10412] Apache HTTP Server htpasswd temporary file race condition
10184| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10185| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10186| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10187| [10280] Apache HTTP Server shared memory scorecard overwrite
10188| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10189| [10241] Apache HTTP Server Host: header cross-site scripting
10190| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10191| [10208] Apache HTTP Server mod_dav denial of service
10192| [10206] HP VVOS Apache mod_ssl denial of service
10193| [10200] Apache HTTP Server stderr denial of service
10194| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10195| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10196| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10197| [10098] Slapper worm targets OpenSSL/Apache systems
10198| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10199| [9875] Apache HTTP Server .var file request could disclose installation path
10200| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10201| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10202| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10203| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10204| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10205| [9396] Apache Tomcat null character to threads denial of service
10206| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10207| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10208| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10209| [8932] Apache Tomcat example class information disclosure
10210| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10211| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10212| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10213| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10214| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10215| [8400] Apache HTTP Server mod_frontpage buffer overflows
10216| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10217| [8308] Apache "
10218| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10219| [8119] Apache and PHP OPTIONS request reveals "
10220| [8054] Apache is running on the system
10221| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10222| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10223| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10224| [7836] Apache HTTP Server log directory denial of service
10225| [7815] Apache for Windows "
10226| [7810] Apache HTTP request could result in unexpected behavior
10227| [7599] Apache Tomcat reveals installation path
10228| [7494] Apache "
10229| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10230| [7363] Apache Web Server hidden HTTP requests
10231| [7249] Apache mod_proxy denial of service
10232| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10233| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10234| [7059] Apache "
10235| [7057] Apache "
10236| [7056] Apache "
10237| [7055] Apache "
10238| [7054] Apache "
10239| [6997] Apache Jakarta Tomcat error message may reveal information
10240| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10241| [6970] Apache crafted HTTP request could reveal the internal IP address
10242| [6921] Apache long slash path allows directory listing
10243| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10244| [6527] Apache Web Server for Windows and OS2 denial of service
10245| [6316] Apache Jakarta Tomcat may reveal JSP source code
10246| [6305] Apache Jakarta Tomcat directory traversal
10247| [5926] Linux Apache symbolic link
10248| [5659] Apache Web server discloses files when used with php script
10249| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10250| [5204] Apache WebDAV directory listings
10251| [5197] Apache Web server reveals CGI script source code
10252| [5160] Apache Jakarta Tomcat default installation
10253| [5099] Trustix Secure Linux installs Apache with world writable access
10254| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10255| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10256| [4931] Apache source.asp example file allows users to write to files
10257| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10258| [4205] Apache Jakarta Tomcat delivers file contents
10259| [2084] Apache on Debian by default serves the /usr/doc directory
10260| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10261| [697] Apache HTTP server beck exploit
10262| [331] Apache cookies buffer overflow
10263|
10264| Exploit-DB - https://www.exploit-db.com:
10265| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10266| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10267| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10268| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10269| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10270| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10271| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10272| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10273| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10274| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10275| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10276| [29859] Apache Roller OGNL Injection
10277| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10278| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10279| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10280| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10281| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10282| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10283| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10284| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10285| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10286| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10287| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10288| [27096] Apache Geronimo 1.0 Error Page XSS
10289| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10290| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10291| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10292| [25986] Plesk Apache Zeroday Remote Exploit
10293| [25980] Apache Struts includeParams Remote Code Execution
10294| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10295| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10296| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10297| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10298| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10299| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10300| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10301| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10302| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10303| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10304| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10305| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10306| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10307| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10308| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10309| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10310| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10311| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10312| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10313| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10314| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10315| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10316| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10317| [21719] Apache 2.0 Path Disclosure Vulnerability
10318| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10319| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10320| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10321| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10322| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10323| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10324| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10325| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10326| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10327| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10328| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10329| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10330| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10331| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10332| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10333| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10334| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10335| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10336| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10337| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10338| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10339| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10340| [20558] Apache 1.2 Web Server DoS Vulnerability
10341| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10342| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10343| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10344| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10345| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10346| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10347| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10348| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10349| [19231] PHP apache_request_headers Function Buffer Overflow
10350| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10351| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10352| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10353| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10354| [18442] Apache httpOnly Cookie Disclosure
10355| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10356| [18221] Apache HTTP Server Denial of Service
10357| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10358| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10359| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10360| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10361| [16782] Apache Win32 Chunked Encoding
10362| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10363| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10364| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10365| [15319] Apache 2.2 (Windows) Local Denial of Service
10366| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10367| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10368| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10369| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10370| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10371| [12330] Apache OFBiz - Multiple XSS
10372| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10373| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10374| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10375| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10376| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10377| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10378| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10379| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10380| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10381| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10382| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10383| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10384| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10385| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10386| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10387| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10388| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10389| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10390| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10391| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10392| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10393| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10394| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10395| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10396| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10397| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10398| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10399| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10400| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10401| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10402| [466] htpasswd Apache 1.3.31 - Local Exploit
10403| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10404| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10405| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10406| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10407| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10408| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10409| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10410| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10411| [9] Apache HTTP Server 2.x Memory Leak Exploit
10412|
10413| OpenVAS (Nessus) - http://www.openvas.org:
10414| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10415| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10416| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10417| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10418| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10419| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10420| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10421| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10422| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10423| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10424| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10425| [900571] Apache APR-Utils Version Detection
10426| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10427| [900496] Apache Tiles Multiple XSS Vulnerability
10428| [900493] Apache Tiles Version Detection
10429| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10430| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10431| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10432| [870175] RedHat Update for apache RHSA-2008:0004-01
10433| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10434| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10435| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10436| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10437| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10438| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10439| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10440| [855821] Solaris Update for Apache 1.3 122912-19
10441| [855812] Solaris Update for Apache 1.3 122911-19
10442| [855737] Solaris Update for Apache 1.3 122911-17
10443| [855731] Solaris Update for Apache 1.3 122912-17
10444| [855695] Solaris Update for Apache 1.3 122911-16
10445| [855645] Solaris Update for Apache 1.3 122912-16
10446| [855587] Solaris Update for kernel update and Apache 108529-29
10447| [855566] Solaris Update for Apache 116973-07
10448| [855531] Solaris Update for Apache 116974-07
10449| [855524] Solaris Update for Apache 2 120544-14
10450| [855494] Solaris Update for Apache 1.3 122911-15
10451| [855478] Solaris Update for Apache Security 114145-11
10452| [855472] Solaris Update for Apache Security 113146-12
10453| [855179] Solaris Update for Apache 1.3 122912-15
10454| [855147] Solaris Update for kernel update and Apache 108528-29
10455| [855077] Solaris Update for Apache 2 120543-14
10456| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10457| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10458| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10459| [841209] Ubuntu Update for apache2 USN-1627-1
10460| [840900] Ubuntu Update for apache2 USN-1368-1
10461| [840798] Ubuntu Update for apache2 USN-1259-1
10462| [840734] Ubuntu Update for apache2 USN-1199-1
10463| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10464| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10465| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10466| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10467| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10468| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10469| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10470| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10471| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10472| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10473| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10474| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10475| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10476| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10477| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10478| [835188] HP-UX Update for Apache HPSBUX02308
10479| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10480| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10481| [835172] HP-UX Update for Apache HPSBUX02365
10482| [835168] HP-UX Update for Apache HPSBUX02313
10483| [835148] HP-UX Update for Apache HPSBUX01064
10484| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10485| [835131] HP-UX Update for Apache HPSBUX00256
10486| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10487| [835104] HP-UX Update for Apache HPSBUX00224
10488| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10489| [835101] HP-UX Update for Apache HPSBUX01232
10490| [835080] HP-UX Update for Apache HPSBUX02273
10491| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10492| [835044] HP-UX Update for Apache HPSBUX01019
10493| [835040] HP-UX Update for Apache PHP HPSBUX00207
10494| [835025] HP-UX Update for Apache HPSBUX00197
10495| [835023] HP-UX Update for Apache HPSBUX01022
10496| [835022] HP-UX Update for Apache HPSBUX02292
10497| [835005] HP-UX Update for Apache HPSBUX02262
10498| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10499| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10500| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10501| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10502| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10503| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10504| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10505| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10506| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10507| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10508| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10509| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10510| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10511| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10512| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10513| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10514| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10515| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10516| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10517| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10518| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10519| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10520| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10521| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10522| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10523| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10524| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10525| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10526| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10527| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10528| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10529| [801942] Apache Archiva Multiple Vulnerabilities
10530| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10531| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10532| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10533| [801284] Apache Derby Information Disclosure Vulnerability
10534| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10535| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10536| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10537| [800680] Apache APR Version Detection
10538| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10539| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10540| [800677] Apache Roller Version Detection
10541| [800279] Apache mod_jk Module Version Detection
10542| [800278] Apache Struts Cross Site Scripting Vulnerability
10543| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10544| [800276] Apache Struts Version Detection
10545| [800271] Apache Struts Directory Traversal Vulnerability
10546| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10547| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10548| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10549| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10550| [103074] Apache Continuum Cross Site Scripting Vulnerability
10551| [103073] Apache Continuum Detection
10552| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10553| [101023] Apache Open For Business Weak Password security check
10554| [101020] Apache Open For Business HTML injection vulnerability
10555| [101019] Apache Open For Business service detection
10556| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10557| [100923] Apache Archiva Detection
10558| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10559| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10560| [100813] Apache Axis2 Detection
10561| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10562| [100795] Apache Derby Detection
10563| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10564| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10565| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10566| [100514] Apache Multiple Security Vulnerabilities
10567| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10568| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10569| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10570| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10571| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10572| [72612] FreeBSD Ports: apache22
10573| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
10574| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
10575| [71512] FreeBSD Ports: apache
10576| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
10577| [71256] Debian Security Advisory DSA 2452-1 (apache2)
10578| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
10579| [70737] FreeBSD Ports: apache
10580| [70724] Debian Security Advisory DSA 2405-1 (apache2)
10581| [70600] FreeBSD Ports: apache
10582| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
10583| [70235] Debian Security Advisory DSA 2298-2 (apache2)
10584| [70233] Debian Security Advisory DSA 2298-1 (apache2)
10585| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
10586| [69338] Debian Security Advisory DSA 2202-1 (apache2)
10587| [67868] FreeBSD Ports: apache
10588| [66816] FreeBSD Ports: apache
10589| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
10590| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
10591| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
10592| [66081] SLES11: Security update for Apache 2
10593| [66074] SLES10: Security update for Apache 2
10594| [66070] SLES9: Security update for Apache 2
10595| [65998] SLES10: Security update for apache2-mod_python
10596| [65893] SLES10: Security update for Apache 2
10597| [65888] SLES10: Security update for Apache 2
10598| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
10599| [65510] SLES9: Security update for Apache 2
10600| [65472] SLES9: Security update for Apache
10601| [65467] SLES9: Security update for Apache
10602| [65450] SLES9: Security update for apache2
10603| [65390] SLES9: Security update for Apache2
10604| [65363] SLES9: Security update for Apache2
10605| [65309] SLES9: Security update for Apache and mod_ssl
10606| [65296] SLES9: Security update for webdav apache module
10607| [65283] SLES9: Security update for Apache2
10608| [65249] SLES9: Security update for Apache 2
10609| [65230] SLES9: Security update for Apache 2
10610| [65228] SLES9: Security update for Apache 2
10611| [65212] SLES9: Security update for apache2-mod_python
10612| [65209] SLES9: Security update for apache2-worker
10613| [65207] SLES9: Security update for Apache 2
10614| [65168] SLES9: Security update for apache2-mod_python
10615| [65142] SLES9: Security update for Apache2
10616| [65136] SLES9: Security update for Apache 2
10617| [65132] SLES9: Security update for apache
10618| [65131] SLES9: Security update for Apache 2 oes/CORE
10619| [65113] SLES9: Security update for apache2
10620| [65072] SLES9: Security update for apache and mod_ssl
10621| [65017] SLES9: Security update for Apache 2
10622| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
10623| [64783] FreeBSD Ports: apache
10624| [64774] Ubuntu USN-802-2 (apache2)
10625| [64653] Ubuntu USN-813-2 (apache2)
10626| [64559] Debian Security Advisory DSA 1834-2 (apache2)
10627| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
10628| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
10629| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
10630| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
10631| [64443] Ubuntu USN-802-1 (apache2)
10632| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
10633| [64423] Debian Security Advisory DSA 1834-1 (apache2)
10634| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
10635| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
10636| [64251] Debian Security Advisory DSA 1816-1 (apache2)
10637| [64201] Ubuntu USN-787-1 (apache2)
10638| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
10639| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
10640| [63565] FreeBSD Ports: apache
10641| [63562] Ubuntu USN-731-1 (apache2)
10642| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
10643| [61185] FreeBSD Ports: apache
10644| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
10645| [60387] Slackware Advisory SSA:2008-045-02 apache
10646| [58826] FreeBSD Ports: apache-tomcat
10647| [58825] FreeBSD Ports: apache-tomcat
10648| [58804] FreeBSD Ports: apache
10649| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
10650| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
10651| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
10652| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
10653| [57335] Debian Security Advisory DSA 1167-1 (apache)
10654| [57201] Debian Security Advisory DSA 1131-1 (apache)
10655| [57200] Debian Security Advisory DSA 1132-1 (apache2)
10656| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
10657| [57145] FreeBSD Ports: apache
10658| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
10659| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
10660| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
10661| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
10662| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
10663| [56067] FreeBSD Ports: apache
10664| [55803] Slackware Advisory SSA:2005-310-04 apache
10665| [55519] Debian Security Advisory DSA 839-1 (apachetop)
10666| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
10667| [55355] FreeBSD Ports: apache
10668| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
10669| [55261] Debian Security Advisory DSA 805-1 (apache2)
10670| [55259] Debian Security Advisory DSA 803-1 (apache)
10671| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
10672| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
10673| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
10674| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
10675| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
10676| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
10677| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
10678| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
10679| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
10680| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
10681| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
10682| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
10683| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
10684| [54439] FreeBSD Ports: apache
10685| [53931] Slackware Advisory SSA:2004-133-01 apache
10686| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
10687| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
10688| [53878] Slackware Advisory SSA:2003-308-01 apache security update
10689| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
10690| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
10691| [53848] Debian Security Advisory DSA 131-1 (apache)
10692| [53784] Debian Security Advisory DSA 021-1 (apache)
10693| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
10694| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
10695| [53735] Debian Security Advisory DSA 187-1 (apache)
10696| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
10697| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
10698| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
10699| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
10700| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
10701| [53282] Debian Security Advisory DSA 594-1 (apache)
10702| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
10703| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
10704| [53215] Debian Security Advisory DSA 525-1 (apache)
10705| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
10706| [52529] FreeBSD Ports: apache+ssl
10707| [52501] FreeBSD Ports: apache
10708| [52461] FreeBSD Ports: apache
10709| [52390] FreeBSD Ports: apache
10710| [52389] FreeBSD Ports: apache
10711| [52388] FreeBSD Ports: apache
10712| [52383] FreeBSD Ports: apache
10713| [52339] FreeBSD Ports: apache+mod_ssl
10714| [52331] FreeBSD Ports: apache
10715| [52329] FreeBSD Ports: ru-apache+mod_ssl
10716| [52314] FreeBSD Ports: apache
10717| [52310] FreeBSD Ports: apache
10718| [15588] Detect Apache HTTPS
10719| [15555] Apache mod_proxy content-length buffer overflow
10720| [15554] Apache mod_include priviledge escalation
10721| [14771] Apache <= 1.3.33 htpasswd local overflow
10722| [14177] Apache mod_access rule bypass
10723| [13644] Apache mod_rootme Backdoor
10724| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
10725| [12280] Apache Connection Blocking Denial of Service
10726| [12239] Apache Error Log Escape Sequence Injection
10727| [12123] Apache Tomcat source.jsp malformed request information disclosure
10728| [12085] Apache Tomcat servlet/JSP container default files
10729| [11438] Apache Tomcat Directory Listing and File disclosure
10730| [11204] Apache Tomcat Default Accounts
10731| [11092] Apache 2.0.39 Win32 directory traversal
10732| [11046] Apache Tomcat TroubleShooter Servlet Installed
10733| [11042] Apache Tomcat DOS Device Name XSS
10734| [11041] Apache Tomcat /servlet Cross Site Scripting
10735| [10938] Apache Remote Command Execution via .bat files
10736| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
10737| [10773] MacOS X Finder reveals contents of Apache Web files
10738| [10766] Apache UserDir Sensitive Information Disclosure
10739| [10756] MacOS X Finder reveals contents of Apache Web directories
10740| [10752] Apache Auth Module SQL Insertion Attack
10741| [10704] Apache Directory Listing
10742| [10678] Apache /server-info accessible
10743| [10677] Apache /server-status accessible
10744| [10440] Check for Apache Multiple / vulnerability
10745|
10746| SecurityTracker - https://www.securitytracker.com:
10747| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
10748| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
10749| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
10750| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
10751| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10752| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10753| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10754| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
10755| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
10756| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
10757| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10758| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
10759| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
10760| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
10761| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
10762| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
10763| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
10764| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
10765| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
10766| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
10767| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
10768| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
10769| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
10770| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10771| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
10772| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10773| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10774| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
10775| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
10776| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
10777| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
10778| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
10779| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
10780| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
10781| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
10782| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
10783| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
10784| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
10785| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
10786| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
10787| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
10788| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
10789| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
10790| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
10791| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
10792| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
10793| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10794| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
10795| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
10796| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
10797| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
10798| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
10799| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
10800| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
10801| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
10802| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
10803| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
10804| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
10805| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
10806| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
10807| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
10808| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
10809| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
10810| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
10811| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
10812| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
10813| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
10814| [1024096] Apache mod_proxy_http May Return Results for a Different Request
10815| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
10816| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
10817| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
10818| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
10819| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
10820| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
10821| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
10822| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
10823| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
10824| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
10825| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
10826| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
10827| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
10828| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
10829| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
10830| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
10831| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
10832| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
10833| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
10834| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
10835| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
10836| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
10837| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
10838| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
10839| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
10840| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
10841| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
10842| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
10843| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
10844| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
10845| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
10846| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
10847| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
10848| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
10849| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
10850| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
10851| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
10852| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
10853| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
10854| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
10855| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
10856| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
10857| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
10858| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
10859| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
10860| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
10861| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
10862| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
10863| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
10864| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
10865| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
10866| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
10867| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
10868| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
10869| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
10870| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
10871| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
10872| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
10873| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
10874| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
10875| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
10876| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
10877| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
10878| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
10879| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
10880| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
10881| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
10882| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
10883| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
10884| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
10885| [1008920] Apache mod_digest May Validate Replayed Client Responses
10886| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
10887| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
10888| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
10889| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
10890| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
10891| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
10892| [1008030] Apache mod_rewrite Contains a Buffer Overflow
10893| [1008029] Apache mod_alias Contains a Buffer Overflow
10894| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
10895| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
10896| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
10897| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
10898| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
10899| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
10900| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
10901| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
10902| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
10903| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
10904| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
10905| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
10906| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
10907| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
10908| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
10909| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
10910| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
10911| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
10912| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
10913| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
10914| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
10915| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
10916| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
10917| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
10918| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
10919| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
10920| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
10921| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
10922| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
10923| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
10924| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
10925| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
10926| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
10927| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
10928| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
10929| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
10930| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
10931| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
10932| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
10933| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
10934| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
10935| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
10936| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
10937| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
10938| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
10939| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
10940| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
10941| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
10942| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
10943| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
10944| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
10945| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
10946| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
10947| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
10948| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
10949| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
10950|
10951| OSVDB - http://www.osvdb.org:
10952| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
10953| [96077] Apache CloudStack Global Settings Multiple Field XSS
10954| [96076] Apache CloudStack Instances Menu Display Name Field XSS
10955| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
10956| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
10957| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
10958| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
10959| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
10960| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
10961| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
10962| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
10963| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
10964| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
10965| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
10966| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
10967| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
10968| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
10969| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
10970| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
10971| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
10972| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
10973| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
10974| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
10975| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
10976| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
10977| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
10978| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
10979| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
10980| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
10981| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
10982| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
10983| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
10984| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
10985| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
10986| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
10987| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
10988| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
10989| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
10990| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
10991| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
10992| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
10993| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
10994| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
10995| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
10996| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
10997| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
10998| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
10999| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11000| [94279] Apache Qpid CA Certificate Validation Bypass
11001| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11002| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11003| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11004| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11005| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11006| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11007| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11008| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11009| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11010| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11011| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11012| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11013| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11014| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11015| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11016| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11017| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11018| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11019| [93541] Apache Solr json.wrf Callback XSS
11020| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11021| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11022| [93520] Apache CloudStack Default SSL Key Weakness
11023| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11024| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11025| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11026| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11027| [93515] Apache HBase table.jsp name Parameter XSS
11028| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11029| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11030| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11031| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11032| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11033| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11034| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11035| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11036| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11037| [93252] Apache Tomcat FORM Authenticator Session Fixation
11038| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11039| [93171] Apache Sling HtmlResponse Error Message XSS
11040| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11041| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11042| [93168] Apache Click ErrorReport.java id Parameter XSS
11043| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11044| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11045| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11046| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11047| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11048| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11049| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11050| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11051| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11052| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11053| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11054| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11055| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11056| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11057| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11058| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11059| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11060| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11061| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11062| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11063| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11064| [93144] Apache Solr Admin Command Execution CSRF
11065| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11066| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11067| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11068| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11069| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11070| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11071| [92748] Apache CloudStack VM Console Access Restriction Bypass
11072| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11073| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11074| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11075| [92706] Apache ActiveMQ Debug Log Rendering XSS
11076| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11077| [92270] Apache Tomcat Unspecified CSRF
11078| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11079| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11080| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11081| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11082| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11083| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11084| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11085| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11086| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11087| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11088| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11089| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11090| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11091| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11092| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11093| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11094| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11095| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11096| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11097| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11098| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11099| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11100| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11101| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11102| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11103| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11104| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11105| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11106| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11107| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11108| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11109| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11110| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11111| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11112| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11113| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11114| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11115| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11116| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11117| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11118| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11119| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11120| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11121| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11122| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11123| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11124| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11125| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11126| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11127| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11128| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11129| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11130| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11131| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11132| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11133| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11134| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11135| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11136| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11137| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11138| [86901] Apache Tomcat Error Message Path Disclosure
11139| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11140| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11141| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11142| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11143| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11144| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11145| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11146| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11147| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11148| [85430] Apache mod_pagespeed Module Unspecified XSS
11149| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11150| [85249] Apache Wicket Unspecified XSS
11151| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11152| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11153| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11154| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11155| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11156| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11157| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11158| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11159| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11160| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11161| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11162| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11163| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11164| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11165| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11166| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11167| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11168| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11169| [83339] Apache Roller Blogger Roll Unspecified XSS
11170| [83270] Apache Roller Unspecified Admin Action CSRF
11171| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11172| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11173| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11174| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11175| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11176| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11177| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11178| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11179| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11180| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11181| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11182| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11183| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11184| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11185| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11186| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11187| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11188| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11189| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11190| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11191| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11192| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11193| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11194| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11195| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11196| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11197| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11198| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11199| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11200| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11201| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11202| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11203| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11204| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11205| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11206| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11207| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11208| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11209| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11210| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11211| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11212| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11213| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11214| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11215| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11216| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11217| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11218| [77593] Apache Struts Conversion Error OGNL Expression Injection
11219| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11220| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11221| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11222| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11223| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11224| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11225| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11226| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11227| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11228| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11229| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11230| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11231| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11232| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11233| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11234| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11235| [74725] Apache Wicket Multi Window Support Unspecified XSS
11236| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11237| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11238| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11239| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11240| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11241| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11242| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11243| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11244| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11245| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11246| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11247| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11248| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11249| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11250| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11251| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11252| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11253| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11254| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11255| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11256| [73154] Apache Archiva Multiple Unspecified CSRF
11257| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11258| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11259| [72238] Apache Struts Action / Method Names <
11260| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11261| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11262| [71557] Apache Tomcat HTML Manager Multiple XSS
11263| [71075] Apache Archiva User Management Page XSS
11264| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11265| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11266| [70924] Apache Continuum Multiple Admin Function CSRF
11267| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11268| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11269| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11270| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11271| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11272| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11273| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11274| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11275| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11276| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11277| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11278| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11279| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11280| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11281| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11282| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11283| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11284| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11285| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11286| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11287| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11288| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11289| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11290| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11291| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11292| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11293| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11294| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11295| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11296| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11297| [65054] Apache ActiveMQ Jetty Error Handler XSS
11298| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11299| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11300| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11301| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11302| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11303| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11304| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11305| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11306| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11307| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11308| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11309| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11310| [63895] Apache HTTP Server mod_headers Unspecified Issue
11311| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11312| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11313| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11314| [63140] Apache Thrift Service Malformed Data Remote DoS
11315| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11316| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11317| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11318| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11319| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11320| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11321| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11322| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11323| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11324| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11325| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11326| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11327| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11328| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11329| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11330| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11331| [60678] Apache Roller Comment Email Notification Manipulation DoS
11332| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11333| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11334| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11335| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11336| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11337| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11338| [60232] PHP on Apache php.exe Direct Request Remote DoS
11339| [60176] Apache Tomcat Windows Installer Admin Default Password
11340| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11341| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11342| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11343| [59944] Apache Hadoop jobhistory.jsp XSS
11344| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11345| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11346| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11347| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11348| [59019] Apache mod_python Cookie Salting Weakness
11349| [59018] Apache Harmony Error Message Handling Overflow
11350| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11351| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11352| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11353| [59010] Apache Solr get-file.jsp XSS
11354| [59009] Apache Solr action.jsp XSS
11355| [59008] Apache Solr analysis.jsp XSS
11356| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11357| [59006] Apache Beehive select / checkbox Tag XSS
11358| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11359| [59004] Apache Beehive Error Message XSS
11360| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11361| [59002] Apache Jetspeed default-page.psml URI XSS
11362| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11363| [59000] Apache CXF Unsigned Message Policy Bypass
11364| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11365| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11366| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11367| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11368| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11369| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11370| [58993] Apache Hadoop browseBlock.jsp XSS
11371| [58991] Apache Hadoop browseDirectory.jsp XSS
11372| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11373| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11374| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11375| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11376| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11377| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11378| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11379| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11380| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11381| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11382| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11383| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11384| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11385| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11386| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11387| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11388| [58974] Apache Sling /apps Script User Session Management Access Weakness
11389| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11390| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11391| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11392| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11393| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11394| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11395| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11396| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11397| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11398| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11399| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11400| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11401| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11402| [58805] Apache Derby Unauthenticated Database / Admin Access
11403| [58804] Apache Wicket Header Contribution Unspecified Issue
11404| [58803] Apache Wicket Session Fixation
11405| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11406| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11407| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11408| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11409| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11410| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11411| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11412| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11413| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11414| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11415| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11416| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11417| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11418| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11419| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11420| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11421| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11422| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11423| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11424| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11425| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11426| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11427| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11428| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11429| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11430| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11431| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11432| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11433| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11434| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11435| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11436| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11437| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11438| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11439| [58755] Apache Harmony DRLVM Non-public Class Member Access
11440| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11441| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11442| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11443| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11444| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11445| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11446| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11447| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11448| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11449| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11450| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11451| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11452| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11453| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11454| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11455| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11456| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11457| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11458| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11459| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11460| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11461| [58724] Apache Roller Logout Functionality Failure Session Persistence
11462| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11463| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11464| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11465| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11466| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11467| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11468| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11469| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11470| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11471| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11472| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11473| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11474| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11475| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11476| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11477| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11478| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11479| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11480| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11481| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11482| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11483| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11484| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11485| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11486| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11487| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11488| [58687] Apache Axis Invalid wsdl Request XSS
11489| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11490| [58685] Apache Velocity Template Designer Privileged Code Execution
11491| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11492| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11493| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11494| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11495| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11496| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11497| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11498| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11499| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11500| [58667] Apache Roller Database Cleartext Passwords Disclosure
11501| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11502| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11503| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11504| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11505| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11506| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11507| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11508| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11509| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11510| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11511| [56984] Apache Xerces2 Java Malformed XML Input DoS
11512| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11513| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11514| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11515| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11516| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11517| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11518| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11519| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11520| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11521| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11522| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11523| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11524| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11525| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11526| [55056] Apache Tomcat Cross-application TLD File Manipulation
11527| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11528| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11529| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11530| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11531| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11532| [54589] Apache Jserv Nonexistent JSP Request XSS
11533| [54122] Apache Struts s:a / s:url Tag href Element XSS
11534| [54093] Apache ActiveMQ Web Console JMS Message XSS
11535| [53932] Apache Geronimo Multiple Admin Function CSRF
11536| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11537| [53930] Apache Geronimo /console/portal/ URI XSS
11538| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11539| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11540| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11541| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11542| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11543| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11544| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11545| [53380] Apache Struts Unspecified XSS
11546| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11547| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11548| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11549| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11550| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11551| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11552| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11553| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11554| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11555| [51151] Apache Roller Search Function q Parameter XSS
11556| [50482] PHP with Apache php_value Order Unspecified Issue
11557| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11558| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11559| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11560| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11561| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11562| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11563| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11564| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11565| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11566| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11567| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11568| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11569| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11570| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11571| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11572| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
11573| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
11574| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
11575| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
11576| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
11577| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
11578| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
11579| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
11580| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
11581| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
11582| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
11583| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
11584| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
11585| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
11586| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
11587| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
11588| [43452] Apache Tomcat HTTP Request Smuggling
11589| [43309] Apache Geronimo LoginModule Login Method Bypass
11590| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
11591| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
11592| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
11593| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
11594| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
11595| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
11596| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
11597| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
11598| [42091] Apache Maven Site Plugin Installation Permission Weakness
11599| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
11600| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
11601| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
11602| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
11603| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
11604| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
11605| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
11606| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
11607| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
11608| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
11609| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
11610| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
11611| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
11612| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
11613| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
11614| [40262] Apache HTTP Server mod_status refresh XSS
11615| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
11616| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
11617| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
11618| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
11619| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
11620| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
11621| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
11622| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
11623| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
11624| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
11625| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
11626| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
11627| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
11628| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
11629| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
11630| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
11631| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
11632| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
11633| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
11634| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
11635| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
11636| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
11637| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
11638| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
11639| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
11640| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
11641| [36080] Apache Tomcat JSP Examples Crafted URI XSS
11642| [36079] Apache Tomcat Manager Uploaded Filename XSS
11643| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
11644| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
11645| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
11646| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
11647| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
11648| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
11649| [34881] Apache Tomcat Malformed Accept-Language Header XSS
11650| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
11651| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
11652| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
11653| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
11654| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
11655| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
11656| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
11657| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
11658| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
11659| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
11660| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
11661| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
11662| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
11663| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
11664| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
11665| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
11666| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
11667| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
11668| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
11669| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
11670| [32724] Apache mod_python _filter_read Freed Memory Disclosure
11671| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
11672| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
11673| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
11674| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
11675| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
11676| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
11677| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
11678| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
11679| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
11680| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
11681| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
11682| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
11683| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
11684| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
11685| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
11686| [24365] Apache Struts Multiple Function Error Message XSS
11687| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
11688| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
11689| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
11690| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
11691| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
11692| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
11693| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
11694| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
11695| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
11696| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
11697| [22459] Apache Geronimo Error Page XSS
11698| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
11699| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
11700| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
11701| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
11702| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
11703| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
11704| [21021] Apache Struts Error Message XSS
11705| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
11706| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
11707| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
11708| [20439] Apache Tomcat Directory Listing Saturation DoS
11709| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
11710| [20285] Apache HTTP Server Log File Control Character Injection
11711| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
11712| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
11713| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
11714| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
11715| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
11716| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
11717| [19821] Apache Tomcat Malformed Post Request Information Disclosure
11718| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
11719| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
11720| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
11721| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
11722| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
11723| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
11724| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
11725| [18233] Apache HTTP Server htdigest user Variable Overfow
11726| [17738] Apache HTTP Server HTTP Request Smuggling
11727| [16586] Apache HTTP Server Win32 GET Overflow DoS
11728| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
11729| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
11730| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
11731| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
11732| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
11733| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
11734| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
11735| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
11736| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
11737| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
11738| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
11739| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
11740| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
11741| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
11742| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
11743| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
11744| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
11745| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
11746| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
11747| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
11748| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
11749| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
11750| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
11751| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
11752| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
11753| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
11754| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
11755| [13304] Apache Tomcat realPath.jsp Path Disclosure
11756| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
11757| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
11758| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
11759| [12848] Apache HTTP Server htdigest realm Variable Overflow
11760| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
11761| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
11762| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
11763| [12557] Apache HTTP Server prefork MPM accept Error DoS
11764| [12233] Apache Tomcat MS-DOS Device Name Request DoS
11765| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
11766| [12231] Apache Tomcat web.xml Arbitrary File Access
11767| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
11768| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
11769| [12178] Apache Jakarta Lucene results.jsp XSS
11770| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
11771| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
11772| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
11773| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
11774| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
11775| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
11776| [10471] Apache Xerces-C++ XML Parser DoS
11777| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
11778| [10068] Apache HTTP Server htpasswd Local Overflow
11779| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
11780| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
11781| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
11782| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
11783| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
11784| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
11785| [9717] Apache HTTP Server mod_cookies Cookie Overflow
11786| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
11787| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
11788| [9714] Apache Authentication Module Threaded MPM DoS
11789| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
11790| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
11791| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
11792| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
11793| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
11794| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
11795| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
11796| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
11797| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
11798| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
11799| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
11800| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
11801| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
11802| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
11803| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
11804| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
11805| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
11806| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
11807| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
11808| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
11809| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
11810| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
11811| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
11812| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
11813| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
11814| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
11815| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
11816| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
11817| [9208] Apache Tomcat .jsp Encoded Newline XSS
11818| [9204] Apache Tomcat ROOT Application XSS
11819| [9203] Apache Tomcat examples Application XSS
11820| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
11821| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
11822| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
11823| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
11824| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
11825| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
11826| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
11827| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
11828| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
11829| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
11830| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
11831| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
11832| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
11833| [7611] Apache HTTP Server mod_alias Local Overflow
11834| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
11835| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
11836| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
11837| [6882] Apache mod_python Malformed Query String Variant DoS
11838| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
11839| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
11840| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
11841| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
11842| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
11843| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
11844| [5526] Apache Tomcat Long .JSP URI Path Disclosure
11845| [5278] Apache Tomcat web.xml Restriction Bypass
11846| [5051] Apache Tomcat Null Character DoS
11847| [4973] Apache Tomcat servlet Mapping XSS
11848| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
11849| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
11850| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
11851| [4568] mod_survey For Apache ENV Tags SQL Injection
11852| [4553] Apache HTTP Server ApacheBench Overflow DoS
11853| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
11854| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
11855| [4383] Apache HTTP Server Socket Race Condition DoS
11856| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
11857| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
11858| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
11859| [4231] Apache Cocoon Error Page Server Path Disclosure
11860| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
11861| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
11862| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
11863| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
11864| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
11865| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
11866| [3322] mod_php for Apache HTTP Server Process Hijack
11867| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
11868| [2885] Apache mod_python Malformed Query String DoS
11869| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
11870| [2733] Apache HTTP Server mod_rewrite Local Overflow
11871| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
11872| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
11873| [2149] Apache::Gallery Privilege Escalation
11874| [2107] Apache HTTP Server mod_ssl Host: Header XSS
11875| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
11876| [1833] Apache HTTP Server Multiple Slash GET Request DoS
11877| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
11878| [872] Apache Tomcat Multiple Default Accounts
11879| [862] Apache HTTP Server SSI Error Page XSS
11880| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
11881| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
11882| [845] Apache Tomcat MSDOS Device XSS
11883| [844] Apache Tomcat Java Servlet Error Page XSS
11884| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
11885| [838] Apache HTTP Server Chunked Encoding Remote Overflow
11886| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
11887| [775] Apache mod_python Module Importing Privilege Function Execution
11888| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
11889| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
11890| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
11891| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
11892| [637] Apache HTTP Server UserDir Directive Username Enumeration
11893| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
11894| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
11895| [562] Apache HTTP Server mod_info /server-info Information Disclosure
11896| [561] Apache Web Servers mod_status /server-status Information Disclosure
11897| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
11898| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
11899| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
11900| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
11901| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
11902| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
11903| [376] Apache Tomcat contextAdmin Arbitrary File Access
11904| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
11905| [222] Apache HTTP Server test-cgi Arbitrary File Access
11906| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
11907| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
11908|_
11909110/tcp open pop3 Dovecot pop3d
11910| vulscan: VulDB - https://vuldb.com:
11911| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
11912| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
11913| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
11914| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
11915| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
11916| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
11917| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
11918| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
11919| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
11920| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
11921| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
11922| [69835] Dovecot 2.2.0/2.2.1 denial of service
11923| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
11924| [65684] Dovecot up to 2.2.6 unknown vulnerability
11925| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
11926| [63692] Dovecot up to 2.0.15 spoofing
11927| [7062] Dovecot 2.1.10 mail-search.c denial of service
11928| [57517] Dovecot up to 2.0.12 Login directory traversal
11929| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
11930| [57515] Dovecot up to 2.0.12 Crash denial of service
11931| [54944] Dovecot up to 1.2.14 denial of service
11932| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
11933| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
11934| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
11935| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
11936| [53277] Dovecot up to 1.2.10 denial of service
11937| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
11938| [45256] Dovecot up to 1.1.5 directory traversal
11939| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
11940| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
11941| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
11942| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
11943| [40356] Dovecot 1.0.9 Cache unknown vulnerability
11944| [38222] Dovecot 1.0.2 directory traversal
11945| [36376] Dovecot up to 1.0.x directory traversal
11946| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
11947|
11948| MITRE CVE - https://cve.mitre.org:
11949| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
11950| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
11951| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
11952| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
11953| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
11954| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
11955| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
11956| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
11957| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
11958| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
11959| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
11960| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
11961| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
11962| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
11963| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
11964| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
11965| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
11966| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
11967| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
11968| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
11969| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
11970| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
11971| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
11972| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
11973| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
11974| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
11975| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
11976| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
11977| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
11978| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
11979| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
11980| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
11981| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
11982| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
11983| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
11984| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
11985| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
11986|
11987| SecurityFocus - https://www.securityfocus.com/bid/:
11988| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
11989| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
11990| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
11991| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
11992| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
11993| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
11994| [67306] Dovecot Denial of Service Vulnerability
11995| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
11996| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
11997| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
11998| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
11999| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
12000| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
12001| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
12002| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
12003| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
12004| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
12005| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
12006| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
12007| [39838] tpop3d Remote Denial of Service Vulnerability
12008| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
12009| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
12010| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
12011| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
12012| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
12013| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
12014| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
12015| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
12016| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
12017| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
12018| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
12019| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
12020| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
12021| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
12022| [17961] Dovecot Remote Information Disclosure Vulnerability
12023| [16672] Dovecot Double Free Denial of Service Vulnerability
12024| [8495] akpop3d User Name SQL Injection Vulnerability
12025| [8473] Vpop3d Remote Denial Of Service Vulnerability
12026| [3990] ZPop3D Bad Login Logging Failure Vulnerability
12027| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
12028|
12029| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12030| [86382] Dovecot POP3 Service denial of service
12031| [84396] Dovecot IMAP APPEND denial of service
12032| [80453] Dovecot mail-search.c denial of service
12033| [71354] Dovecot SSL Common Name (CN) weak security
12034| [67675] Dovecot script-login security bypass
12035| [67674] Dovecot script-login directory traversal
12036| [67589] Dovecot header name denial of service
12037| [63267] Apple Mac OS X Dovecot information disclosure
12038| [62340] Dovecot mailbox security bypass
12039| [62339] Dovecot IMAP or POP3 denial of service
12040| [62256] Dovecot mailbox security bypass
12041| [62255] Dovecot ACL entry security bypass
12042| [60639] Dovecot ACL plugin weak security
12043| [57267] Apple Mac OS X Dovecot Kerberos security bypass
12044| [56763] Dovecot header denial of service
12045| [54363] Dovecot base_dir privilege escalation
12046| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
12047| [46323] Dovecot dovecot.conf information disclosure
12048| [46227] Dovecot message parsing denial of service
12049| [45669] Dovecot ACL mailbox security bypass
12050| [45667] Dovecot ACL plugin rights security bypass
12051| [41085] Dovecot TAB characters authentication bypass
12052| [41009] Dovecot mail_extra_groups option unauthorized access
12053| [39342] Dovecot LDAP auth cache configuration security bypass
12054| [35767] Dovecot ACL plugin security bypass
12055| [34082] Dovecot mbox-storage.c directory traversal
12056| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
12057| [26578] Cyrus IMAP pop3d buffer overflow
12058| [26536] Dovecot IMAP LIST information disclosure
12059| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
12060| [24709] Dovecot APPEND command denial of service
12061| [13018] akpop3d authentication code SQL injection
12062| [7345] Slackware Linux imapd and ipop3d core dump
12063| [6269] imap, ipop2d and ipop3d buffer overflows
12064| [5923] Linuxconf vpop3d symbolic link
12065| [4918] IPOP3D, Buffer overflow attack
12066| [1560] IPOP3D, user login successful
12067| [1559] IPOP3D user login to remote host successful
12068| [1525] IPOP3D, user logout
12069| [1524] IPOP3D, user auto-logout
12070| [1523] IPOP3D, user login failure
12071| [1522] IPOP3D, brute force attack
12072| [1521] IPOP3D, user kiss of death logout
12073| [418] pop3d mktemp creates insecure temporary files
12074|
12075| Exploit-DB - https://www.exploit-db.com:
12076| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
12077| [23053] Vpop3d Remote Denial of Service Vulnerability
12078| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
12079| [11893] tPop3d 1.5.3 DoS
12080| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
12081| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
12082| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
12083| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
12084|
12085| OpenVAS (Nessus) - http://www.openvas.org:
12086| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
12087| [901025] Dovecot Version Detection
12088| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
12089| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
12090| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
12091| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
12092| [870607] RedHat Update for dovecot RHSA-2011:0600-01
12093| [870471] RedHat Update for dovecot RHSA-2011:1187-01
12094| [870153] RedHat Update for dovecot RHSA-2008:0297-02
12095| [863272] Fedora Update for dovecot FEDORA-2011-7612
12096| [863115] Fedora Update for dovecot FEDORA-2011-7258
12097| [861525] Fedora Update for dovecot FEDORA-2007-664
12098| [861394] Fedora Update for dovecot FEDORA-2007-493
12099| [861333] Fedora Update for dovecot FEDORA-2007-1485
12100| [860845] Fedora Update for dovecot FEDORA-2008-9202
12101| [860663] Fedora Update for dovecot FEDORA-2008-2475
12102| [860169] Fedora Update for dovecot FEDORA-2008-2464
12103| [860089] Fedora Update for dovecot FEDORA-2008-9232
12104| [840950] Ubuntu Update for dovecot USN-1295-1
12105| [840668] Ubuntu Update for dovecot USN-1143-1
12106| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
12107| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
12108| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
12109| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
12110| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
12111| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
12112| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
12113| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
12114| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
12115| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
12116| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
12117| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
12118| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
12119| [70259] FreeBSD Ports: dovecot
12120| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
12121| [66522] FreeBSD Ports: dovecot
12122| [65010] Ubuntu USN-838-1 (dovecot)
12123| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
12124| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
12125| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
12126| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
12127| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
12128| [62854] FreeBSD Ports: dovecot-managesieve
12129| [61916] FreeBSD Ports: dovecot
12130| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
12131| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
12132| [60528] FreeBSD Ports: dovecot
12133| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
12134| [60089] FreeBSD Ports: dovecot
12135| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
12136| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
12137|
12138| SecurityTracker - https://www.securitytracker.com:
12139| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
12140| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
12141| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
12142|
12143| OSVDB - http://www.osvdb.org:
12144| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
12145| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
12146| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
12147| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
12148| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
12149| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
12150| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
12151| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
12152| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
12153| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
12154| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
12155| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
12156| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
12157| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
12158| [66113] Dovecot Mail Root Directory Creation Permission Weakness
12159| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
12160| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
12161| [66110] Dovecot Multiple Unspecified Buffer Overflows
12162| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
12163| [64783] Dovecot E-mail Message Header Unspecified DoS
12164| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
12165| [62796] Dovecot mbox Format Email Header Handling DoS
12166| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
12167| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
12168| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
12169| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
12170| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
12171| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
12172| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
12173| [43137] Dovecot mail_extra_groups Symlink File Manipulation
12174| [42979] Dovecot passdbs Argument Injection Authentication Bypass
12175| [39876] Dovecot LDAP Auth Cache Security Bypass
12176| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
12177| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
12178| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
12179| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
12180| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
12181| [23281] Dovecot imap/pop3-login dovecot-auth DoS
12182| [23280] Dovecot Malformed APPEND Command DoS
12183| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
12184| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
12185| [5857] Linux pop3d Arbitrary Mail File Access
12186| [2471] akpop3d username SQL Injection
12187|_
12188111/tcp open rpcbind 2-4 (RPC #100000)
12189| rpcinfo:
12190| program version port/proto service
12191| 100000 2,3,4 111/tcp rpcbind
12192| 100000 2,3,4 111/udp rpcbind
12193| 100000 3,4 111/tcp6 rpcbind
12194|_ 100000 3,4 111/udp6 rpcbind
12195143/tcp open imap Dovecot imapd
12196| vulscan: VulDB - https://vuldb.com:
12197| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
12198| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
12199| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
12200| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
12201| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
12202| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
12203| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
12204| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
12205| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
12206| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
12207| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
12208| [69835] Dovecot 2.2.0/2.2.1 denial of service
12209| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
12210| [65684] Dovecot up to 2.2.6 unknown vulnerability
12211| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
12212| [63692] Dovecot up to 2.0.15 spoofing
12213| [7062] Dovecot 2.1.10 mail-search.c denial of service
12214| [59792] Cyrus IMAPd 2.4.11 weak authentication
12215| [57517] Dovecot up to 2.0.12 Login directory traversal
12216| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
12217| [57515] Dovecot up to 2.0.12 Crash denial of service
12218| [54944] Dovecot up to 1.2.14 denial of service
12219| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
12220| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
12221| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
12222| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
12223| [53277] Dovecot up to 1.2.10 denial of service
12224| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
12225| [45256] Dovecot up to 1.1.5 directory traversal
12226| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
12227| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
12228| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
12229| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
12230| [40356] Dovecot 1.0.9 Cache unknown vulnerability
12231| [38222] Dovecot 1.0.2 directory traversal
12232| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
12233| [36376] Dovecot up to 1.0.x directory traversal
12234| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
12235| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
12236|
12237| MITRE CVE - https://cve.mitre.org:
12238| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
12239| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
12240| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
12241| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
12242| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
12243| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
12244| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
12245| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
12246| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
12247| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
12248| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
12249| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
12250| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
12251| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
12252| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
12253| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
12254| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
12255| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
12256| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
12257| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
12258| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
12259| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
12260| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
12261| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
12262| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
12263| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
12264| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
12265| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
12266| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
12267| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
12268| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
12269| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
12270| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
12271| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
12272| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
12273| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
12274| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
12275| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
12276| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
12277| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
12278| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
12279| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
12280| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
12281| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
12282| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
12283| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
12284| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
12285| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
12286| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
12287| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
12288| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
12289| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
12290| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
12291| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
12292| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
12293| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
12294| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
12295| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
12296| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
12297|
12298| SecurityFocus - https://www.securityfocus.com/bid/:
12299| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
12300| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
12301| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
12302| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
12303| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
12304| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
12305| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
12306| [67306] Dovecot Denial of Service Vulnerability
12307| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
12308| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
12309| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
12310| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
12311| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
12312| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
12313| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
12314| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
12315| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
12316| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
12317| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
12318| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
12319| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
12320| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
12321| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
12322| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
12323| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
12324| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
12325| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
12326| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
12327| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
12328| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
12329| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
12330| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
12331| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
12332| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
12333| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
12334| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
12335| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
12336| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
12337| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
12338| [17961] Dovecot Remote Information Disclosure Vulnerability
12339| [16672] Dovecot Double Free Denial of Service Vulnerability
12340| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
12341| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
12342| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
12343| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
12344| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
12345| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
12346| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
12347| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
12348| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
12349| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
12350| [130] imapd Buffer Overflow Vulnerability
12351|
12352| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12353| [86382] Dovecot POP3 Service denial of service
12354| [84396] Dovecot IMAP APPEND denial of service
12355| [80453] Dovecot mail-search.c denial of service
12356| [71354] Dovecot SSL Common Name (CN) weak security
12357| [70325] Cyrus IMAPd NNTP security bypass
12358| [67675] Dovecot script-login security bypass
12359| [67674] Dovecot script-login directory traversal
12360| [67589] Dovecot header name denial of service
12361| [63267] Apple Mac OS X Dovecot information disclosure
12362| [62340] Dovecot mailbox security bypass
12363| [62339] Dovecot IMAP or POP3 denial of service
12364| [62256] Dovecot mailbox security bypass
12365| [62255] Dovecot ACL entry security bypass
12366| [60639] Dovecot ACL plugin weak security
12367| [57267] Apple Mac OS X Dovecot Kerberos security bypass
12368| [56763] Dovecot header denial of service
12369| [54363] Dovecot base_dir privilege escalation
12370| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
12371| [47526] UW-imapd rfc822_output_char() denial of service
12372| [46323] Dovecot dovecot.conf information disclosure
12373| [46227] Dovecot message parsing denial of service
12374| [45669] Dovecot ACL mailbox security bypass
12375| [45667] Dovecot ACL plugin rights security bypass
12376| [41085] Dovecot TAB characters authentication bypass
12377| [41009] Dovecot mail_extra_groups option unauthorized access
12378| [39342] Dovecot LDAP auth cache configuration security bypass
12379| [35767] Dovecot ACL plugin security bypass
12380| [34082] Dovecot mbox-storage.c directory traversal
12381| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
12382| [26536] Dovecot IMAP LIST information disclosure
12383| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
12384| [24709] Dovecot APPEND command denial of service
12385| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
12386| [19460] Cyrus IMAP imapd buffer overflow
12387| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
12388| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
12389| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
12390| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
12391| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
12392| [7345] Slackware Linux imapd and ipop3d core dump
12393| [573] Imapd denial of service
12394|
12395| Exploit-DB - https://www.exploit-db.com:
12396| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
12397| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
12398| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
12399| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
12400| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
12401| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
12402| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
12403| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
12404| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
12405| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
12406| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
12407| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
12408| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
12409| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
12410| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
12411| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
12412| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
12413| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
12414| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
12415| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
12416| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
12417| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
12418| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
12419| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
12420| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
12421| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
12422| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
12423| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
12424| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
12425| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
12426| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
12427| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
12428| [340] Linux imapd Remote Overflow File Retrieve Exploit
12429|
12430| OpenVAS (Nessus) - http://www.openvas.org:
12431| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
12432| [901025] Dovecot Version Detection
12433| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
12434| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
12435| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
12436| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
12437| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
12438| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
12439| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
12440| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
12441| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
12442| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
12443| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
12444| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
12445| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
12446| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
12447| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
12448| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
12449| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
12450| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
12451| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
12452| [870607] RedHat Update for dovecot RHSA-2011:0600-01
12453| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
12454| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
12455| [870471] RedHat Update for dovecot RHSA-2011:1187-01
12456| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
12457| [870153] RedHat Update for dovecot RHSA-2008:0297-02
12458| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
12459| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
12460| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
12461| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
12462| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
12463| [863272] Fedora Update for dovecot FEDORA-2011-7612
12464| [863115] Fedora Update for dovecot FEDORA-2011-7258
12465| [861525] Fedora Update for dovecot FEDORA-2007-664
12466| [861394] Fedora Update for dovecot FEDORA-2007-493
12467| [861333] Fedora Update for dovecot FEDORA-2007-1485
12468| [860845] Fedora Update for dovecot FEDORA-2008-9202
12469| [860663] Fedora Update for dovecot FEDORA-2008-2475
12470| [860169] Fedora Update for dovecot FEDORA-2008-2464
12471| [860089] Fedora Update for dovecot FEDORA-2008-9232
12472| [840950] Ubuntu Update for dovecot USN-1295-1
12473| [840668] Ubuntu Update for dovecot USN-1143-1
12474| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
12475| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
12476| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
12477| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
12478| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
12479| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
12480| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
12481| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
12482| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
12483| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
12484| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
12485| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
12486| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
12487| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
12488| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
12489| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
12490| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
12491| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
12492| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
12493| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
12494| [70259] FreeBSD Ports: dovecot
12495| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
12496| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
12497| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
12498| [66522] FreeBSD Ports: dovecot
12499| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
12500| [66233] SLES10: Security update for Cyrus IMAPD
12501| [66226] SLES11: Security update for Cyrus IMAPD
12502| [66222] SLES9: Security update for Cyrus IMAPD
12503| [65938] SLES10: Security update for Cyrus IMAPD
12504| [65723] SLES11: Security update for Cyrus IMAPD
12505| [65523] SLES9: Security update for Cyrus IMAPD
12506| [65479] SLES9: Security update for cyrus-imapd
12507| [65094] SLES9: Security update for cyrus-imapd
12508| [65010] Ubuntu USN-838-1 (dovecot)
12509| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
12510| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
12511| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
12512| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
12513| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
12514| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
12515| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
12516| [64898] FreeBSD Ports: cyrus-imapd
12517| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
12518| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
12519| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
12520| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
12521| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
12522| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
12523| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
12524| [62854] FreeBSD Ports: dovecot-managesieve
12525| [61916] FreeBSD Ports: dovecot
12526| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
12527| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
12528| [60528] FreeBSD Ports: dovecot
12529| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
12530| [60089] FreeBSD Ports: dovecot
12531| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
12532| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
12533| [55807] Slackware Advisory SSA:2005-310-06 imapd
12534| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
12535| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
12536| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
12537| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
12538| [52297] FreeBSD Ports: cyrus-imapd
12539| [52296] FreeBSD Ports: cyrus-imapd
12540| [52295] FreeBSD Ports: cyrus-imapd
12541| [52294] FreeBSD Ports: cyrus-imapd
12542| [52172] FreeBSD Ports: cyrus-imapd
12543|
12544| SecurityTracker - https://www.securitytracker.com:
12545| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
12546| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
12547| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
12548| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
12549|
12550| OSVDB - http://www.osvdb.org:
12551| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
12552| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
12553| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
12554| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
12555| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
12556| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
12557| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
12558| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
12559| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
12560| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
12561| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
12562| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
12563| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
12564| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
12565| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
12566| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
12567| [66113] Dovecot Mail Root Directory Creation Permission Weakness
12568| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
12569| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
12570| [66110] Dovecot Multiple Unspecified Buffer Overflows
12571| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
12572| [64783] Dovecot E-mail Message Header Unspecified DoS
12573| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
12574| [62796] Dovecot mbox Format Email Header Handling DoS
12575| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
12576| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
12577| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
12578| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
12579| [52906] UW-imapd c-client Initial Request Remote Format String
12580| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
12581| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
12582| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
12583| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
12584| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
12585| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
12586| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
12587| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
12588| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
12589| [43137] Dovecot mail_extra_groups Symlink File Manipulation
12590| [42979] Dovecot passdbs Argument Injection Authentication Bypass
12591| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
12592| [39876] Dovecot LDAP Auth Cache Security Bypass
12593| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
12594| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
12595| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
12596| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
12597| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
12598| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
12599| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
12600| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
12601| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
12602| [23281] Dovecot imap/pop3-login dovecot-auth DoS
12603| [23280] Dovecot Malformed APPEND Command DoS
12604| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
12605| [13242] UW-imapd CRAM-MD5 Authentication Bypass
12606| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
12607| [12042] UoW imapd Multiple Unspecified Overflows
12608| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
12609| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
12610| [911] UoW imapd AUTHENTICATE Command Remote Overflow
12611| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
12612| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
12613|_
12614443/tcp open ssl/http Apache httpd
12615|_http-server-header: Apache
12616| vulscan: VulDB - https://vuldb.com:
12617| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12618| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12619| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12620| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12621| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12622| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12623| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12624| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12625| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12626| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12627| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12628| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12629| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12630| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12631| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12632| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12633| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12634| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12635| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12636| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12637| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12638| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12639| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12640| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12641| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12642| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12643| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12644| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12645| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12646| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12647| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12648| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12649| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12650| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12651| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12652| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12653| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12654| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12655| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12656| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12657| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12658| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12659| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12660| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12661| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12662| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12663| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12664| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12665| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12666| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12667| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12668| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12669| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12670| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12671| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12672| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12673| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12674| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12675| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12676| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12677| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12678| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12679| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12680| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12681| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12682| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12683| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12684| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12685| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12686| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12687| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12688| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12689| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12690| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12691| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12692| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12693| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12694| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12695| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12696| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12697| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12698| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12699| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12700| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12701| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12702| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12703| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12704| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12705| [136370] Apache Fineract up to 1.2.x sql injection
12706| [136369] Apache Fineract up to 1.2.x sql injection
12707| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12708| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12709| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12710| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12711| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12712| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12713| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12714| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12715| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12716| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12717| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12718| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12719| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12720| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12721| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12722| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12723| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12724| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12725| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12726| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12727| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12728| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12729| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12730| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12731| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12732| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12733| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12734| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12735| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12736| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12737| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12738| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12739| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12740| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12741| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12742| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12743| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12744| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12745| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12746| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12747| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12748| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12749| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12750| [130629] Apache Guacamole Cookie Flag weak encryption
12751| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12752| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12753| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12754| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12755| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12756| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12757| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12758| [130123] Apache Airflow up to 1.8.2 information disclosure
12759| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12760| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12761| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12762| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12763| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12764| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12765| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12766| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12767| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12768| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12769| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12770| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12771| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12772| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12773| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12774| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12775| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12776| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12777| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12778| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12779| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12780| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12781| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12782| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12783| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12784| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12785| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12786| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12787| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12788| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12789| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12790| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12791| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12792| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12793| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12794| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12795| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12796| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12797| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12798| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12799| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12800| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12801| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12802| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12803| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12804| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12805| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12806| [127007] Apache Spark Request Code Execution
12807| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12808| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12809| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12810| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12811| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12812| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12813| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12814| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12815| [126346] Apache Tomcat Path privilege escalation
12816| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12817| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12818| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12819| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12820| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12821| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12822| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12823| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12824| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12825| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12826| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12827| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12828| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12829| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12830| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12831| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12832| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12833| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12834| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12835| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12836| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12837| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12838| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12839| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12840| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12841| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12842| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12843| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12844| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12845| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12846| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12847| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12848| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12849| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12850| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12851| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12852| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12853| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12854| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12855| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12856| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12857| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12858| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12859| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12860| [123197] Apache Sentry up to 2.0.0 privilege escalation
12861| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12862| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12863| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12864| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12865| [122800] Apache Spark 1.3.0 REST API weak authentication
12866| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12867| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12868| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12869| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12870| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12871| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12872| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12873| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12874| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12875| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12876| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12877| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12878| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12879| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12880| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12881| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12882| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12883| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12884| [121354] Apache CouchDB HTTP API Code Execution
12885| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12886| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12887| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12888| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12889| [120168] Apache CXF weak authentication
12890| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12891| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12892| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12893| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12894| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12895| [119306] Apache MXNet Network Interface privilege escalation
12896| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12897| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12898| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12899| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12900| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12901| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12902| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12903| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12904| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12905| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12906| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12907| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12908| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12909| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12910| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12911| [117115] Apache Tika up to 1.17 tika-server command injection
12912| [116929] Apache Fineract getReportType Parameter privilege escalation
12913| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12914| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12915| [116926] Apache Fineract REST Parameter privilege escalation
12916| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12917| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12918| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12919| [115883] Apache Hive up to 2.3.2 privilege escalation
12920| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12921| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12922| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12923| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12924| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12925| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12926| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12927| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12928| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12929| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12930| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12931| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12932| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12933| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12934| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12935| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12936| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12937| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12938| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12939| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12940| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12941| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12942| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12943| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12944| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12945| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12946| [113895] Apache Geode up to 1.3.x Code Execution
12947| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12948| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12949| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12950| [113747] Apache Tomcat Servlets privilege escalation
12951| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12952| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12953| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12954| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12955| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12956| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12957| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12958| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12959| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12960| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12961| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12962| [112885] Apache Allura up to 1.8.0 File information disclosure
12963| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12964| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12965| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12966| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12967| [112625] Apache POI up to 3.16 Loop denial of service
12968| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12969| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12970| [112339] Apache NiFi 1.5.0 Header privilege escalation
12971| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12972| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12973| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12974| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12975| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12976| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12977| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12978| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12979| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12980| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12981| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12982| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12983| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12984| [112114] Oracle 9.1 Apache Log4j privilege escalation
12985| [112113] Oracle 9.1 Apache Log4j privilege escalation
12986| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12987| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12988| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12989| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12990| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12991| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12992| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12993| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12994| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12995| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12996| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12997| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12998| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12999| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
13000| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
13001| [110701] Apache Fineract Query Parameter sql injection
13002| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
13003| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
13004| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
13005| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
13006| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
13007| [110106] Apache CXF Fediz Spring cross site request forgery
13008| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
13009| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
13010| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
13011| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
13012| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
13013| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
13014| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
13015| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
13016| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
13017| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
13018| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
13019| [108938] Apple macOS up to 10.13.1 apache denial of service
13020| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
13021| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
13022| [108935] Apple macOS up to 10.13.1 apache denial of service
13023| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
13024| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
13025| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
13026| [108931] Apple macOS up to 10.13.1 apache denial of service
13027| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
13028| [108929] Apple macOS up to 10.13.1 apache denial of service
13029| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
13030| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
13031| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
13032| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
13033| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
13034| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
13035| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
13036| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
13037| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
13038| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
13039| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
13040| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
13041| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
13042| [108782] Apache Xerces2 XML Service denial of service
13043| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
13044| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
13045| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
13046| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
13047| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
13048| [108629] Apache OFBiz up to 10.04.01 privilege escalation
13049| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
13050| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
13051| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
13052| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
13053| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
13054| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
13055| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
13056| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
13057| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
13058| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
13059| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
13060| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
13061| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
13062| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
13063| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
13064| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
13065| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
13066| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13067| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
13068| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
13069| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
13070| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
13071| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
13072| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
13073| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
13074| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
13075| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
13076| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
13077| [107639] Apache NiFi 1.4.0 XML External Entity
13078| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
13079| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
13080| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
13081| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
13082| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
13083| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
13084| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
13085| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
13086| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
13087| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
13088| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
13089| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13090| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13091| [107197] Apache Xerces Jelly Parser XML File XML External Entity
13092| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
13093| [107084] Apache Struts up to 2.3.19 cross site scripting
13094| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
13095| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
13096| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
13097| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
13098| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
13099| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
13100| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
13101| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
13102| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
13103| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
13104| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
13105| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
13106| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13107| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13108| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
13109| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
13110| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
13111| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
13112| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
13113| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
13114| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
13115| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
13116| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
13117| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13118| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13119| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13120| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13121| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13122| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13123| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13124| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13125| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13126| [105643] Apache Pony Mail up to 0.8b weak authentication
13127| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13128| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13129| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13130| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13131| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13132| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13133| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13134| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
13135| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
13136| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
13137| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
13138| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
13139| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
13140| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
13141| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
13142| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
13143| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
13144| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
13145| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
13146| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
13147| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
13148| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
13149| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
13150| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
13151| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
13152| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
13153| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
13154| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
13155| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
13156| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
13157| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
13158| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
13159| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
13160| [103690] Apache OpenMeetings 1.0.0 sql injection
13161| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
13162| [103688] Apache OpenMeetings 1.0.0 weak encryption
13163| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
13164| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
13165| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
13166| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
13167| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
13168| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
13169| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
13170| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
13171| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
13172| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
13173| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
13174| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
13175| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
13176| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
13177| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
13178| [103352] Apache Solr Node weak authentication
13179| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
13180| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
13181| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
13182| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
13183| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
13184| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
13185| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
13186| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
13187| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
13188| [102536] Apache Ranger up to 0.6 Stored cross site scripting
13189| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
13190| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
13191| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
13192| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
13193| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
13194| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
13195| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
13196| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
13197| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
13198| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
13199| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
13200| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
13201| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
13202| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
13203| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
13204| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
13205| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
13206| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
13207| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
13208| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
13209| [99937] Apache Batik up to 1.8 privilege escalation
13210| [99936] Apache FOP up to 2.1 privilege escalation
13211| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
13212| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
13213| [99930] Apache Traffic Server up to 6.2.0 denial of service
13214| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
13215| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
13216| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
13217| [117569] Apache Hadoop up to 2.7.3 privilege escalation
13218| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
13219| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
13220| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
13221| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
13222| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
13223| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
13224| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
13225| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
13226| [99014] Apache Camel Jackson/JacksonXML privilege escalation
13227| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13228| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
13229| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13230| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
13231| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
13232| [98605] Apple macOS up to 10.12.3 Apache denial of service
13233| [98604] Apple macOS up to 10.12.3 Apache denial of service
13234| [98603] Apple macOS up to 10.12.3 Apache denial of service
13235| [98602] Apple macOS up to 10.12.3 Apache denial of service
13236| [98601] Apple macOS up to 10.12.3 Apache denial of service
13237| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
13238| [98405] Apache Hadoop up to 0.23.10 privilege escalation
13239| [98199] Apache Camel Validation XML External Entity
13240| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
13241| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
13242| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
13243| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
13244| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
13245| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
13246| [97081] Apache Tomcat HTTPS Request denial of service
13247| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
13248| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
13249| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
13250| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
13251| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
13252| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
13253| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
13254| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
13255| [95311] Apache Storm UI Daemon privilege escalation
13256| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
13257| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
13258| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
13259| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
13260| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
13261| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
13262| [94540] Apache Tika 1.9 tika-server File information disclosure
13263| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
13264| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
13265| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
13266| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
13267| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
13268| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
13269| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13270| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13271| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
13272| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
13273| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
13274| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
13275| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
13276| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
13277| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13278| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13279| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
13280| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
13281| [93532] Apache Commons Collections Library Java privilege escalation
13282| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
13283| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
13284| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
13285| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
13286| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
13287| [93098] Apache Commons FileUpload privilege escalation
13288| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
13289| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
13290| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
13291| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
13292| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
13293| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
13294| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
13295| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
13296| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
13297| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
13298| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
13299| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
13300| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
13301| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
13302| [92549] Apache Tomcat on Red Hat privilege escalation
13303| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
13304| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
13305| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
13306| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
13307| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
13308| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
13309| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
13310| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
13311| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
13312| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
13313| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
13314| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
13315| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
13316| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
13317| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
13318| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
13319| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
13320| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
13321| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
13322| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
13323| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
13324| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
13325| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13326| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13327| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13328| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13329| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13330| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13331| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13332| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13333| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13334| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13335| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13336| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13337| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13338| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13339| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13340| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13341| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13342| [90263] Apache Archiva Header denial of service
13343| [90262] Apache Archiva Deserialize privilege escalation
13344| [90261] Apache Archiva XML DTD Connection privilege escalation
13345| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13346| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13347| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13348| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13349| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13350| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13351| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13352| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13353| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13354| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13355| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13356| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13357| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13358| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13359| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13360| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13361| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13362| [87765] Apache James Server 2.3.2 Command privilege escalation
13363| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13364| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13365| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13366| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13367| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13368| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13369| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13370| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13371| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13372| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13373| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13374| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13375| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13376| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13377| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13378| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13379| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13380| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13381| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13382| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13383| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13384| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13385| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13386| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13387| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13388| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13389| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13390| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13391| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13392| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13393| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13394| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13395| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13396| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13397| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13398| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13399| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13400| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13401| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13402| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13403| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13404| [82076] Apache Ranger up to 0.5.1 privilege escalation
13405| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13406| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13407| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13408| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13409| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13410| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13411| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13412| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13413| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13414| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13415| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13416| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13417| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13418| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13419| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13420| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13421| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13422| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13423| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13424| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13425| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13426| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13427| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13428| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13429| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13430| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13431| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13432| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13433| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13434| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13435| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13436| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13437| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13438| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13439| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13440| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13441| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13442| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13443| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13444| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13445| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13446| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13447| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13448| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13449| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13450| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13451| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13452| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13453| [78989] Apache Ambari up to 2.1.1 Open Redirect
13454| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13455| [78987] Apache Ambari up to 2.0.x cross site scripting
13456| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13457| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13458| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13459| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13460| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13461| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13462| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13463| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13464| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13465| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13466| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13467| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13468| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13469| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13470| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13471| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13472| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13473| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13474| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13475| [76567] Apache Struts 2.3.20 unknown vulnerability
13476| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13477| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13478| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13479| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13480| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13481| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13482| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13483| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13484| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13485| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13486| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13487| [74793] Apache Tomcat File Upload denial of service
13488| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13489| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13490| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13491| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13492| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13493| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13494| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13495| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13496| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13497| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13498| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13499| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13500| [74468] Apache Batik up to 1.6 denial of service
13501| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13502| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13503| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13504| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13505| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13506| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13507| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13508| [73731] Apache XML Security unknown vulnerability
13509| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13510| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13511| [73593] Apache Traffic Server up to 5.1.0 denial of service
13512| [73511] Apache POI up to 3.10 Deadlock denial of service
13513| [73510] Apache Solr up to 4.3.0 cross site scripting
13514| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13515| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13516| [73173] Apache CloudStack Stack-Based unknown vulnerability
13517| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13518| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13519| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13520| [72890] Apache Qpid 0.30 unknown vulnerability
13521| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13522| [72878] Apache Cordova 3.5.0 cross site request forgery
13523| [72877] Apache Cordova 3.5.0 cross site request forgery
13524| [72876] Apache Cordova 3.5.0 cross site request forgery
13525| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13526| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13527| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13528| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13529| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13530| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13531| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13532| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13533| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13534| [71629] Apache Axis2/C spoofing
13535| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13536| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13537| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13538| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13539| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13540| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13541| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13542| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13543| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13544| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13545| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13546| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13547| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13548| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13549| [70809] Apache POI up to 3.11 Crash denial of service
13550| [70808] Apache POI up to 3.10 unknown vulnerability
13551| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13552| [70749] Apache Axis up to 1.4 getCN spoofing
13553| [70701] Apache Traffic Server up to 3.3.5 denial of service
13554| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13555| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13556| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13557| [70661] Apache Subversion up to 1.6.17 denial of service
13558| [70660] Apache Subversion up to 1.6.17 spoofing
13559| [70659] Apache Subversion up to 1.6.17 spoofing
13560| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13561| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13562| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13563| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13564| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13565| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13566| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13567| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13568| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13569| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13570| [69846] Apache HBase up to 0.94.8 information disclosure
13571| [69783] Apache CouchDB up to 1.2.0 memory corruption
13572| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13573| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13574| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13575| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13576| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13577| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13578| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13579| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13580| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13581| [69431] Apache Archiva up to 1.3.6 cross site scripting
13582| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13583| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13584| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13585| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13586| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13587| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13588| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13589| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13590| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13591| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13592| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13593| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13594| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13595| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13596| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13597| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13598| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13599| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13600| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13601| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13602| [66356] Apache Wicket up to 6.8.0 information disclosure
13603| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13604| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13605| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13606| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13607| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13608| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13609| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13610| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13611| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13612| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13613| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13614| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13615| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13616| [65668] Apache Solr 4.0.0 Updater denial of service
13617| [65665] Apache Solr up to 4.3.0 denial of service
13618| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13619| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13620| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13621| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13622| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13623| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13624| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13625| [65410] Apache Struts 2.3.15.3 cross site scripting
13626| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13627| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13628| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13629| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13630| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13631| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13632| [65340] Apache Shindig 2.5.0 information disclosure
13633| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13634| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13635| [10826] Apache Struts 2 File privilege escalation
13636| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13637| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13638| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13639| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13640| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13641| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13642| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13643| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13644| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13645| [64722] Apache XML Security for C++ Heap-based memory corruption
13646| [64719] Apache XML Security for C++ Heap-based memory corruption
13647| [64718] Apache XML Security for C++ verify denial of service
13648| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13649| [64716] Apache XML Security for C++ spoofing
13650| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13651| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13652| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13653| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13654| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13655| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13656| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13657| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13658| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13659| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13660| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13661| [64467] Apache Geronimo 3.0 memory corruption
13662| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13663| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13664| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13665| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13666| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13667| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13668| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13669| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13670| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13671| [8873] Apache Struts 2.3.14 privilege escalation
13672| [8872] Apache Struts 2.3.14 privilege escalation
13673| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13674| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13675| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13676| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13677| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13678| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13679| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13680| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13681| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13682| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13683| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13684| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13685| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13686| [8427] Apache Tomcat Session Transaction weak authentication
13687| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13688| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13689| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13690| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13691| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13692| [63747] Apache Rave up to 0.20 User Account information disclosure
13693| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13694| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13695| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13696| [7687] Apache CXF up to 2.7.2 Token weak authentication
13697| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13698| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13699| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13700| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13701| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13702| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13703| [63090] Apache Tomcat up to 4.1.24 denial of service
13704| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13705| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13706| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13707| [62833] Apache CXF -/2.6.0 spoofing
13708| [62832] Apache Axis2 up to 1.6.2 spoofing
13709| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13710| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13711| [62826] Apache Libcloud up to 0.11.0 spoofing
13712| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13713| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13714| [62661] Apache Axis2 unknown vulnerability
13715| [62658] Apache Axis2 unknown vulnerability
13716| [62467] Apache Qpid up to 0.17 denial of service
13717| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13718| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13719| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13720| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13721| [62035] Apache Struts up to 2.3.4 denial of service
13722| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13723| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13724| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13725| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13726| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13727| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13728| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13729| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13730| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13731| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13732| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13733| [61229] Apache Sling up to 2.1.1 denial of service
13734| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13735| [61094] Apache Roller up to 5.0 cross site scripting
13736| [61093] Apache Roller up to 5.0 cross site request forgery
13737| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13738| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13739| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13740| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13741| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13742| [60708] Apache Qpid 0.12 unknown vulnerability
13743| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13744| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13745| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13746| [4882] Apache Wicket up to 1.5.4 directory traversal
13747| [4881] Apache Wicket up to 1.4.19 cross site scripting
13748| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13749| [60352] Apache Struts up to 2.2.3 memory corruption
13750| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13751| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13752| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13753| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13754| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13755| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13756| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13757| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13758| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13759| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13760| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13761| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13762| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13763| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13764| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13765| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13766| [59888] Apache Tomcat up to 6.0.6 denial of service
13767| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13768| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13769| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13770| [59850] Apache Geronimo up to 2.2.1 denial of service
13771| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13772| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13773| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13774| [58413] Apache Tomcat up to 6.0.10 spoofing
13775| [58381] Apache Wicket up to 1.4.17 cross site scripting
13776| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13777| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13778| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13779| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13780| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13781| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13782| [57568] Apache Archiva up to 1.3.4 cross site scripting
13783| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13784| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13785| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13786| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13787| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13788| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13789| [57025] Apache Tomcat up to 7.0.11 information disclosure
13790| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13791| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13792| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13793| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13794| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13795| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13796| [56512] Apache Continuum up to 1.4.0 cross site scripting
13797| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13798| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13799| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13800| [56441] Apache Tomcat up to 7.0.6 denial of service
13801| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13802| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13803| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13804| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13805| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13806| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13807| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13808| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13809| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13810| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13811| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13812| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13813| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13814| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13815| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13816| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13817| [54012] Apache Tomcat up to 6.0.10 denial of service
13818| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13819| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13820| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13821| [52894] Apache Tomcat up to 6.0.7 information disclosure
13822| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13823| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13824| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13825| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13826| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13827| [52584] Apache CouchDB up to 0.10.1 information disclosure
13828| [51757] Apache HTTP Server 2.0.44 cross site scripting
13829| [51756] Apache HTTP Server 2.0.44 spoofing
13830| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13831| [51690] Apache Tomcat up to 6.0 directory traversal
13832| [51689] Apache Tomcat up to 6.0 information disclosure
13833| [51688] Apache Tomcat up to 6.0 directory traversal
13834| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13835| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13836| [50626] Apache Solr 1.0.0 cross site scripting
13837| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13838| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13839| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13840| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13841| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13842| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13843| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13844| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13845| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13846| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13847| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13848| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13849| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13850| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13851| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13852| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13853| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13854| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13855| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13856| [47214] Apachefriends xampp 1.6.8 spoofing
13857| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13858| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13859| [47065] Apache Tomcat 4.1.23 cross site scripting
13860| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13861| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13862| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13863| [86625] Apache Struts directory traversal
13864| [44461] Apache Tomcat up to 5.5.0 information disclosure
13865| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13866| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13867| [43663] Apache Tomcat up to 6.0.16 directory traversal
13868| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13869| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13870| [43516] Apache Tomcat up to 4.1.20 directory traversal
13871| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13872| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13873| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13874| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13875| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13876| [40924] Apache Tomcat up to 6.0.15 information disclosure
13877| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13878| [40922] Apache Tomcat up to 6.0 information disclosure
13879| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13880| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13881| [40656] Apache Tomcat 5.5.20 information disclosure
13882| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13883| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13884| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13885| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13886| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13887| [40234] Apache Tomcat up to 6.0.15 directory traversal
13888| [40221] Apache HTTP Server 2.2.6 information disclosure
13889| [40027] David Castro Apache Authcas 0.4 sql injection
13890| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13891| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13892| [3414] Apache Tomcat WebDAV Stored privilege escalation
13893| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13894| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13895| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13896| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13897| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13898| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13899| [38524] Apache Geronimo 2.0 unknown vulnerability
13900| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13901| [38331] Apache Tomcat 4.1.24 information disclosure
13902| [38330] Apache Tomcat 4.1.24 information disclosure
13903| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13904| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13905| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13906| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13907| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13908| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13909| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13910| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13911| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13912| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13913| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13914| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13915| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13916| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13917| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13918| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13919| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13920| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13921| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13922| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13923| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13924| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13925| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13926| [34252] Apache HTTP Server denial of service
13927| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13928| [33877] Apache Opentaps 0.9.3 cross site scripting
13929| [33876] Apache Open For Business Project unknown vulnerability
13930| [33875] Apache Open For Business Project cross site scripting
13931| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
13932| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13933|
13934| MITRE CVE - https://cve.mitre.org:
13935| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13936| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13937| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13938| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13939| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13940| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13941| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13942| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13943| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13944| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13945| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13946| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13947| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13948| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13949| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13950| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13951| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13952| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13953| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13954| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13955| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13956| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13957| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13958| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13959| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13960| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13961| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13962| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13963| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13964| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13965| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13966| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13967| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13968| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13969| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13970| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13971| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13972| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13973| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13974| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13975| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13976| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13977| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13978| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13979| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13980| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13981| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13982| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13983| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13984| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13985| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13986| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13987| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13988| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13989| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13990| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13991| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13992| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13993| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13994| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13995| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13996| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13997| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13998| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13999| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14000| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
14001| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
14002| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
14003| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
14004| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
14005| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
14006| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
14007| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
14008| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
14009| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
14010| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
14011| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14012| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
14013| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
14014| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
14015| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
14016| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
14017| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
14018| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
14019| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
14020| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
14021| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
14022| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
14023| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
14024| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
14025| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
14026| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
14027| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
14028| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
14029| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
14030| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
14031| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
14032| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
14033| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
14034| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
14035| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
14036| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
14037| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
14038| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
14039| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
14040| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
14041| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
14042| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
14043| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
14044| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
14045| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
14046| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
14047| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
14048| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
14049| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
14050| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
14051| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
14052| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
14053| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
14054| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
14055| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
14056| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
14057| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
14058| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
14059| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14060| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14061| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
14062| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
14063| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
14064| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
14065| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
14066| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
14067| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
14068| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
14069| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
14070| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
14071| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
14072| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
14073| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
14074| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
14075| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
14076| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
14077| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
14078| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
14079| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
14080| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
14081| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
14082| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
14083| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
14084| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
14085| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
14086| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
14087| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
14088| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
14089| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
14090| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
14091| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
14092| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
14093| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
14094| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
14095| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
14096| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
14097| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
14098| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14099| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
14100| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
14101| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
14102| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
14103| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
14104| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
14105| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
14106| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
14107| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
14108| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
14109| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
14110| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
14111| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
14112| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
14113| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
14114| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14115| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
14116| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
14117| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14118| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14119| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14120| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14121| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14122| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14123| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14124| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14125| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14126| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14127| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14128| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14129| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14130| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14131| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14132| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14133| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14134| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
14135| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
14136| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
14137| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
14138| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
14139| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
14140| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
14141| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
14142| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
14143| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
14144| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
14145| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
14146| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
14147| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
14148| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
14149| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
14150| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
14151| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
14152| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
14153| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
14154| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
14155| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14156| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14157| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
14158| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
14159| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
14160| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
14161| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
14162| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
14163| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
14164| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
14165| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
14166| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
14167| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
14168| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
14169| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
14170| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
14171| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
14172| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
14173| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
14174| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
14175| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
14176| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
14177| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
14178| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
14179| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
14180| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
14181| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
14182| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
14183| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
14184| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
14185| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
14186| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
14187| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
14188| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
14189| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
14190| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
14191| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
14192| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
14193| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
14194| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
14195| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
14196| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
14197| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
14198| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
14199| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
14200| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
14201| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
14202| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
14203| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
14204| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
14205| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
14206| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
14207| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
14208| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
14209| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
14210| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
14211| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
14212| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
14213| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
14214| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
14215| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14216| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
14217| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
14218| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
14219| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
14220| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
14221| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
14222| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
14223| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
14224| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
14225| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
14226| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
14227| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
14228| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14229| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14230| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
14231| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
14232| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
14233| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
14234| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
14235| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
14236| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
14237| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
14238| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
14239| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
14240| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14241| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14242| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
14243| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
14244| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
14245| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14246| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
14247| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
14248| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
14249| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
14250| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
14251| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
14252| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
14253| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
14254| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14255| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
14256| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
14257| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
14258| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
14259| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
14260| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
14261| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
14262| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
14263| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
14264| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
14265| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
14266| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
14267| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
14268| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
14269| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
14270| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
14271| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
14272| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
14273| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
14274| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
14275| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
14276| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
14277| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
14278| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
14279| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
14280| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
14281| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
14282| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14283| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14284| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
14285| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
14286| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
14287| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14288| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
14289| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
14290| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
14291| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
14292| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
14293| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
14294| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
14295| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
14296| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
14297| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
14298| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
14299| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
14300| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
14301| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14302| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14303| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
14304| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
14305| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
14306| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
14307| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
14308| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
14309| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
14310| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14311| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
14312| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14313| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
14314| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
14315| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
14316| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14317| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14318| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14319| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
14320| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
14321| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14322| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
14323| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
14324| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
14325| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14326| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14327| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14328| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14329| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14330| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14331| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14332| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14333| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14334| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14335| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14336| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14337| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14338| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14339| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14340| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14341| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14342| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14343| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14344| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14345| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14346| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14347| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14348| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14349| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14350| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14351| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14352| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14353| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14354| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14355| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14356| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14357| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14358| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14359| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14360| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14361| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14362| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14363| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14364| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14365| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14366| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14367| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14368| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14369| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14370| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14371| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14372| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14373| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14374| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14375| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14376| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14377| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14378| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14379| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14380| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14381| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14382| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14383| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14384| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14385| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14386| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14387| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14388| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14389| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14390| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14391| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14392| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14393| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14394| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14395| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14396| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14397| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14398| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14399| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14400| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14401| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14402| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14403| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14404| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14405| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14406| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14407| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14408| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14409| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14410| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14411| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14412| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14413| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14414| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14415| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14416| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14417| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14418| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14419| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14420| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14421| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14422| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14423| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14424| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14425| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14426| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14427| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14428| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14429| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14430| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14431| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14432| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14433| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14434| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14435| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14436| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14437| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14438| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14439| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14440| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14441| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14442| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14443| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14444| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14445| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14446| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14447| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14448| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14449| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14450| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14451| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14452| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14453| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14454| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14455| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14456| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14457| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14458| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14459| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14460| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14461| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14462| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14463| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14464| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14465| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14466| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14467| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14468| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14469| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14470| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14471| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14472| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14473| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14474| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14475| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14476| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14477| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14478| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14479| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14480| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14481| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14482| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14483| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14484| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14485| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14486| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14487| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14488| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14489| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14490| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14491| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14492| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14493| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14494| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14495| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14496| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14497| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14498| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14499| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14500| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14501| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14502| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14503| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14504| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14505| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14506| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14507| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14508| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14509| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14510| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14511| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14512| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14513| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14514| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14515| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14516| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14517| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14518| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14519| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14520| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14521| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14522| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14523| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14524| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14525| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14526| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14527| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14528| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14529| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14530| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14531| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14532| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14533| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14534| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14535| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14536| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14537| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14538| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14539| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14540| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14541| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14542| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14543| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14544|
14545| SecurityFocus - https://www.securityfocus.com/bid/:
14546| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14547| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14548| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14549| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14550| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14551| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14552| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14553| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14554| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14555| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14556| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14557| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14558| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14559| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14560| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14561| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14562| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14563| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14564| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14565| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14566| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14567| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14568| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14569| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14570| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14571| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14572| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14573| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14574| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14575| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14576| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14577| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14578| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14579| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14580| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14581| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14582| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14583| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14584| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14585| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14586| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14587| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14588| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14589| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14590| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14591| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14592| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14593| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14594| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14595| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14596| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14597| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14598| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14599| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14600| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14601| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14602| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14603| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14604| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14605| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14606| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14607| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14608| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14609| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14610| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14611| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14612| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14613| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14614| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14615| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14616| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14617| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14618| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14619| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14620| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14621| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14622| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14623| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14624| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14625| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14626| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14627| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14628| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14629| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14630| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14631| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14632| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14633| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14634| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14635| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14636| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14637| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14638| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14639| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14640| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14641| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14642| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14643| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14644| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14645| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14646| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14647| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14648| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14649| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14650| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14651| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14652| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14653| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14654| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14655| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14656| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14657| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14658| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14659| [100447] Apache2Triad Multiple Security Vulnerabilities
14660| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14661| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14662| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14663| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14664| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14665| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14666| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14667| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14668| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14669| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14670| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14671| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14672| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14673| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14674| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14675| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14676| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14677| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14678| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14679| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14680| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14681| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14682| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14683| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14684| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14685| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14686| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14687| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14688| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14689| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14690| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14691| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14692| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14693| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14694| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14695| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14696| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14697| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14698| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14699| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14700| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14701| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14702| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14703| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14704| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14705| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14706| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14707| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14708| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14709| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14710| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14711| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14712| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14713| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14714| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14715| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14716| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14717| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14718| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14719| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14720| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14721| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14722| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14723| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14724| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14725| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14726| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14727| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14728| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14729| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14730| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14731| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14732| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14733| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14734| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14735| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14736| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14737| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14738| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14739| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14740| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14741| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14742| [95675] Apache Struts Remote Code Execution Vulnerability
14743| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14744| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14745| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14746| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14747| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14748| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14749| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14750| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14751| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14752| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14753| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14754| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14755| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14756| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14757| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14758| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14759| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14760| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14761| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14762| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14763| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14764| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14765| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14766| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14767| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14768| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14769| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14770| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14771| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14772| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14773| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14774| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14775| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14776| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14777| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14778| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14779| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14780| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14781| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14782| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14783| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14784| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14785| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14786| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14787| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14788| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14789| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14790| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14791| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14792| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14793| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14794| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14795| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14796| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14797| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14798| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14799| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14800| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14801| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14802| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14803| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14804| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14805| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14806| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14807| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14808| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14809| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14810| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14811| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14812| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14813| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14814| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14815| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14816| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14817| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14818| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14819| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14820| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14821| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14822| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14823| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14824| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14825| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14826| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14827| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14828| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14829| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14830| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14831| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14832| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14833| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14834| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14835| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14836| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14837| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14838| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14839| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14840| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14841| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14842| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14843| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14844| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14845| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14846| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14847| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14848| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14849| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14850| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14851| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14852| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14853| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14854| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14855| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14856| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14857| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14858| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14859| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14860| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14861| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14862| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14863| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14864| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14865| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14866| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14867| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14868| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14869| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14870| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14871| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14872| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14873| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14874| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14875| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14876| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14877| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14878| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14879| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14880| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14881| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14882| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14883| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14884| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14885| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14886| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14887| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14888| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14889| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14890| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14891| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14892| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14893| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14894| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14895| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14896| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14897| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14898| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14899| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14900| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14901| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14902| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14903| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14904| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14905| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14906| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14907| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14908| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14909| [76933] Apache James Server Unspecified Command Execution Vulnerability
14910| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14911| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14912| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14913| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14914| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14915| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14916| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14917| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14918| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14919| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14920| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14921| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14922| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14923| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14924| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14925| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14926| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14927| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14928| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14929| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14930| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14931| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14932| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14933| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14934| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14935| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14936| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14937| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14938| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14939| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14940| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14941| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14942| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14943| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14944| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14945| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14946| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14947| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14948| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14949| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14950| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14951| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14952| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14953| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14954| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14955| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14956| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14957| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14958| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14959| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14960| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14961| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14962| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14963| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14964| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14965| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14966| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14967| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14968| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14969| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14970| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14971| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14972| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14973| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14974| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14975| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14976| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14977| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14978| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14979| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14980| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14981| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14982| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14983| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14984| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14985| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14986| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14987| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14988| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14989| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14990| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14991| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14992| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14993| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14994| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14995| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14996| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14997| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14998| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14999| [68229] Apache Harmony PRNG Entropy Weakness
15000| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
15001| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
15002| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
15003| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
15004| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
15005| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
15006| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
15007| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
15008| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
15009| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
15010| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
15011| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
15012| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
15013| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
15014| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
15015| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
15016| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
15017| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
15018| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
15019| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
15020| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
15021| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
15022| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
15023| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
15024| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
15025| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
15026| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
15027| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
15028| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
15029| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
15030| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
15031| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
15032| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
15033| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
15034| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
15035| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
15036| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
15037| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
15038| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
15039| [64780] Apache CloudStack Unauthorized Access Vulnerability
15040| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
15041| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
15042| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
15043| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
15044| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
15045| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
15046| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
15047| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
15048| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
15049| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
15050| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
15051| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15052| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
15053| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
15054| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
15055| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
15056| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
15057| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
15058| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
15059| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
15060| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
15061| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
15062| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
15063| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
15064| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
15065| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
15066| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
15067| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
15068| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
15069| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
15070| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
15071| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
15072| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
15073| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
15074| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
15075| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
15076| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
15077| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
15078| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
15079| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
15080| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
15081| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
15082| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
15083| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
15084| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
15085| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
15086| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
15087| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
15088| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
15089| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
15090| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
15091| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
15092| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
15093| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
15094| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
15095| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
15096| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
15097| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
15098| [59670] Apache VCL Multiple Input Validation Vulnerabilities
15099| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
15100| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
15101| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
15102| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
15103| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
15104| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
15105| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
15106| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
15107| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
15108| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
15109| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
15110| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
15111| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
15112| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
15113| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
15114| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
15115| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
15116| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
15117| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15118| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15119| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15120| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15121| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15122| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15123| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15124| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15125| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15126| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15127| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15128| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15129| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15130| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15131| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15132| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15133| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15134| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
15135| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
15136| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
15137| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
15138| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
15139| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
15140| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
15141| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
15142| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
15143| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
15144| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
15145| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
15146| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
15147| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
15148| [54798] Apache Libcloud Man In The Middle Vulnerability
15149| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
15150| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
15151| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
15152| [54189] Apache Roller Cross Site Request Forgery Vulnerability
15153| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
15154| [53880] Apache CXF Child Policies Security Bypass Vulnerability
15155| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
15156| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
15157| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
15158| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
15159| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
15160| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
15161| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
15162| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15163| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
15164| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
15165| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
15166| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
15167| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
15168| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
15169| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
15170| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
15171| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
15172| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
15173| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
15174| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
15175| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15176| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15177| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
15178| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
15179| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
15180| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
15181| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
15182| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
15183| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
15184| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15185| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
15186| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
15187| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
15188| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
15189| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15190| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15191| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
15192| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
15193| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15194| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
15195| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
15196| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
15197| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
15198| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
15199| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
15200| [49290] Apache Wicket Cross Site Scripting Vulnerability
15201| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
15202| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
15203| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
15204| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
15205| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
15206| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
15207| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
15208| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15209| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
15210| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
15211| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
15212| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
15213| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
15214| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
15215| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
15216| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
15217| [46953] Apache MPM-ITK Module Security Weakness
15218| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
15219| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
15220| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
15221| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
15222| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
15223| [46166] Apache Tomcat JVM Denial of Service Vulnerability
15224| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
15225| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15226| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
15227| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
15228| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
15229| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
15230| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
15231| [44616] Apache Shiro Directory Traversal Vulnerability
15232| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
15233| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
15234| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
15235| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
15236| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
15237| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15238| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
15239| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
15240| [42492] Apache CXF XML DTD Processing Security Vulnerability
15241| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
15242| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15243| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15244| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
15245| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
15246| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15247| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
15248| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
15249| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
15250| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15251| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15252| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
15253| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
15254| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15255| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
15256| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
15257| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
15258| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
15259| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
15260| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
15261| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
15262| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
15263| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
15264| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
15265| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
15266| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
15267| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
15268| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
15269| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
15270| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
15271| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15272| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
15273| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
15274| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
15275| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
15276| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15277| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
15278| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
15279| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
15280| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
15281| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
15282| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15283| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15284| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
15285| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
15286| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
15287| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
15288| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
15289| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
15290| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15291| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
15292| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
15293| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15294| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
15295| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
15296| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
15297| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
15298| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
15299| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
15300| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
15301| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15302| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
15303| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
15304| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
15305| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
15306| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
15307| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
15308| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
15309| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
15310| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
15311| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15312| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
15313| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15314| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15315| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
15316| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
15317| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
15318| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
15319| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15320| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
15321| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
15322| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
15323| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
15324| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
15325| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15326| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15327| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15328| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15329| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15330| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15331| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15332| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15333| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15334| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15335| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15336| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15337| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15338| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15339| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15340| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15341| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15342| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15343| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15344| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15345| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15346| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15347| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15348| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15349| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15350| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15351| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15352| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15353| [20527] Apache Mod_TCL Remote Format String Vulnerability
15354| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15355| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15356| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15357| [19106] Apache Tomcat Information Disclosure Vulnerability
15358| [18138] Apache James SMTP Denial Of Service Vulnerability
15359| [17342] Apache Struts Multiple Remote Vulnerabilities
15360| [17095] Apache Log4Net Denial Of Service Vulnerability
15361| [16916] Apache mod_python FileSession Code Execution Vulnerability
15362| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15363| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15364| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15365| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15366| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15367| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15368| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15369| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15370| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15371| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15372| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15373| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15374| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15375| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15376| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15377| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15378| [14106] Apache HTTP Request Smuggling Vulnerability
15379| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15380| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15381| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15382| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15383| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15384| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15385| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15386| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15387| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15388| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15389| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15390| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15391| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15392| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15393| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15394| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15395| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15396| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15397| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15398| [11094] Apache mod_ssl Denial Of Service Vulnerability
15399| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15400| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15401| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15402| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15403| [10478] ClueCentral Apache Suexec Patch Security Weakness
15404| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15405| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15406| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15407| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15408| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15409| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15410| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15411| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15412| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15413| [9733] Apache Cygwin Directory Traversal Vulnerability
15414| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15415| [9590] Apache-SSL Client Certificate Forging Vulnerability
15416| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15417| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15418| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15419| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15420| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15421| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15422| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15423| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15424| [8898] Red Hat Apache Directory Index Default Configuration Error
15425| [8883] Apache Cocoon Directory Traversal Vulnerability
15426| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15427| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15428| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15429| [8707] Apache htpasswd Password Entropy Weakness
15430| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15431| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15432| [8226] Apache HTTP Server Multiple Vulnerabilities
15433| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15434| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15435| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15436| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15437| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15438| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15439| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15440| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15441| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15442| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15443| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15444| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15445| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15446| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15447| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15448| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15449| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15450| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15451| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15452| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15453| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15454| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15455| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15456| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15457| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15458| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15459| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15460| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15461| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15462| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15463| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15464| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15465| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15466| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15467| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15468| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15469| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15470| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15471| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15472| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15473| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15474| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15475| [5485] Apache 2.0 Path Disclosure Vulnerability
15476| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15477| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15478| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15479| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15480| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15481| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15482| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15483| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15484| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15485| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15486| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15487| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15488| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15489| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15490| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15491| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15492| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15493| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15494| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15495| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15496| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15497| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15498| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15499| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15500| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15501| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15502| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15503| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15504| [3596] Apache Split-Logfile File Append Vulnerability
15505| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15506| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15507| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15508| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15509| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15510| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15511| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15512| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15513| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15514| [3169] Apache Server Address Disclosure Vulnerability
15515| [3009] Apache Possible Directory Index Disclosure Vulnerability
15516| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15517| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15518| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15519| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15520| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15521| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15522| [2216] Apache Web Server DoS Vulnerability
15523| [2182] Apache /tmp File Race Vulnerability
15524| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15525| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15526| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15527| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15528| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15529| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15530| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15531| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15532| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15533| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15534| [1457] Apache::ASP source.asp Example Script Vulnerability
15535| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15536| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15537|
15538| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15539| [86258] Apache CloudStack text fields cross-site scripting
15540| [85983] Apache Subversion mod_dav_svn module denial of service
15541| [85875] Apache OFBiz UEL code execution
15542| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15543| [85871] Apache HTTP Server mod_session_dbd unspecified
15544| [85756] Apache Struts OGNL expression command execution
15545| [85755] Apache Struts DefaultActionMapper class open redirect
15546| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15547| [85574] Apache HTTP Server mod_dav denial of service
15548| [85573] Apache Struts Showcase App OGNL code execution
15549| [85496] Apache CXF denial of service
15550| [85423] Apache Geronimo RMI classloader code execution
15551| [85326] Apache Santuario XML Security for C++ buffer overflow
15552| [85323] Apache Santuario XML Security for Java spoofing
15553| [85319] Apache Qpid Python client SSL spoofing
15554| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15555| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15556| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15557| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15558| [84952] Apache Tomcat CVE-2012-3544 denial of service
15559| [84763] Apache Struts CVE-2013-2135 security bypass
15560| [84762] Apache Struts CVE-2013-2134 security bypass
15561| [84719] Apache Subversion CVE-2013-2088 command execution
15562| [84718] Apache Subversion CVE-2013-2112 denial of service
15563| [84717] Apache Subversion CVE-2013-1968 denial of service
15564| [84577] Apache Tomcat security bypass
15565| [84576] Apache Tomcat symlink
15566| [84543] Apache Struts CVE-2013-2115 security bypass
15567| [84542] Apache Struts CVE-2013-1966 security bypass
15568| [84154] Apache Tomcat session hijacking
15569| [84144] Apache Tomcat denial of service
15570| [84143] Apache Tomcat information disclosure
15571| [84111] Apache HTTP Server command execution
15572| [84043] Apache Virtual Computing Lab cross-site scripting
15573| [84042] Apache Virtual Computing Lab cross-site scripting
15574| [83782] Apache CloudStack information disclosure
15575| [83781] Apache CloudStack security bypass
15576| [83720] Apache ActiveMQ cross-site scripting
15577| [83719] Apache ActiveMQ denial of service
15578| [83718] Apache ActiveMQ denial of service
15579| [83263] Apache Subversion denial of service
15580| [83262] Apache Subversion denial of service
15581| [83261] Apache Subversion denial of service
15582| [83259] Apache Subversion denial of service
15583| [83035] Apache mod_ruid2 security bypass
15584| [82852] Apache Qpid federation_tag security bypass
15585| [82851] Apache Qpid qpid::framing::Buffer denial of service
15586| [82758] Apache Rave User RPC API information disclosure
15587| [82663] Apache Subversion svn_fs_file_length() denial of service
15588| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15589| [82641] Apache Qpid AMQP denial of service
15590| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15591| [82618] Apache Commons FileUpload symlink
15592| [82360] Apache HTTP Server manager interface cross-site scripting
15593| [82359] Apache HTTP Server hostnames cross-site scripting
15594| [82338] Apache Tomcat log/logdir information disclosure
15595| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15596| [82268] Apache OpenJPA deserialization command execution
15597| [81981] Apache CXF UsernameTokens security bypass
15598| [81980] Apache CXF WS-Security security bypass
15599| [81398] Apache OFBiz cross-site scripting
15600| [81240] Apache CouchDB directory traversal
15601| [81226] Apache CouchDB JSONP code execution
15602| [81225] Apache CouchDB Futon user interface cross-site scripting
15603| [81211] Apache Axis2/C SSL spoofing
15604| [81167] Apache CloudStack DeployVM information disclosure
15605| [81166] Apache CloudStack AddHost API information disclosure
15606| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15607| [80518] Apache Tomcat cross-site request forgery security bypass
15608| [80517] Apache Tomcat FormAuthenticator security bypass
15609| [80516] Apache Tomcat NIO denial of service
15610| [80408] Apache Tomcat replay-countermeasure security bypass
15611| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15612| [80317] Apache Tomcat slowloris denial of service
15613| [79984] Apache Commons HttpClient SSL spoofing
15614| [79983] Apache CXF SSL spoofing
15615| [79830] Apache Axis2/Java SSL spoofing
15616| [79829] Apache Axis SSL spoofing
15617| [79809] Apache Tomcat DIGEST security bypass
15618| [79806] Apache Tomcat parseHeaders() denial of service
15619| [79540] Apache OFBiz unspecified
15620| [79487] Apache Axis2 SAML security bypass
15621| [79212] Apache Cloudstack code execution
15622| [78734] Apache CXF SOAP Action security bypass
15623| [78730] Apache Qpid broker denial of service
15624| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15625| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15626| [78562] Apache mod_pagespeed module security bypass
15627| [78454] Apache Axis2 security bypass
15628| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15629| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15630| [78321] Apache Wicket unspecified cross-site scripting
15631| [78183] Apache Struts parameters denial of service
15632| [78182] Apache Struts cross-site request forgery
15633| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15634| [77987] mod_rpaf module for Apache denial of service
15635| [77958] Apache Struts skill name code execution
15636| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15637| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15638| [77568] Apache Qpid broker security bypass
15639| [77421] Apache Libcloud spoofing
15640| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15641| [77046] Oracle Solaris Apache HTTP Server information disclosure
15642| [76837] Apache Hadoop information disclosure
15643| [76802] Apache Sling CopyFrom denial of service
15644| [76692] Apache Hadoop symlink
15645| [76535] Apache Roller console cross-site request forgery
15646| [76534] Apache Roller weblog cross-site scripting
15647| [76152] Apache CXF elements security bypass
15648| [76151] Apache CXF child policies security bypass
15649| [75983] MapServer for Windows Apache file include
15650| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15651| [75558] Apache POI denial of service
15652| [75545] PHP apache_request_headers() buffer overflow
15653| [75302] Apache Qpid SASL security bypass
15654| [75211] Debian GNU/Linux apache 2 cross-site scripting
15655| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15656| [74871] Apache OFBiz FlexibleStringExpander code execution
15657| [74870] Apache OFBiz multiple cross-site scripting
15658| [74750] Apache Hadoop unspecified spoofing
15659| [74319] Apache Struts XSLTResult.java file upload
15660| [74313] Apache Traffic Server header buffer overflow
15661| [74276] Apache Wicket directory traversal
15662| [74273] Apache Wicket unspecified cross-site scripting
15663| [74181] Apache HTTP Server mod_fcgid module denial of service
15664| [73690] Apache Struts OGNL code execution
15665| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15666| [73100] Apache MyFaces in directory traversal
15667| [73096] Apache APR hash denial of service
15668| [73052] Apache Struts name cross-site scripting
15669| [73030] Apache CXF UsernameToken security bypass
15670| [72888] Apache Struts lastName cross-site scripting
15671| [72758] Apache HTTP Server httpOnly information disclosure
15672| [72757] Apache HTTP Server MPM denial of service
15673| [72585] Apache Struts ParameterInterceptor security bypass
15674| [72438] Apache Tomcat Digest security bypass
15675| [72437] Apache Tomcat Digest security bypass
15676| [72436] Apache Tomcat DIGEST security bypass
15677| [72425] Apache Tomcat parameter denial of service
15678| [72422] Apache Tomcat request object information disclosure
15679| [72377] Apache HTTP Server scoreboard security bypass
15680| [72345] Apache HTTP Server HTTP request denial of service
15681| [72229] Apache Struts ExceptionDelegator command execution
15682| [72089] Apache Struts ParameterInterceptor directory traversal
15683| [72088] Apache Struts CookieInterceptor command execution
15684| [72047] Apache Geronimo hash denial of service
15685| [72016] Apache Tomcat hash denial of service
15686| [71711] Apache Struts OGNL expression code execution
15687| [71654] Apache Struts interfaces security bypass
15688| [71620] Apache ActiveMQ failover denial of service
15689| [71617] Apache HTTP Server mod_proxy module information disclosure
15690| [71508] Apache MyFaces EL security bypass
15691| [71445] Apache HTTP Server mod_proxy security bypass
15692| [71203] Apache Tomcat servlets privilege escalation
15693| [71181] Apache HTTP Server ap_pregsub() denial of service
15694| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15695| [70336] Apache HTTP Server mod_proxy information disclosure
15696| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15697| [69472] Apache Tomcat AJP security bypass
15698| [69396] Apache HTTP Server ByteRange filter denial of service
15699| [69394] Apache Wicket multi window support cross-site scripting
15700| [69176] Apache Tomcat XML information disclosure
15701| [69161] Apache Tomcat jsvc information disclosure
15702| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15703| [68541] Apache Tomcat sendfile information disclosure
15704| [68420] Apache XML Security denial of service
15705| [68238] Apache Tomcat JMX information disclosure
15706| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15707| [67804] Apache Subversion control rules information disclosure
15708| [67803] Apache Subversion control rules denial of service
15709| [67802] Apache Subversion baselined denial of service
15710| [67672] Apache Archiva multiple cross-site scripting
15711| [67671] Apache Archiva multiple cross-site request forgery
15712| [67564] Apache APR apr_fnmatch() denial of service
15713| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15714| [67515] Apache Tomcat annotations security bypass
15715| [67480] Apache Struts s:submit information disclosure
15716| [67414] Apache APR apr_fnmatch() denial of service
15717| [67356] Apache Struts javatemplates cross-site scripting
15718| [67354] Apache Struts Xwork cross-site scripting
15719| [66676] Apache Tomcat HTTP BIO information disclosure
15720| [66675] Apache Tomcat web.xml security bypass
15721| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15722| [66241] Apache HttpComponents information disclosure
15723| [66154] Apache Tomcat ServletSecurity security bypass
15724| [65971] Apache Tomcat ServletSecurity security bypass
15725| [65876] Apache Subversion mod_dav_svn denial of service
15726| [65343] Apache Continuum unspecified cross-site scripting
15727| [65162] Apache Tomcat NIO connector denial of service
15728| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15729| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15730| [65159] Apache Tomcat ServletContect security bypass
15731| [65050] Apache CouchDB web-based administration UI cross-site scripting
15732| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15733| [64473] Apache Subversion blame -g denial of service
15734| [64472] Apache Subversion walk() denial of service
15735| [64407] Apache Axis2 CVE-2010-0219 code execution
15736| [63926] Apache Archiva password privilege escalation
15737| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15738| [63493] Apache Archiva credentials cross-site request forgery
15739| [63477] Apache Tomcat HttpOnly session hijacking
15740| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15741| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15742| [62959] Apache Shiro filters security bypass
15743| [62790] Apache Perl cgi module denial of service
15744| [62576] Apache Qpid exchange denial of service
15745| [62575] Apache Qpid AMQP denial of service
15746| [62354] Apache Qpid SSL denial of service
15747| [62235] Apache APR-util apr_brigade_split_line() denial of service
15748| [62181] Apache XML-RPC SAX Parser information disclosure
15749| [61721] Apache Traffic Server cache poisoning
15750| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15751| [61186] Apache CouchDB Futon cross-site request forgery
15752| [61169] Apache CXF DTD denial of service
15753| [61070] Apache Jackrabbit search.jsp SQL injection
15754| [61006] Apache SLMS Quoting cross-site request forgery
15755| [60962] Apache Tomcat time cross-site scripting
15756| [60883] Apache mod_proxy_http information disclosure
15757| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15758| [60264] Apache Tomcat Transfer-Encoding denial of service
15759| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15760| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15761| [59413] Apache mod_proxy_http timeout information disclosure
15762| [59058] Apache MyFaces unencrypted view state cross-site scripting
15763| [58827] Apache Axis2 xsd file include
15764| [58790] Apache Axis2 modules cross-site scripting
15765| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15766| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15767| [58056] Apache ActiveMQ .jsp source code disclosure
15768| [58055] Apache Tomcat realm name information disclosure
15769| [58046] Apache HTTP Server mod_auth_shadow security bypass
15770| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15771| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15772| [57429] Apache CouchDB algorithms information disclosure
15773| [57398] Apache ActiveMQ Web console cross-site request forgery
15774| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15775| [56653] Apache HTTP Server DNS spoofing
15776| [56652] Apache HTTP Server DNS cross-site scripting
15777| [56625] Apache HTTP Server request header information disclosure
15778| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15779| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15780| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15781| [55857] Apache Tomcat WAR files directory traversal
15782| [55856] Apache Tomcat autoDeploy attribute security bypass
15783| [55855] Apache Tomcat WAR directory traversal
15784| [55210] Intuit component for Joomla! Apache information disclosure
15785| [54533] Apache Tomcat 404 error page cross-site scripting
15786| [54182] Apache Tomcat admin default password
15787| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15788| [53666] Apache HTTP Server Solaris pollset support denial of service
15789| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15790| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15791| [53041] mod_proxy_ftp module for Apache denial of service
15792| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15793| [51953] Apache Tomcat Path Disclosure
15794| [51952] Apache Tomcat Path Traversal
15795| [51951] Apache stronghold-status Information Disclosure
15796| [51950] Apache stronghold-info Information Disclosure
15797| [51949] Apache PHP Source Code Disclosure
15798| [51948] Apache Multiviews Attack
15799| [51946] Apache JServ Environment Status Information Disclosure
15800| [51945] Apache error_log Information Disclosure
15801| [51944] Apache Default Installation Page Pattern Found
15802| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15803| [51942] Apache AXIS XML External Entity File Retrieval
15804| [51941] Apache AXIS Sample Servlet Information Leak
15805| [51940] Apache access_log Information Disclosure
15806| [51626] Apache mod_deflate denial of service
15807| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15808| [51365] Apache Tomcat RequestDispatcher security bypass
15809| [51273] Apache HTTP Server Incomplete Request denial of service
15810| [51195] Apache Tomcat XML information disclosure
15811| [50994] Apache APR-util xml/apr_xml.c denial of service
15812| [50993] Apache APR-util apr_brigade_vprintf denial of service
15813| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15814| [50930] Apache Tomcat j_security_check information disclosure
15815| [50928] Apache Tomcat AJP denial of service
15816| [50884] Apache HTTP Server XML ENTITY denial of service
15817| [50808] Apache HTTP Server AllowOverride privilege escalation
15818| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15819| [50059] Apache mod_proxy_ajp information disclosure
15820| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15821| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15822| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15823| [49921] Apache ActiveMQ Web interface cross-site scripting
15824| [49898] Apache Geronimo Services/Repository directory traversal
15825| [49725] Apache Tomcat mod_jk module information disclosure
15826| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15827| [49712] Apache Struts unspecified cross-site scripting
15828| [49213] Apache Tomcat cal2.jsp cross-site scripting
15829| [48934] Apache Tomcat POST doRead method information disclosure
15830| [48211] Apache Tomcat header HTTP request smuggling
15831| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15832| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15833| [47709] Apache Roller "
15834| [47104] Novell Netware ApacheAdmin console security bypass
15835| [47086] Apache HTTP Server OS fingerprinting unspecified
15836| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15837| [45791] Apache Tomcat RemoteFilterValve security bypass
15838| [44435] Oracle WebLogic Apache Connector buffer overflow
15839| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15840| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15841| [44156] Apache Tomcat RequestDispatcher directory traversal
15842| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15843| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15844| [42987] Apache HTTP Server mod_proxy module denial of service
15845| [42915] Apache Tomcat JSP files path disclosure
15846| [42914] Apache Tomcat MS-DOS path disclosure
15847| [42892] Apache Tomcat unspecified unauthorized access
15848| [42816] Apache Tomcat Host Manager cross-site scripting
15849| [42303] Apache 403 error cross-site scripting
15850| [41618] Apache-SSL ExpandCert() authentication bypass
15851| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15852| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15853| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15854| [40562] Apache Geronimo init information disclosure
15855| [40478] Novell Web Manager webadmin-apache.conf security bypass
15856| [40411] Apache Tomcat exception handling information disclosure
15857| [40409] Apache Tomcat native (APR based) connector weak security
15858| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15859| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15860| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15861| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15862| [39804] Apache Tomcat SingleSignOn information disclosure
15863| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15864| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15865| [39608] Apache HTTP Server balancer manager cross-site request forgery
15866| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15867| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15868| [39472] Apache HTTP Server mod_status cross-site scripting
15869| [39201] Apache Tomcat JULI logging weak security
15870| [39158] Apache HTTP Server Windows SMB shares information disclosure
15871| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15872| [38951] Apache::AuthCAS Perl module cookie SQL injection
15873| [38800] Apache HTTP Server 413 error page cross-site scripting
15874| [38211] Apache Geronimo SQLLoginModule authentication bypass
15875| [37243] Apache Tomcat WebDAV directory traversal
15876| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15877| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15878| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15879| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15880| [36782] Apache Geronimo MEJB unauthorized access
15881| [36586] Apache HTTP Server UTF-7 cross-site scripting
15882| [36468] Apache Geronimo LoginModule security bypass
15883| [36467] Apache Tomcat functions.jsp cross-site scripting
15884| [36402] Apache Tomcat calendar cross-site request forgery
15885| [36354] Apache HTTP Server mod_proxy module denial of service
15886| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15887| [36336] Apache Derby lock table privilege escalation
15888| [36335] Apache Derby schema privilege escalation
15889| [36006] Apache Tomcat "
15890| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15891| [35999] Apache Tomcat \"
15892| [35795] Apache Tomcat CookieExample cross-site scripting
15893| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15894| [35384] Apache HTTP Server mod_cache module denial of service
15895| [35097] Apache HTTP Server mod_status module cross-site scripting
15896| [35095] Apache HTTP Server Prefork MPM module denial of service
15897| [34984] Apache HTTP Server recall_headers information disclosure
15898| [34966] Apache HTTP Server MPM content spoofing
15899| [34965] Apache HTTP Server MPM information disclosure
15900| [34963] Apache HTTP Server MPM multiple denial of service
15901| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15902| [34869] Apache Tomcat JSP example Web application cross-site scripting
15903| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15904| [34496] Apache Tomcat JK Connector security bypass
15905| [34377] Apache Tomcat hello.jsp cross-site scripting
15906| [34212] Apache Tomcat SSL configuration security bypass
15907| [34210] Apache Tomcat Accept-Language cross-site scripting
15908| [34209] Apache Tomcat calendar application cross-site scripting
15909| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15910| [34167] Apache Axis WSDL file path disclosure
15911| [34068] Apache Tomcat AJP connector information disclosure
15912| [33584] Apache HTTP Server suEXEC privilege escalation
15913| [32988] Apache Tomcat proxy module directory traversal
15914| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15915| [32708] Debian Apache tty privilege escalation
15916| [32441] ApacheStats extract() PHP call unspecified
15917| [32128] Apache Tomcat default account
15918| [31680] Apache Tomcat RequestParamExample cross-site scripting
15919| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15920| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15921| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15922| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15923| [29550] Apache mod_tcl set_var() format string
15924| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15925| [28357] Apache HTTP Server mod_alias script source information disclosure
15926| [28063] Apache mod_rewrite off-by-one buffer overflow
15927| [27902] Apache Tomcat URL information disclosure
15928| [26786] Apache James SMTP server denial of service
15929| [25680] libapache2 /tmp/svn file upload
15930| [25614] Apache Struts lookupMap cross-site scripting
15931| [25613] Apache Struts ActionForm denial of service
15932| [25612] Apache Struts isCancelled() security bypass
15933| [24965] Apache mod_python FileSession command execution
15934| [24716] Apache James spooler memory leak denial of service
15935| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15936| [24158] Apache Geronimo jsp-examples cross-site scripting
15937| [24030] Apache auth_ldap module multiple format strings
15938| [24008] Apache mod_ssl custom error message denial of service
15939| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15940| [23612] Apache mod_imap referer field cross-site scripting
15941| [23173] Apache Struts error message cross-site scripting
15942| [22942] Apache Tomcat directory listing denial of service
15943| [22858] Apache Multi-Processing Module code allows denial of service
15944| [22602] RHSA-2005:582 updates for Apache httpd not installed
15945| [22520] Apache mod-auth-shadow "
15946| [22466] ApacheTop symlink
15947| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15948| [22006] Apache HTTP Server byte-range filter denial of service
15949| [21567] Apache mod_ssl off-by-one buffer overflow
15950| [21195] Apache HTTP Server header HTTP request smuggling
15951| [20383] Apache HTTP Server htdigest buffer overflow
15952| [19681] Apache Tomcat AJP12 request denial of service
15953| [18993] Apache HTTP server check_forensic symlink attack
15954| [18790] Apache Tomcat Manager cross-site scripting
15955| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15956| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15957| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15958| [17961] Apache Web server ServerTokens has not been set
15959| [17930] Apache HTTP Server HTTP GET request denial of service
15960| [17785] Apache mod_include module buffer overflow
15961| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15962| [17473] Apache HTTP Server Satisfy directive allows access to resources
15963| [17413] Apache htpasswd buffer overflow
15964| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15965| [17382] Apache HTTP Server IPv6 apr_util denial of service
15966| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15967| [17273] Apache HTTP Server speculative mode denial of service
15968| [17200] Apache HTTP Server mod_ssl denial of service
15969| [16890] Apache HTTP Server server-info request has been detected
15970| [16889] Apache HTTP Server server-status request has been detected
15971| [16705] Apache mod_ssl format string attack
15972| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15973| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15974| [16230] Apache HTTP Server PHP denial of service
15975| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15976| [15958] Apache HTTP Server authentication modules memory corruption
15977| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15978| [15540] Apache HTTP Server socket starvation denial of service
15979| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15980| [15422] Apache HTTP Server mod_access information disclosure
15981| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15982| [15293] Apache for Cygwin "
15983| [15065] Apache-SSL has a default password
15984| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15985| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15986| [14751] Apache Mod_python output filter information disclosure
15987| [14125] Apache HTTP Server mod_userdir module information disclosure
15988| [14075] Apache HTTP Server mod_php file descriptor leak
15989| [13703] Apache HTTP Server account
15990| [13689] Apache HTTP Server configuration allows symlinks
15991| [13688] Apache HTTP Server configuration allows SSI
15992| [13687] Apache HTTP Server Server: header value
15993| [13685] Apache HTTP Server ServerTokens value
15994| [13684] Apache HTTP Server ServerSignature value
15995| [13672] Apache HTTP Server config allows directory autoindexing
15996| [13671] Apache HTTP Server default content
15997| [13670] Apache HTTP Server config file directive references outside content root
15998| [13668] Apache HTTP Server httpd not running in chroot environment
15999| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
16000| [13664] Apache HTTP Server config file contains ScriptAlias entry
16001| [13663] Apache HTTP Server CGI support modules loaded
16002| [13661] Apache HTTP Server config file contains AddHandler entry
16003| [13660] Apache HTTP Server 500 error page not CGI script
16004| [13659] Apache HTTP Server 413 error page not CGI script
16005| [13658] Apache HTTP Server 403 error page not CGI script
16006| [13657] Apache HTTP Server 401 error page not CGI script
16007| [13552] Apache HTTP Server mod_cgid module information disclosure
16008| [13550] Apache GET request directory traversal
16009| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
16010| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
16011| [13429] Apache Tomcat non-HTTP request denial of service
16012| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
16013| [13295] Apache weak password encryption
16014| [13254] Apache Tomcat .jsp cross-site scripting
16015| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
16016| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
16017| [12681] Apache HTTP Server mod_proxy could allow mail relaying
16018| [12662] Apache HTTP Server rotatelogs denial of service
16019| [12554] Apache Tomcat stores password in plain text
16020| [12553] Apache HTTP Server redirects and subrequests denial of service
16021| [12552] Apache HTTP Server FTP proxy server denial of service
16022| [12551] Apache HTTP Server prefork MPM denial of service
16023| [12550] Apache HTTP Server weaker than expected encryption
16024| [12549] Apache HTTP Server type-map file denial of service
16025| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
16026| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
16027| [12091] Apache HTTP Server apr_password_validate denial of service
16028| [12090] Apache HTTP Server apr_psprintf code execution
16029| [11804] Apache HTTP Server mod_access_referer denial of service
16030| [11750] Apache HTTP Server could leak sensitive file descriptors
16031| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
16032| [11703] Apache long slash path allows directory listing
16033| [11695] Apache HTTP Server LF (Line Feed) denial of service
16034| [11694] Apache HTTP Server filestat.c denial of service
16035| [11438] Apache HTTP Server MIME message boundaries information disclosure
16036| [11412] Apache HTTP Server error log terminal escape sequence injection
16037| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
16038| [11195] Apache Tomcat web.xml could be used to read files
16039| [11194] Apache Tomcat URL appended with a null character could list directories
16040| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
16041| [11126] Apache HTTP Server illegal character file disclosure
16042| [11125] Apache HTTP Server DOS device name HTTP POST code execution
16043| [11124] Apache HTTP Server DOS device name denial of service
16044| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
16045| [10938] Apache HTTP Server printenv test CGI cross-site scripting
16046| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
16047| [10575] Apache mod_php module could allow an attacker to take over the httpd process
16048| [10499] Apache HTTP Server WebDAV HTTP POST view source
16049| [10457] Apache HTTP Server mod_ssl "
16050| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
16051| [10414] Apache HTTP Server htdigest multiple buffer overflows
16052| [10413] Apache HTTP Server htdigest temporary file race condition
16053| [10412] Apache HTTP Server htpasswd temporary file race condition
16054| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
16055| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
16056| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
16057| [10280] Apache HTTP Server shared memory scorecard overwrite
16058| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
16059| [10241] Apache HTTP Server Host: header cross-site scripting
16060| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
16061| [10208] Apache HTTP Server mod_dav denial of service
16062| [10206] HP VVOS Apache mod_ssl denial of service
16063| [10200] Apache HTTP Server stderr denial of service
16064| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
16065| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
16066| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
16067| [10098] Slapper worm targets OpenSSL/Apache systems
16068| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
16069| [9875] Apache HTTP Server .var file request could disclose installation path
16070| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
16071| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
16072| [9623] Apache HTTP Server ap_log_rerror() path disclosure
16073| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
16074| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
16075| [9396] Apache Tomcat null character to threads denial of service
16076| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
16077| [9249] Apache HTTP Server chunked encoding heap buffer overflow
16078| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
16079| [8932] Apache Tomcat example class information disclosure
16080| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
16081| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
16082| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
16083| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
16084| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
16085| [8400] Apache HTTP Server mod_frontpage buffer overflows
16086| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
16087| [8308] Apache "
16088| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
16089| [8119] Apache and PHP OPTIONS request reveals "
16090| [8054] Apache is running on the system
16091| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
16092| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
16093| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
16094| [7836] Apache HTTP Server log directory denial of service
16095| [7815] Apache for Windows "
16096| [7810] Apache HTTP request could result in unexpected behavior
16097| [7599] Apache Tomcat reveals installation path
16098| [7494] Apache "
16099| [7419] Apache Web Server could allow remote attackers to overwrite .log files
16100| [7363] Apache Web Server hidden HTTP requests
16101| [7249] Apache mod_proxy denial of service
16102| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
16103| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
16104| [7059] Apache "
16105| [7057] Apache "
16106| [7056] Apache "
16107| [7055] Apache "
16108| [7054] Apache "
16109| [6997] Apache Jakarta Tomcat error message may reveal information
16110| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
16111| [6970] Apache crafted HTTP request could reveal the internal IP address
16112| [6921] Apache long slash path allows directory listing
16113| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
16114| [6527] Apache Web Server for Windows and OS2 denial of service
16115| [6316] Apache Jakarta Tomcat may reveal JSP source code
16116| [6305] Apache Jakarta Tomcat directory traversal
16117| [5926] Linux Apache symbolic link
16118| [5659] Apache Web server discloses files when used with php script
16119| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16120| [5204] Apache WebDAV directory listings
16121| [5197] Apache Web server reveals CGI script source code
16122| [5160] Apache Jakarta Tomcat default installation
16123| [5099] Trustix Secure Linux installs Apache with world writable access
16124| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16125| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16126| [4931] Apache source.asp example file allows users to write to files
16127| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16128| [4205] Apache Jakarta Tomcat delivers file contents
16129| [2084] Apache on Debian by default serves the /usr/doc directory
16130| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16131| [697] Apache HTTP server beck exploit
16132| [331] Apache cookies buffer overflow
16133|
16134| Exploit-DB - https://www.exploit-db.com:
16135| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
16136| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16137| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16138| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
16139| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
16140| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
16141| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
16142| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
16143| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
16144| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16145| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
16146| [29859] Apache Roller OGNL Injection
16147| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
16148| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
16149| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
16150| [29290] Apache / PHP 5.x Remote Code Execution Exploit
16151| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
16152| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
16153| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
16154| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
16155| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
16156| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
16157| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
16158| [27096] Apache Geronimo 1.0 Error Page XSS
16159| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
16160| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
16161| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
16162| [25986] Plesk Apache Zeroday Remote Exploit
16163| [25980] Apache Struts includeParams Remote Code Execution
16164| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
16165| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
16166| [24874] Apache Struts ParametersInterceptor Remote Code Execution
16167| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
16168| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
16169| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
16170| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
16171| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
16172| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
16173| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
16174| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
16175| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
16176| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
16177| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
16178| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
16179| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
16180| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
16181| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
16182| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
16183| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16184| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
16185| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
16186| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16187| [21719] Apache 2.0 Path Disclosure Vulnerability
16188| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16189| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
16190| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
16191| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
16192| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
16193| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
16194| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
16195| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
16196| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
16197| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
16198| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
16199| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
16200| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
16201| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
16202| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
16203| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
16204| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
16205| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
16206| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
16207| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
16208| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
16209| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
16210| [20558] Apache 1.2 Web Server DoS Vulnerability
16211| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
16212| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
16213| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
16214| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
16215| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
16216| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
16217| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
16218| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
16219| [19231] PHP apache_request_headers Function Buffer Overflow
16220| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
16221| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
16222| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
16223| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
16224| [18442] Apache httpOnly Cookie Disclosure
16225| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
16226| [18221] Apache HTTP Server Denial of Service
16227| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
16228| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
16229| [17691] Apache Struts < 2.2.0 - Remote Command Execution
16230| [16798] Apache mod_jk 1.2.20 Buffer Overflow
16231| [16782] Apache Win32 Chunked Encoding
16232| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
16233| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
16234| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
16235| [15319] Apache 2.2 (Windows) Local Denial of Service
16236| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
16237| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16238| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
16239| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
16240| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
16241| [12330] Apache OFBiz - Multiple XSS
16242| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
16243| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
16244| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
16245| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
16246| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
16247| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
16248| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
16249| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16250| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16251| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
16252| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
16253| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
16254| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16255| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
16256| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
16257| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
16258| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
16259| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
16260| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
16261| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
16262| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
16263| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
16264| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
16265| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
16266| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
16267| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
16268| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
16269| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
16270| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
16271| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
16272| [466] htpasswd Apache 1.3.31 - Local Exploit
16273| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
16274| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
16275| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
16276| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
16277| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
16278| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
16279| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
16280| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
16281| [9] Apache HTTP Server 2.x Memory Leak Exploit
16282|
16283| OpenVAS (Nessus) - http://www.openvas.org:
16284| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
16285| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
16286| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16287| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
16288| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
16289| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16290| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16291| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
16292| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
16293| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
16294| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
16295| [900571] Apache APR-Utils Version Detection
16296| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
16297| [900496] Apache Tiles Multiple XSS Vulnerability
16298| [900493] Apache Tiles Version Detection
16299| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
16300| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
16301| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
16302| [870175] RedHat Update for apache RHSA-2008:0004-01
16303| [864591] Fedora Update for apache-poi FEDORA-2012-10835
16304| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
16305| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
16306| [864250] Fedora Update for apache-poi FEDORA-2012-7683
16307| [864249] Fedora Update for apache-poi FEDORA-2012-7686
16308| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
16309| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
16310| [855821] Solaris Update for Apache 1.3 122912-19
16311| [855812] Solaris Update for Apache 1.3 122911-19
16312| [855737] Solaris Update for Apache 1.3 122911-17
16313| [855731] Solaris Update for Apache 1.3 122912-17
16314| [855695] Solaris Update for Apache 1.3 122911-16
16315| [855645] Solaris Update for Apache 1.3 122912-16
16316| [855587] Solaris Update for kernel update and Apache 108529-29
16317| [855566] Solaris Update for Apache 116973-07
16318| [855531] Solaris Update for Apache 116974-07
16319| [855524] Solaris Update for Apache 2 120544-14
16320| [855494] Solaris Update for Apache 1.3 122911-15
16321| [855478] Solaris Update for Apache Security 114145-11
16322| [855472] Solaris Update for Apache Security 113146-12
16323| [855179] Solaris Update for Apache 1.3 122912-15
16324| [855147] Solaris Update for kernel update and Apache 108528-29
16325| [855077] Solaris Update for Apache 2 120543-14
16326| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16327| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16328| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16329| [841209] Ubuntu Update for apache2 USN-1627-1
16330| [840900] Ubuntu Update for apache2 USN-1368-1
16331| [840798] Ubuntu Update for apache2 USN-1259-1
16332| [840734] Ubuntu Update for apache2 USN-1199-1
16333| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16334| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16335| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16336| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16337| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16338| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16339| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16340| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16341| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16342| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16343| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16344| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16345| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16346| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16347| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16348| [835188] HP-UX Update for Apache HPSBUX02308
16349| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16350| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16351| [835172] HP-UX Update for Apache HPSBUX02365
16352| [835168] HP-UX Update for Apache HPSBUX02313
16353| [835148] HP-UX Update for Apache HPSBUX01064
16354| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16355| [835131] HP-UX Update for Apache HPSBUX00256
16356| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16357| [835104] HP-UX Update for Apache HPSBUX00224
16358| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16359| [835101] HP-UX Update for Apache HPSBUX01232
16360| [835080] HP-UX Update for Apache HPSBUX02273
16361| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16362| [835044] HP-UX Update for Apache HPSBUX01019
16363| [835040] HP-UX Update for Apache PHP HPSBUX00207
16364| [835025] HP-UX Update for Apache HPSBUX00197
16365| [835023] HP-UX Update for Apache HPSBUX01022
16366| [835022] HP-UX Update for Apache HPSBUX02292
16367| [835005] HP-UX Update for Apache HPSBUX02262
16368| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16369| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16370| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16371| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16372| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16373| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16374| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16375| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16376| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16377| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16378| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16379| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16380| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16381| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16382| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16383| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16384| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16385| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16386| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16387| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16388| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16389| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16390| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16391| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16392| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16393| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16394| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16395| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16396| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16397| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16398| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16399| [801942] Apache Archiva Multiple Vulnerabilities
16400| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16401| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16402| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16403| [801284] Apache Derby Information Disclosure Vulnerability
16404| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16405| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16406| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16407| [800680] Apache APR Version Detection
16408| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16409| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16410| [800677] Apache Roller Version Detection
16411| [800279] Apache mod_jk Module Version Detection
16412| [800278] Apache Struts Cross Site Scripting Vulnerability
16413| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16414| [800276] Apache Struts Version Detection
16415| [800271] Apache Struts Directory Traversal Vulnerability
16416| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16417| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16418| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16419| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16420| [103074] Apache Continuum Cross Site Scripting Vulnerability
16421| [103073] Apache Continuum Detection
16422| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16423| [101023] Apache Open For Business Weak Password security check
16424| [101020] Apache Open For Business HTML injection vulnerability
16425| [101019] Apache Open For Business service detection
16426| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16427| [100923] Apache Archiva Detection
16428| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16429| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16430| [100813] Apache Axis2 Detection
16431| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16432| [100795] Apache Derby Detection
16433| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16434| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16435| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16436| [100514] Apache Multiple Security Vulnerabilities
16437| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16438| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16439| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16440| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16441| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16442| [72612] FreeBSD Ports: apache22
16443| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16444| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16445| [71512] FreeBSD Ports: apache
16446| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16447| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16448| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16449| [70737] FreeBSD Ports: apache
16450| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16451| [70600] FreeBSD Ports: apache
16452| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16453| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16454| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16455| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16456| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16457| [67868] FreeBSD Ports: apache
16458| [66816] FreeBSD Ports: apache
16459| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16460| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16461| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16462| [66081] SLES11: Security update for Apache 2
16463| [66074] SLES10: Security update for Apache 2
16464| [66070] SLES9: Security update for Apache 2
16465| [65998] SLES10: Security update for apache2-mod_python
16466| [65893] SLES10: Security update for Apache 2
16467| [65888] SLES10: Security update for Apache 2
16468| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16469| [65510] SLES9: Security update for Apache 2
16470| [65472] SLES9: Security update for Apache
16471| [65467] SLES9: Security update for Apache
16472| [65450] SLES9: Security update for apache2
16473| [65390] SLES9: Security update for Apache2
16474| [65363] SLES9: Security update for Apache2
16475| [65309] SLES9: Security update for Apache and mod_ssl
16476| [65296] SLES9: Security update for webdav apache module
16477| [65283] SLES9: Security update for Apache2
16478| [65249] SLES9: Security update for Apache 2
16479| [65230] SLES9: Security update for Apache 2
16480| [65228] SLES9: Security update for Apache 2
16481| [65212] SLES9: Security update for apache2-mod_python
16482| [65209] SLES9: Security update for apache2-worker
16483| [65207] SLES9: Security update for Apache 2
16484| [65168] SLES9: Security update for apache2-mod_python
16485| [65142] SLES9: Security update for Apache2
16486| [65136] SLES9: Security update for Apache 2
16487| [65132] SLES9: Security update for apache
16488| [65131] SLES9: Security update for Apache 2 oes/CORE
16489| [65113] SLES9: Security update for apache2
16490| [65072] SLES9: Security update for apache and mod_ssl
16491| [65017] SLES9: Security update for Apache 2
16492| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16493| [64783] FreeBSD Ports: apache
16494| [64774] Ubuntu USN-802-2 (apache2)
16495| [64653] Ubuntu USN-813-2 (apache2)
16496| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16497| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16498| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16499| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16500| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16501| [64443] Ubuntu USN-802-1 (apache2)
16502| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16503| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16504| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16505| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16506| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16507| [64201] Ubuntu USN-787-1 (apache2)
16508| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16509| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16510| [63565] FreeBSD Ports: apache
16511| [63562] Ubuntu USN-731-1 (apache2)
16512| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16513| [61185] FreeBSD Ports: apache
16514| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16515| [60387] Slackware Advisory SSA:2008-045-02 apache
16516| [58826] FreeBSD Ports: apache-tomcat
16517| [58825] FreeBSD Ports: apache-tomcat
16518| [58804] FreeBSD Ports: apache
16519| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16520| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16521| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16522| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16523| [57335] Debian Security Advisory DSA 1167-1 (apache)
16524| [57201] Debian Security Advisory DSA 1131-1 (apache)
16525| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16526| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16527| [57145] FreeBSD Ports: apache
16528| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16529| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16530| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16531| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16532| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16533| [56067] FreeBSD Ports: apache
16534| [55803] Slackware Advisory SSA:2005-310-04 apache
16535| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16536| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16537| [55355] FreeBSD Ports: apache
16538| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16539| [55261] Debian Security Advisory DSA 805-1 (apache2)
16540| [55259] Debian Security Advisory DSA 803-1 (apache)
16541| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16542| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16543| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16544| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16545| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16546| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16547| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16548| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16549| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16550| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16551| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16552| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16553| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16554| [54439] FreeBSD Ports: apache
16555| [53931] Slackware Advisory SSA:2004-133-01 apache
16556| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16557| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16558| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16559| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16560| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16561| [53848] Debian Security Advisory DSA 131-1 (apache)
16562| [53784] Debian Security Advisory DSA 021-1 (apache)
16563| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16564| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16565| [53735] Debian Security Advisory DSA 187-1 (apache)
16566| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16567| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16568| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16569| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16570| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16571| [53282] Debian Security Advisory DSA 594-1 (apache)
16572| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16573| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16574| [53215] Debian Security Advisory DSA 525-1 (apache)
16575| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16576| [52529] FreeBSD Ports: apache+ssl
16577| [52501] FreeBSD Ports: apache
16578| [52461] FreeBSD Ports: apache
16579| [52390] FreeBSD Ports: apache
16580| [52389] FreeBSD Ports: apache
16581| [52388] FreeBSD Ports: apache
16582| [52383] FreeBSD Ports: apache
16583| [52339] FreeBSD Ports: apache+mod_ssl
16584| [52331] FreeBSD Ports: apache
16585| [52329] FreeBSD Ports: ru-apache+mod_ssl
16586| [52314] FreeBSD Ports: apache
16587| [52310] FreeBSD Ports: apache
16588| [15588] Detect Apache HTTPS
16589| [15555] Apache mod_proxy content-length buffer overflow
16590| [15554] Apache mod_include priviledge escalation
16591| [14771] Apache <= 1.3.33 htpasswd local overflow
16592| [14177] Apache mod_access rule bypass
16593| [13644] Apache mod_rootme Backdoor
16594| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16595| [12280] Apache Connection Blocking Denial of Service
16596| [12239] Apache Error Log Escape Sequence Injection
16597| [12123] Apache Tomcat source.jsp malformed request information disclosure
16598| [12085] Apache Tomcat servlet/JSP container default files
16599| [11438] Apache Tomcat Directory Listing and File disclosure
16600| [11204] Apache Tomcat Default Accounts
16601| [11092] Apache 2.0.39 Win32 directory traversal
16602| [11046] Apache Tomcat TroubleShooter Servlet Installed
16603| [11042] Apache Tomcat DOS Device Name XSS
16604| [11041] Apache Tomcat /servlet Cross Site Scripting
16605| [10938] Apache Remote Command Execution via .bat files
16606| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16607| [10773] MacOS X Finder reveals contents of Apache Web files
16608| [10766] Apache UserDir Sensitive Information Disclosure
16609| [10756] MacOS X Finder reveals contents of Apache Web directories
16610| [10752] Apache Auth Module SQL Insertion Attack
16611| [10704] Apache Directory Listing
16612| [10678] Apache /server-info accessible
16613| [10677] Apache /server-status accessible
16614| [10440] Check for Apache Multiple / vulnerability
16615|
16616| SecurityTracker - https://www.securitytracker.com:
16617| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16618| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16619| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16620| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16621| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16622| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16623| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16624| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16625| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16626| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16627| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16628| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16629| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16630| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16631| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16632| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16633| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16634| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16635| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16636| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16637| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16638| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16639| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16640| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16641| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16642| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16643| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16644| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16645| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16646| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16647| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16648| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16649| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16650| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16651| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16652| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16653| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16654| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16655| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16656| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16657| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16658| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16659| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16660| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16661| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16662| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16663| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16664| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16665| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16666| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16667| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16668| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16669| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16670| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16671| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16672| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16673| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16674| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16675| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16676| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16677| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16678| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16679| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16680| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16681| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16682| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16683| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16684| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16685| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16686| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16687| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16688| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16689| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16690| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16691| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16692| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16693| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16694| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16695| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16696| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16697| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16698| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16699| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16700| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16701| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16702| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16703| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16704| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16705| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16706| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16707| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16708| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16709| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16710| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16711| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16712| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16713| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16714| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16715| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16716| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16717| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16718| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16719| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16720| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16721| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16722| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16723| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16724| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16725| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16726| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16727| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16728| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16729| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16730| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16731| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16732| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16733| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16734| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16735| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16736| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16737| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16738| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16739| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16740| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16741| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16742| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16743| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16744| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16745| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16746| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16747| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16748| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16749| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16750| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16751| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16752| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16753| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16754| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16755| [1008920] Apache mod_digest May Validate Replayed Client Responses
16756| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16757| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16758| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16759| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16760| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16761| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16762| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16763| [1008029] Apache mod_alias Contains a Buffer Overflow
16764| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16765| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16766| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16767| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16768| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16769| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16770| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16771| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16772| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16773| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16774| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16775| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16776| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16777| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16778| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16779| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16780| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16781| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16782| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16783| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16784| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16785| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16786| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16787| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16788| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16789| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16790| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16791| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16792| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16793| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16794| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16795| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16796| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16797| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16798| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16799| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16800| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16801| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16802| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16803| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16804| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16805| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16806| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16807| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16808| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16809| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16810| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16811| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16812| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16813| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16814| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16815| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16816| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16817| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16818| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16819| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16820|
16821| OSVDB - http://www.osvdb.org:
16822| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16823| [96077] Apache CloudStack Global Settings Multiple Field XSS
16824| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16825| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16826| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16827| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16828| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16829| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16830| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16831| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16832| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16833| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16834| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16835| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16836| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16837| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16838| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16839| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16840| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16841| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16842| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16843| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16844| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16845| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16846| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16847| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16848| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16849| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16850| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16851| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16852| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16853| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16854| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16855| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16856| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16857| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16858| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16859| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16860| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16861| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16862| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16863| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16864| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16865| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16866| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16867| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16868| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16869| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16870| [94279] Apache Qpid CA Certificate Validation Bypass
16871| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16872| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16873| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16874| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16875| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16876| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16877| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16878| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16879| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16880| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16881| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16882| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16883| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16884| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16885| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16886| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16887| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16888| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16889| [93541] Apache Solr json.wrf Callback XSS
16890| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16891| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16892| [93520] Apache CloudStack Default SSL Key Weakness
16893| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16894| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16895| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16896| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16897| [93515] Apache HBase table.jsp name Parameter XSS
16898| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16899| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16900| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16901| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16902| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16903| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16904| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16905| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16906| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16907| [93252] Apache Tomcat FORM Authenticator Session Fixation
16908| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16909| [93171] Apache Sling HtmlResponse Error Message XSS
16910| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16911| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16912| [93168] Apache Click ErrorReport.java id Parameter XSS
16913| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16914| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16915| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16916| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16917| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16918| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16919| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16920| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16921| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16922| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16923| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16924| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16925| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16926| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16927| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16928| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16929| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16930| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16931| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16932| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16933| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16934| [93144] Apache Solr Admin Command Execution CSRF
16935| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16936| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16937| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16938| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16939| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16940| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16941| [92748] Apache CloudStack VM Console Access Restriction Bypass
16942| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16943| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16944| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16945| [92706] Apache ActiveMQ Debug Log Rendering XSS
16946| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16947| [92270] Apache Tomcat Unspecified CSRF
16948| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16949| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16950| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16951| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16952| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16953| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16954| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16955| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16956| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16957| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16958| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16959| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16960| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16961| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16962| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16963| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16964| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16965| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16966| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16967| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16968| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16969| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16970| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16971| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16972| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16973| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16974| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16975| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16976| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16977| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16978| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16979| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16980| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16981| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16982| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16983| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16984| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16985| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16986| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16987| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16988| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16989| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16990| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16991| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16992| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16993| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16994| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16995| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16996| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16997| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16998| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16999| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
17000| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
17001| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
17002| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
17003| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
17004| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
17005| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
17006| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
17007| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
17008| [86901] Apache Tomcat Error Message Path Disclosure
17009| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
17010| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
17011| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
17012| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
17013| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
17014| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
17015| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
17016| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
17017| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
17018| [85430] Apache mod_pagespeed Module Unspecified XSS
17019| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
17020| [85249] Apache Wicket Unspecified XSS
17021| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
17022| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
17023| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
17024| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
17025| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
17026| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
17027| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
17028| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
17029| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
17030| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
17031| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
17032| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
17033| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
17034| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
17035| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
17036| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
17037| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
17038| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
17039| [83339] Apache Roller Blogger Roll Unspecified XSS
17040| [83270] Apache Roller Unspecified Admin Action CSRF
17041| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
17042| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
17043| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
17044| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
17045| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
17046| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
17047| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
17048| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
17049| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
17050| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
17051| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
17052| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
17053| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
17054| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
17055| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
17056| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
17057| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
17058| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
17059| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
17060| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
17061| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
17062| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
17063| [80300] Apache Wicket wicket:pageMapName Parameter XSS
17064| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
17065| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
17066| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
17067| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
17068| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
17069| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
17070| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
17071| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
17072| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
17073| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
17074| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
17075| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
17076| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
17077| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
17078| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
17079| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
17080| [78331] Apache Tomcat Request Object Recycling Information Disclosure
17081| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
17082| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
17083| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
17084| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
17085| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
17086| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
17087| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
17088| [77593] Apache Struts Conversion Error OGNL Expression Injection
17089| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
17090| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
17091| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
17092| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
17093| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
17094| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
17095| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
17096| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
17097| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
17098| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
17099| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
17100| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
17101| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
17102| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
17103| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
17104| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
17105| [74725] Apache Wicket Multi Window Support Unspecified XSS
17106| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
17107| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
17108| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
17109| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
17110| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
17111| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
17112| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
17113| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
17114| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
17115| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
17116| [73644] Apache XML Security Signature Key Parsing Overflow DoS
17117| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17118| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17119| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17120| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17121| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17122| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17123| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17124| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17125| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17126| [73154] Apache Archiva Multiple Unspecified CSRF
17127| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17128| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17129| [72238] Apache Struts Action / Method Names <
17130| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17131| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17132| [71557] Apache Tomcat HTML Manager Multiple XSS
17133| [71075] Apache Archiva User Management Page XSS
17134| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
17135| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
17136| [70924] Apache Continuum Multiple Admin Function CSRF
17137| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
17138| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
17139| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
17140| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
17141| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
17142| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
17143| [69520] Apache Archiva Administrator Credential Manipulation CSRF
17144| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
17145| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
17146| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
17147| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
17148| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
17149| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
17150| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
17151| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
17152| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
17153| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
17154| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
17155| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
17156| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
17157| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
17158| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
17159| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
17160| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
17161| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
17162| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
17163| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
17164| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
17165| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
17166| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
17167| [65054] Apache ActiveMQ Jetty Error Handler XSS
17168| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
17169| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
17170| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
17171| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
17172| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
17173| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
17174| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
17175| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
17176| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
17177| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
17178| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
17179| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
17180| [63895] Apache HTTP Server mod_headers Unspecified Issue
17181| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
17182| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
17183| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
17184| [63140] Apache Thrift Service Malformed Data Remote DoS
17185| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
17186| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
17187| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
17188| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
17189| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
17190| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
17191| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
17192| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
17193| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
17194| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
17195| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
17196| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
17197| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
17198| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
17199| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
17200| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
17201| [60678] Apache Roller Comment Email Notification Manipulation DoS
17202| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
17203| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
17204| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
17205| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
17206| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
17207| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
17208| [60232] PHP on Apache php.exe Direct Request Remote DoS
17209| [60176] Apache Tomcat Windows Installer Admin Default Password
17210| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
17211| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
17212| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
17213| [59944] Apache Hadoop jobhistory.jsp XSS
17214| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
17215| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
17216| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
17217| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
17218| [59019] Apache mod_python Cookie Salting Weakness
17219| [59018] Apache Harmony Error Message Handling Overflow
17220| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
17221| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
17222| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
17223| [59010] Apache Solr get-file.jsp XSS
17224| [59009] Apache Solr action.jsp XSS
17225| [59008] Apache Solr analysis.jsp XSS
17226| [59007] Apache Solr schema.jsp Multiple Parameter XSS
17227| [59006] Apache Beehive select / checkbox Tag XSS
17228| [59005] Apache Beehive jpfScopeID Global Parameter XSS
17229| [59004] Apache Beehive Error Message XSS
17230| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
17231| [59002] Apache Jetspeed default-page.psml URI XSS
17232| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
17233| [59000] Apache CXF Unsigned Message Policy Bypass
17234| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
17235| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
17236| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
17237| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
17238| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
17239| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
17240| [58993] Apache Hadoop browseBlock.jsp XSS
17241| [58991] Apache Hadoop browseDirectory.jsp XSS
17242| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
17243| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
17244| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
17245| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
17246| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
17247| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
17248| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
17249| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
17250| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
17251| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
17252| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
17253| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
17254| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
17255| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
17256| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
17257| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
17258| [58974] Apache Sling /apps Script User Session Management Access Weakness
17259| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
17260| [58931] Apache Geronimo Cookie Parameters Validation Weakness
17261| [58930] Apache Xalan-C++ XPath Handling Remote DoS
17262| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
17263| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
17264| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
17265| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
17266| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
17267| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
17268| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
17269| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
17270| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
17271| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
17272| [58805] Apache Derby Unauthenticated Database / Admin Access
17273| [58804] Apache Wicket Header Contribution Unspecified Issue
17274| [58803] Apache Wicket Session Fixation
17275| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
17276| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
17277| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
17278| [58799] Apache Tapestry Logging Cleartext Password Disclosure
17279| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
17280| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
17281| [58796] Apache Jetspeed Unsalted Password Storage Weakness
17282| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
17283| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
17284| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
17285| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
17286| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
17287| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
17288| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
17289| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
17290| [58775] Apache JSPWiki preview.jsp action Parameter XSS
17291| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17292| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
17293| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
17294| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
17295| [58770] Apache JSPWiki Group.jsp group Parameter XSS
17296| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
17297| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
17298| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
17299| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
17300| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17301| [58763] Apache JSPWiki Include Tag Multiple Script XSS
17302| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
17303| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
17304| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
17305| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
17306| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
17307| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
17308| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
17309| [58755] Apache Harmony DRLVM Non-public Class Member Access
17310| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
17311| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
17312| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
17313| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
17314| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
17315| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
17316| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
17317| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
17318| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
17319| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
17320| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
17321| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
17322| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
17323| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
17324| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
17325| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17326| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17327| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17328| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17329| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17330| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17331| [58724] Apache Roller Logout Functionality Failure Session Persistence
17332| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17333| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17334| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17335| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17336| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17337| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17338| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17339| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17340| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17341| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17342| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17343| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17344| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17345| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17346| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17347| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17348| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17349| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17350| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17351| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17352| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17353| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17354| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17355| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17356| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17357| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17358| [58687] Apache Axis Invalid wsdl Request XSS
17359| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17360| [58685] Apache Velocity Template Designer Privileged Code Execution
17361| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17362| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17363| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17364| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17365| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17366| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17367| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17368| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17369| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17370| [58667] Apache Roller Database Cleartext Passwords Disclosure
17371| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17372| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17373| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17374| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17375| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17376| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17377| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17378| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17379| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17380| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17381| [56984] Apache Xerces2 Java Malformed XML Input DoS
17382| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17383| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17384| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17385| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17386| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17387| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17388| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17389| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17390| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17391| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17392| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17393| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17394| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17395| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17396| [55056] Apache Tomcat Cross-application TLD File Manipulation
17397| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17398| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17399| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17400| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17401| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17402| [54589] Apache Jserv Nonexistent JSP Request XSS
17403| [54122] Apache Struts s:a / s:url Tag href Element XSS
17404| [54093] Apache ActiveMQ Web Console JMS Message XSS
17405| [53932] Apache Geronimo Multiple Admin Function CSRF
17406| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17407| [53930] Apache Geronimo /console/portal/ URI XSS
17408| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17409| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17410| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17411| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17412| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17413| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17414| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17415| [53380] Apache Struts Unspecified XSS
17416| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17417| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17418| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17419| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17420| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17421| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17422| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17423| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17424| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17425| [51151] Apache Roller Search Function q Parameter XSS
17426| [50482] PHP with Apache php_value Order Unspecified Issue
17427| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17428| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17429| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17430| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17431| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17432| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17433| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17434| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17435| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17436| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17437| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17438| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17439| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17440| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17441| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17442| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17443| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17444| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17445| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17446| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17447| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17448| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17449| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17450| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17451| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17452| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17453| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17454| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17455| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17456| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17457| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17458| [43452] Apache Tomcat HTTP Request Smuggling
17459| [43309] Apache Geronimo LoginModule Login Method Bypass
17460| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17461| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17462| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17463| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17464| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17465| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17466| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17467| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17468| [42091] Apache Maven Site Plugin Installation Permission Weakness
17469| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17470| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17471| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17472| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17473| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17474| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17475| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17476| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17477| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17478| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17479| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17480| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17481| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17482| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17483| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17484| [40262] Apache HTTP Server mod_status refresh XSS
17485| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17486| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17487| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17488| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17489| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17490| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17491| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17492| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17493| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17494| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17495| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17496| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17497| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17498| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17499| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17500| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17501| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17502| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17503| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17504| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17505| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17506| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17507| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17508| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17509| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17510| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17511| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17512| [36079] Apache Tomcat Manager Uploaded Filename XSS
17513| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17514| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17515| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17516| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17517| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17518| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17519| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17520| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17521| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17522| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17523| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17524| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17525| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17526| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17527| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17528| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17529| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17530| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17531| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17532| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17533| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17534| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17535| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17536| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17537| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17538| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17539| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17540| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17541| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17542| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17543| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17544| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17545| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17546| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17547| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17548| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17549| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17550| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17551| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17552| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17553| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17554| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17555| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17556| [24365] Apache Struts Multiple Function Error Message XSS
17557| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17558| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17559| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17560| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17561| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17562| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17563| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17564| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17565| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17566| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17567| [22459] Apache Geronimo Error Page XSS
17568| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17569| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17570| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17571| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17572| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17573| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17574| [21021] Apache Struts Error Message XSS
17575| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17576| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17577| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17578| [20439] Apache Tomcat Directory Listing Saturation DoS
17579| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17580| [20285] Apache HTTP Server Log File Control Character Injection
17581| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17582| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17583| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17584| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17585| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17586| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17587| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17588| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17589| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17590| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17591| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17592| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17593| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17594| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17595| [18233] Apache HTTP Server htdigest user Variable Overfow
17596| [17738] Apache HTTP Server HTTP Request Smuggling
17597| [16586] Apache HTTP Server Win32 GET Overflow DoS
17598| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17599| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17600| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17601| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17602| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17603| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17604| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17605| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17606| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17607| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17608| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17609| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17610| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17611| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17612| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17613| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17614| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17615| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17616| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17617| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17618| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17619| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17620| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17621| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17622| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17623| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17624| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17625| [13304] Apache Tomcat realPath.jsp Path Disclosure
17626| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17627| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17628| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17629| [12848] Apache HTTP Server htdigest realm Variable Overflow
17630| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17631| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17632| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17633| [12557] Apache HTTP Server prefork MPM accept Error DoS
17634| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17635| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17636| [12231] Apache Tomcat web.xml Arbitrary File Access
17637| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17638| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17639| [12178] Apache Jakarta Lucene results.jsp XSS
17640| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17641| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17642| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17643| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17644| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17645| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17646| [10471] Apache Xerces-C++ XML Parser DoS
17647| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17648| [10068] Apache HTTP Server htpasswd Local Overflow
17649| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17650| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17651| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17652| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17653| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17654| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17655| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17656| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17657| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17658| [9714] Apache Authentication Module Threaded MPM DoS
17659| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17660| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17661| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17662| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17663| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17664| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17665| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17666| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17667| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17668| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17669| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17670| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17671| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17672| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17673| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17674| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17675| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17676| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17677| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17678| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17679| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17680| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17681| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17682| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17683| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17684| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17685| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17686| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17687| [9208] Apache Tomcat .jsp Encoded Newline XSS
17688| [9204] Apache Tomcat ROOT Application XSS
17689| [9203] Apache Tomcat examples Application XSS
17690| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17691| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17692| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17693| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17694| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17695| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17696| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17697| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17698| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17699| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17700| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17701| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17702| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17703| [7611] Apache HTTP Server mod_alias Local Overflow
17704| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17705| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17706| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17707| [6882] Apache mod_python Malformed Query String Variant DoS
17708| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17709| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17710| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17711| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17712| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17713| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17714| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17715| [5278] Apache Tomcat web.xml Restriction Bypass
17716| [5051] Apache Tomcat Null Character DoS
17717| [4973] Apache Tomcat servlet Mapping XSS
17718| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17719| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17720| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17721| [4568] mod_survey For Apache ENV Tags SQL Injection
17722| [4553] Apache HTTP Server ApacheBench Overflow DoS
17723| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17724| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17725| [4383] Apache HTTP Server Socket Race Condition DoS
17726| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17727| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17728| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17729| [4231] Apache Cocoon Error Page Server Path Disclosure
17730| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17731| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17732| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17733| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17734| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17735| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17736| [3322] mod_php for Apache HTTP Server Process Hijack
17737| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17738| [2885] Apache mod_python Malformed Query String DoS
17739| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17740| [2733] Apache HTTP Server mod_rewrite Local Overflow
17741| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17742| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17743| [2149] Apache::Gallery Privilege Escalation
17744| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17745| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17746| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17747| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17748| [872] Apache Tomcat Multiple Default Accounts
17749| [862] Apache HTTP Server SSI Error Page XSS
17750| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17751| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17752| [845] Apache Tomcat MSDOS Device XSS
17753| [844] Apache Tomcat Java Servlet Error Page XSS
17754| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17755| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17756| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17757| [775] Apache mod_python Module Importing Privilege Function Execution
17758| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17759| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17760| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17761| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17762| [637] Apache HTTP Server UserDir Directive Username Enumeration
17763| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17764| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17765| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17766| [561] Apache Web Servers mod_status /server-status Information Disclosure
17767| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17768| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17769| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17770| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17771| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17772| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17773| [376] Apache Tomcat contextAdmin Arbitrary File Access
17774| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17775| [222] Apache HTTP Server test-cgi Arbitrary File Access
17776| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17777| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17778|_
17779445/tcp filtered microsoft-ds
17780465/tcp open ssl/smtp Exim smtpd 4.92
17781| vulscan: VulDB - https://vuldb.com:
17782| [141327] Exim up to 4.92.1 Backslash privilege escalation
17783| [138827] Exim up to 4.92 Expansion Code Execution
17784| [135932] Exim up to 4.92 privilege escalation
17785| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
17786|
17787| MITRE CVE - https://cve.mitre.org:
17788| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
17789| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
17790| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
17791| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
17792| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
17793| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
17794| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
17795| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
17796| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
17797| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
17798| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
17799| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
17800| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
17801| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
17802| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
17803| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
17804|
17805| SecurityFocus - https://www.securityfocus.com/bid/:
17806| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
17807| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
17808| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
17809| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
17810| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
17811| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
17812| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17813| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
17814| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
17815| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
17816| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
17817| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
17818| [45308] Exim Crafted Header Remote Code Execution Vulnerability
17819| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
17820| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
17821| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
17822| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
17823| [17110] sa-exim Unauthorized File Access Vulnerability
17824| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
17825| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
17826| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
17827| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
17828| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
17829| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
17830| [6314] Exim Internet Mailer Format String Vulnerability
17831| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
17832| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
17833| [2828] Exim Format String Vulnerability
17834| [1859] Exim Buffer Overflow Vulnerability
17835|
17836| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17837| [84758] Exim sender_address parameter command execution
17838| [84015] Exim command execution
17839| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
17840| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
17841| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
17842| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
17843| [67455] Exim DKIM processing code execution
17844| [67299] Exim dkim_exim_verify_finish() format string
17845| [65028] Exim open_log privilege escalation
17846| [63967] Exim config file privilege escalation
17847| [63960] Exim header buffer overflow
17848| [59043] Exim mail directory privilege escalation
17849| [59042] Exim MBX symlink
17850| [52922] ikiwiki teximg plugin information disclosure
17851| [34265] Exim spamd buffer overflow
17852| [25286] Sa-exim greylistclean.cron file deletion
17853| [22687] RHSA-2005:025 updates for exim not installed
17854| [18901] Exim dns_build_reverse buffer overflow
17855| [18764] Exim spa_base64_to_bits function buffer overflow
17856| [18763] Exim host_aton buffer overflow
17857| [16079] Exim require_verify buffer overflow
17858| [16077] Exim header_check_syntax buffer overflow
17859| [16075] Exim sender_verify buffer overflow
17860| [13067] Exim HELO or EHLO command heap overflow
17861| [10761] Exim daemon.c format string
17862| [8194] Exim configuration file -c command-line argument buffer overflow
17863| [7738] Exim allows attacker to hide commands in localhost names using pipes
17864| [6671] Exim "
17865| [1893] Exim MTA allows local users to gain root privileges
17866|
17867| Exploit-DB - https://www.exploit-db.com:
17868| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
17869| [15725] Exim 4.63 Remote Root Exploit
17870| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
17871| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
17872| [796] Exim <= 4.42 Local Root Exploit
17873| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
17874|
17875| OpenVAS (Nessus) - http://www.openvas.org:
17876| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
17877|
17878| SecurityTracker - https://www.securitytracker.com:
17879| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
17880| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
17881| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
17882| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
17883| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
17884| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
17885| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
17886| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
17887| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
17888| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
17889| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
17890| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
17891|
17892| OSVDB - http://www.osvdb.org:
17893| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
17894| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
17895| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
17896| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
17897| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
17898| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
17899| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
17900| [70696] Exim log.c open_log() Function Local Privilege Escalation
17901| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
17902| [69685] Exim string_format Function Remote Overflow
17903| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
17904| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
17905| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
17906| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
17907| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
17908| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
17909| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
17910| [12726] Exim -be Command Line Option host_aton Function Local Overflow
17911| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
17912| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
17913| [10032] libXpm CreateXImage Function Integer Overflow
17914| [7160] Exim .forward :include: Option Privilege Escalation
17915| [6479] Vexim COOKIE Authentication Credential Disclosure
17916| [6478] Vexim Multiple Parameter SQL Injection
17917| [5930] Exim Parenthesis File Name Filter Bypass
17918| [5897] Exim header_syntax Function Remote Overflow
17919| [5896] Exim sender_verify Function Remote Overflow
17920| [5530] Exim Localhost Name Arbitrary Command Execution
17921| [5330] Exim Configuration File Variable Overflow
17922| [1855] Exim Batched SMTP Mail Header Format String
17923|_
17924587/tcp open smtp Exim smtpd 4.92
17925| vulscan: VulDB - https://vuldb.com:
17926| [141327] Exim up to 4.92.1 Backslash privilege escalation
17927| [138827] Exim up to 4.92 Expansion Code Execution
17928| [135932] Exim up to 4.92 privilege escalation
17929| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
17930|
17931| MITRE CVE - https://cve.mitre.org:
17932| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
17933| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
17934| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
17935| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
17936| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
17937| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
17938| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
17939| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
17940| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
17941| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
17942| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
17943| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
17944| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
17945| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
17946| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
17947| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
17948|
17949| SecurityFocus - https://www.securityfocus.com/bid/:
17950| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
17951| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
17952| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
17953| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
17954| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
17955| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
17956| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17957| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
17958| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
17959| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
17960| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
17961| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
17962| [45308] Exim Crafted Header Remote Code Execution Vulnerability
17963| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
17964| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
17965| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
17966| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
17967| [17110] sa-exim Unauthorized File Access Vulnerability
17968| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
17969| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
17970| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
17971| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
17972| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
17973| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
17974| [6314] Exim Internet Mailer Format String Vulnerability
17975| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
17976| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
17977| [2828] Exim Format String Vulnerability
17978| [1859] Exim Buffer Overflow Vulnerability
17979|
17980| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17981| [84758] Exim sender_address parameter command execution
17982| [84015] Exim command execution
17983| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
17984| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
17985| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
17986| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
17987| [67455] Exim DKIM processing code execution
17988| [67299] Exim dkim_exim_verify_finish() format string
17989| [65028] Exim open_log privilege escalation
17990| [63967] Exim config file privilege escalation
17991| [63960] Exim header buffer overflow
17992| [59043] Exim mail directory privilege escalation
17993| [59042] Exim MBX symlink
17994| [52922] ikiwiki teximg plugin information disclosure
17995| [34265] Exim spamd buffer overflow
17996| [25286] Sa-exim greylistclean.cron file deletion
17997| [22687] RHSA-2005:025 updates for exim not installed
17998| [18901] Exim dns_build_reverse buffer overflow
17999| [18764] Exim spa_base64_to_bits function buffer overflow
18000| [18763] Exim host_aton buffer overflow
18001| [16079] Exim require_verify buffer overflow
18002| [16077] Exim header_check_syntax buffer overflow
18003| [16075] Exim sender_verify buffer overflow
18004| [13067] Exim HELO or EHLO command heap overflow
18005| [10761] Exim daemon.c format string
18006| [8194] Exim configuration file -c command-line argument buffer overflow
18007| [7738] Exim allows attacker to hide commands in localhost names using pipes
18008| [6671] Exim "
18009| [1893] Exim MTA allows local users to gain root privileges
18010|
18011| Exploit-DB - https://www.exploit-db.com:
18012| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
18013| [15725] Exim 4.63 Remote Root Exploit
18014| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
18015| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
18016| [796] Exim <= 4.42 Local Root Exploit
18017| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
18018|
18019| OpenVAS (Nessus) - http://www.openvas.org:
18020| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
18021|
18022| SecurityTracker - https://www.securitytracker.com:
18023| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
18024| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
18025| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
18026| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
18027| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
18028| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
18029| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
18030| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
18031| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
18032| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
18033| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
18034| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
18035|
18036| OSVDB - http://www.osvdb.org:
18037| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
18038| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
18039| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
18040| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
18041| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
18042| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
18043| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
18044| [70696] Exim log.c open_log() Function Local Privilege Escalation
18045| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
18046| [69685] Exim string_format Function Remote Overflow
18047| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
18048| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
18049| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
18050| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
18051| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
18052| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
18053| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
18054| [12726] Exim -be Command Line Option host_aton Function Local Overflow
18055| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
18056| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
18057| [10032] libXpm CreateXImage Function Integer Overflow
18058| [7160] Exim .forward :include: Option Privilege Escalation
18059| [6479] Vexim COOKIE Authentication Credential Disclosure
18060| [6478] Vexim Multiple Parameter SQL Injection
18061| [5930] Exim Parenthesis File Name Filter Bypass
18062| [5897] Exim header_syntax Function Remote Overflow
18063| [5896] Exim sender_verify Function Remote Overflow
18064| [5530] Exim Localhost Name Arbitrary Command Execution
18065| [5330] Exim Configuration File Variable Overflow
18066| [1855] Exim Batched SMTP Mail Header Format String
18067|_
18068993/tcp open imaps?
18069995/tcp open pop3s?
180703306/tcp open mysql MySQL 5.7.29
18071| vulscan: VulDB - https://vuldb.com:
18072| [138098] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Plug-in unknown vulnerability
18073| [138097] Oracle MySQL Server up to 5.7.26/8.0.16 Client programs denial of service
18074| [138094] Oracle MySQL Server up to 5.7.25/8.0.15 Replication denial of service
18075| [138085] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
18076| [138084] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
18077| [138073] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Log denial of service
18078| [138072] Oracle MySQL Server up to 5.7.26/8.0.16 Privileges unknown vulnerability
18079| [138071] Oracle MySQL Server up to 5.7.23 Replication unknown vulnerability
18080| [138069] Oracle MySQL Server up to 5.7.26/8.0.16 InnoDB unknown vulnerability
18081| [138058] Oracle MySQL Server up to 5.7.26/8.0.15 cURL unknown vulnerability
18082| [129647] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
18083| [129646] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
18084| [129644] Oracle MySQL Server up to 5.7.24/8.0.13 Partition denial of service
18085| [129640] Oracle MySQL Server up to 5.7.24/8.0.13 Optimizer denial of service
18086| [129635] Oracle MySQL Server up to 5.7.24/8.0.13 InnoDB denial of service
18087| [129628] Oracle MySQL Server up to 5.7.24/8.0.13 Parser denial of service
18088| [125567] Oracle MySQL Server up to 5.7.23/8.0.12 Logging denial of service
18089| [125566] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
18090| [125561] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
18091| [125555] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
18092| [125554] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
18093| [125553] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
18094| [125552] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
18095| [125551] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
18096| [125549] Oracle MySQL Server up to 5.7.23/8.0.12 Optimizer denial of service
18097| [125546] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
18098| [125545] Oracle MySQL Server up to 5.7.23/8.0.12 Audit denial of service
18099| [125536] Oracle MySQL Server up to 5.7.23/8.0.12 Parser denial of service
18100| [121797] Oracle MySQL Server up to 5.7.22/8.0.11 Privileges unknown vulnerability
18101| [121792] Oracle MySQL Server up to 5.7.22 DML denial of service
18102| [121789] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
18103| [121788] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
18104| [121786] Oracle MySQL Server up to 5.7.22 Audit Log denial of service
18105| [121779] Oracle MySQL Server up to 5.7.22/8.0.11 DML denial of service
18106| [121778] Oracle MySQL Server up to 5.7.22/8.0.11 InnoDB denial of service
18107| [116759] Oracle MySQL Server up to 5.7.21 Group Replication GCS denial of service
18108| [116758] Oracle MySQL Server up to 5.7.21 Pluggable Auth denial of service
18109| [116757] Oracle MySQL Server up to 5.7.21 Performance Schema denial of service
18110| [116756] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
18111| [116754] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
18112| [116753] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
18113| [116752] Oracle MySQL Server up to 5.7.21 DML denial of service
18114| [116750] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
18115| [116749] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
18116| [116747] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
18117| [116745] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
18118| [116743] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
18119| [116740] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
18120| [116739] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
18121| [112110] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
18122| [112109] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
18123| [112108] Oracle MySQL Server up to 5.7.20 InnoDB denial of service
18124| [112107] Oracle MySQL Server up to 5.7.20 DML denial of service
18125| [112106] Oracle MySQL Server up to 5.7.20 DML denial of service
18126| [112105] Oracle MySQL Server up to 5.7.20 DML denial of service
18127| [75159] Oracle MySQL up to 5.7.2 SSL Client weak encryption
18128| [108192] Oracle MySQL Server up to 5.7.18 InnoDB denial of service
18129| [108189] Oracle MySQL Server up to 5.7.18 Stored Procedure denial of service
18130| [108188] Oracle MySQL Server up to 5.7.19 Replication denial of service
18131| [108183] Oracle MySQL Server up to 5.7.19 InnoDB denial of service
18132| [108182] Oracle MySQL Server up to 5.7.19 FTS denial of service
18133| [108181] Oracle MySQL Server up to 5.7.18 DML denial of service
18134| [108180] Oracle MySQL Server up to 5.7.19 Group Replication GCS denial of service
18135| [108175] Oracle MySQL Server up to 5.7.19 Optimizer denial of service
18136| [104088] Oracle MySQL Server up to 5.7.18 C API information disclosure
18137| [104081] Oracle MySQL Server up to 5.7.16 X Plugin denial of service
18138| [104080] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
18139| [104079] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
18140| [104078] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
18141| [104077] Oracle MySQL Server up to 5.7.18 DML denial of service
18142| [104076] Oracle MySQL Server up to 5.7.18 DML denial of service
18143| [104074] Oracle MySQL Server up to 5.7.18 DML denial of service
18144| [104073] Oracle MySQL Server up to 5.7.18 DML denial of service
18145| [104072] Oracle MySQL Server up to 5.7.18 X Plugin denial of service
18146| [104071] Oracle MySQL Server up to 5.7.18 UDF denial of service
18147| [100232] Oracle MySQL Server up to 5.7.17 Encryption weak encryption
18148| [100227] Oracle MySQL Server up to 5.7.17 C API information disclosure
18149| [100226] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
18150| [100221] Oracle MySQL Server up to 5.7.17 Optimizer denial of service
18151| [100220] Oracle MySQL Server up to 5.7.17 DML denial of service
18152| [100219] Oracle MySQL Server up to 5.7.17 DML denial of service
18153| [100217] Oracle MySQL Server up to 5.7.17 Audit Plug-in denial of service
18154| [100214] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
18155| [100212] Oracle MySQL Server up to 5.7.17 InnoDB denial of service
18156| [100206] Oracle MySQL Server up to 5.7.17 DML denial of service
18157| [95730] Oracle MySQL Server up to 5.7.16 Encryption weak encryption
18158| [95729] Oracle MySQL Server up to 5.7.16 X Plugin unknown vulnerability
18159| [95719] Oracle MySQL Server up to 5.7.16 Optimizer denial of service
18160| [95716] Oracle MySQL Server up to 5.7.16 Replication denial of service
18161| [95714] Oracle MySQL Server 5.6.34 5.7.16 InnoDB denial of service
18162| [92895] Oracle MySQL Server up to 5.6.31 5.7.13 DML denial of service
18163| [92835] Oracle MySQL Server up to 5.7.13 Audit denial of service
18164| [92834] Oracle MySQL Server up to 5.7.13 RBR denial of service
18165| [92833] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
18166| [92832] Oracle MySQL Server up to 5.7.14 Optimizer denial of service
18167| [92831] Oracle MySQL Server up to 5.7.13 Memcached denial of service
18168| [92829] Oracle MySQL Server up to 5.6.31 5.7.13 InnoDB denial of service
18169| [92828] Oracle MySQL Server up to 5.7.13 InnoDB denial of service
18170| [92826] Oracle MySQL Server up to 5.7.13 DML denial of service
18171| [92821] Oracle MySQL Server up to 5.7.13 Replication denial of service
18172| [92820] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
18173| [92790] Oracle MySQL Server up to 5.7.14 Privileges information disclosure
18174| [90134] Oracle MySQL Server up to 5.7.12 Encryption denial of service
18175| [90133] Oracle MySQL Server up to 5.7.12 Replication denial of service
18176| [90130] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
18177| [90129] Oracle MySQL Server up to 5.7.12 Log denial of service
18178| [90127] Oracle MySQL Server up to 5.7.12 InnoDB denial of service
18179| [90124] Oracle MySQL Server up to 5.7.12 InnoDB memory corruption
18180| [90122] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
18181| [90117] Oracle MySQL Server up to 5.7.11 Optimizer denial of service
18182| [80599] Oracle MySQL Server 5.7.9 Partition denial of service
18183| [80598] Oracle MySQL Server 5.7.9 Optimizer denial of service
18184|
18185| MITRE CVE - https://cve.mitre.org:
18186| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
18187| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
18188| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
18189| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
18190| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
18191| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
18192| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
18193| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
18194| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18195| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
18196| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
18197| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
18198| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18199| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
18200| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
18201| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
18202| [CVE-2013-3783] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
18203| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
18204| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18205| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
18206| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18207| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
18208| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
18209| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
18210| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
18211| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
18212| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
18213| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
18214| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18215| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
18216| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
18217| [CVE-2013-1548] Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
18218| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
18219| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
18220| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
18221| [CVE-2013-1526] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
18222| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
18223| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
18224| [CVE-2013-1512] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
18225| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18226| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
18227| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
18228| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
18229| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18230| [CVE-2013-0386] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
18231| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
18232| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
18233| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
18234| [CVE-2013-0375] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
18235| [CVE-2013-0371] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
18236| [CVE-2013-0368] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18237| [CVE-2013-0367] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
18238| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
18239| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
18240| [CVE-2012-5613] ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
18241| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
18242| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
18243| [CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
18244| [CVE-2012-5096] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
18245| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
18246| [CVE-2012-4452] MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
18247| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
18248| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
18249| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18250| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
18251| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
18252| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
18253| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18254| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
18255| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
18256| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
18257| [CVE-2012-3156] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
18258| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18259| [CVE-2012-3149] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
18260| [CVE-2012-3147] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
18261| [CVE-2012-3144] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
18262| [CVE-2012-2750] Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
18263| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
18264| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
18265| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
18266| [CVE-2012-1757] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18267| [CVE-2012-1756] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
18268| [CVE-2012-1735] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18269| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18270| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18271| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18272| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
18273| [CVE-2012-1697] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
18274| [CVE-2012-1696] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18275| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18276| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18277| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
18278| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
18279| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
18280| [CVE-2012-0578] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
18281| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
18282| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18283| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
18284| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
18285| [CVE-2012-0496] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
18286| [CVE-2012-0495] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
18287| [CVE-2012-0494] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
18288| [CVE-2012-0493] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
18289| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
18290| [CVE-2012-0491] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
18291| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
18292| [CVE-2012-0489] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
18293| [CVE-2012-0488] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
18294| [CVE-2012-0487] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
18295| [CVE-2012-0486] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
18296| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
18297| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
18298| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
18299| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
18300| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
18301| [CVE-2012-0117] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
18302| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
18303| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
18304| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
18305| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
18306| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
18307| [CVE-2012-0102] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
18308| [CVE-2012-0101] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
18309| [CVE-2012-0087] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
18310| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
18311| [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
18312| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
18313| [CVE-2011-1906] Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
18314| [CVE-2010-4700] The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
18315| [CVE-2010-3840] The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
18316| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
18317| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
18318| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
18319| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
18320| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
18321| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
18322| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
18323| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
18324| [CVE-2010-3682] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
18325| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
18326| [CVE-2010-3680] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
18327| [CVE-2010-3679] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
18328| [CVE-2010-3678] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
18329| [CVE-2010-3677] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
18330| [CVE-2010-3676] storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
18331| [CVE-2010-3064] Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
18332| [CVE-2010-3063] The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
18333| [CVE-2010-3062] mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function
18334| [CVE-2010-2008] MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
18335| [CVE-2010-1850] Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
18336| [CVE-2010-1849] The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
18337| [CVE-2010-1848] Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
18338| [CVE-2010-1626] MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
18339| [CVE-2010-1621] The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
18340| [CVE-2009-5026] The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
18341| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
18342| [CVE-2009-4030] MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
18343| [CVE-2009-4028] The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
18344| [CVE-2009-4019] mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
18345| [CVE-2009-2446] Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
18346| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
18347| [CVE-2008-7247] sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
18348| [CVE-2008-4456] Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
18349| [CVE-2008-4098] MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
18350| [CVE-2008-4097] MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
18351| [CVE-2008-3963] MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
18352| [CVE-2008-2079] MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
18353| [CVE-2008-1486] SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
18354| [CVE-2007-6313] MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
18355| [CVE-2007-6304] The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
18356| [CVE-2007-6303] MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
18357| [CVE-2007-5970] MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
18358| [CVE-2007-5969] MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
18359| [CVE-2007-5925] The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
18360| [CVE-2007-5646] SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
18361| [CVE-2007-4889] The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
18362| [CVE-2007-3997] The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
18363| [CVE-2007-3782] MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
18364| [CVE-2007-3781] MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
18365| [CVE-2007-3780] MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
18366| [CVE-2007-2693] MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
18367| [CVE-2007-2692] The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
18368| [CVE-2007-2691] MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
18369| [CVE-2007-2583] The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
18370| [CVE-2007-1420] MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
18371| [CVE-2006-7232] sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
18372| [CVE-2006-4835] Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
18373| [CVE-2006-4227] MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
18374| [CVE-2006-4226] MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
18375| [CVE-2006-4031] MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
18376| [CVE-2006-3486] ** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.
18377| [CVE-2006-3469] Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
18378| [CVE-2006-3081] mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
18379| [CVE-2006-2753] SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
18380| [CVE-2006-1518] Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
18381| [CVE-2006-1517] sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
18382| [CVE-2006-1516] The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
18383| [CVE-2006-0903] MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
18384| [CVE-2006-0369] ** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views
18385| [CVE-2006-0200] Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
18386| [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
18387| [CVE-2005-2558] Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
18388| [CVE-2005-1636] mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
18389| [CVE-2005-0004] The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
18390| [CVE-2004-0835] MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
18391| [CVE-2004-0628] Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
18392| [CVE-2004-0627] The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
18393|
18394| SecurityFocus - https://www.securityfocus.com/bid/:
18395| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
18396| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
18397| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
18398| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
18399| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
18400| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
18401| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
18402| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
18403| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
18404| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
18405| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
18406|
18407| IBM X-Force - https://exchange.xforce.ibmcloud.com:
18408| [85724] Oracle MySQL Server XA Transactions denial of service
18409| [85723] Oracle MySQL Server Server Replication denial of service
18410| [85722] Oracle MySQL Server InnoDB denial of service
18411| [85721] Oracle MySQL Server Server Privileges unspecified
18412| [85720] Oracle MySQL Server Server Partition denial of service
18413| [85719] Oracle MySQL Server Server Parser denial of service
18414| [85718] Oracle MySQL Server Server Options denial of service
18415| [85717] Oracle MySQL Server Server Options denial of service
18416| [85716] Oracle MySQL Server Server Optimizer denial of service
18417| [85715] Oracle MySQL Server Server Optimizer denial of service
18418| [85714] Oracle MySQL Server Prepared Statements denial of service
18419| [85713] Oracle MySQL Server InnoDB denial of service
18420| [85712] Oracle MySQL Server Full Text Search denial of service
18421| [85711] Oracle MySQL Server Data Manipulation Language denial of service
18422| [85710] Oracle MySQL Server Data Manipulation Language denial of service
18423| [85709] Oracle MySQL Server Audit Log unspecified
18424| [85708] Oracle MySQL Server MemCached unspecified
18425| [84846] Debian mysql-server package information disclosure
18426| [84375] Wireshark MySQL dissector denial of service
18427| [83554] Oracle MySQL Server Server Partition denial of service
18428| [83553] Oracle MySQL Server Server Locking denial of service
18429| [83552] Oracle MySQL Server Server Install unspecified
18430| [83551] Oracle MySQL Server Server Types denial of service
18431| [83550] Oracle MySQL Server Server Privileges unspecified
18432| [83549] Oracle MySQL Server InnoDB denial of service
18433| [83548] Oracle MySQL Server InnoDB denial of service
18434| [83547] Oracle MySQL Server Data Manipulation Language denial of service
18435| [83546] Oracle MySQL Server Stored Procedure denial of service
18436| [83545] Oracle MySQL Server Server Replication denial of service
18437| [83544] Oracle MySQL Server Server Partition denial of service
18438| [83543] Oracle MySQL Server Server Optimizer denial of service
18439| [83542] Oracle MySQL Server InnoDB denial of service
18440| [83541] Oracle MySQL Server Information Schema denial of service
18441| [83540] Oracle MySQL Server Data Manipulation Language denial of service
18442| [83539] Oracle MySQL Server Data Manipulation Language denial of service
18443| [83538] Oracle MySQL Server Server Optimizer unspecified
18444| [83537] Oracle MySQL Server MemCached denial of service
18445| [83536] Oracle MySQL Server Server Privileges unspecified
18446| [83535] Oracle MySQL Server Server Privileges unspecified
18447| [83534] Oracle MySQL Server Server unspecified
18448| [83533] Oracle MySQL Server Information Schema unspecified
18449| [83532] Oracle MySQL Server Server Locking unspecified
18450| [83531] Oracle MySQL Server Data Manipulation Language denial of service
18451| [83388] MySQL administrative login attempt detected
18452| [82963] Mambo MySQL database information disclosure
18453| [82946] Oracle MySQL buffer overflow
18454| [82945] Oracle MySQL buffer overflow
18455| [82895] Oracle MySQL and MariaDB geometry queries denial of service
18456| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
18457| [81325] Oracle MySQL Server Server Privileges denial of service
18458| [81324] Oracle MySQL Server Server Partition denial of service
18459| [81323] Oracle MySQL Server Server Optimizer denial of service
18460| [81322] Oracle MySQL Server Server Optimizer denial of service
18461| [81321] Oracle MySQL Server Server denial of service
18462| [81320] Oracle MySQL Server MyISAM denial of service
18463| [81319] Oracle MySQL Server InnoDB denial of service
18464| [81318] Oracle MySQL Server InnoDB denial of service
18465| [81317] Oracle MySQL Server Server Locking denial of service
18466| [81316] Oracle MySQL Server Server denial of service
18467| [81315] Oracle MySQL Server Server Replication unspecified
18468| [81314] Oracle MySQL Server Server Replication unspecified
18469| [81313] Oracle MySQL Server Stored Procedure denial of service
18470| [81312] Oracle MySQL Server Server Optimizer denial of service
18471| [81311] Oracle MySQL Server Information Schema denial of service
18472| [81310] Oracle MySQL Server GIS Extension denial of service
18473| [80790] Oracle MySQL yaSSL buffer overflow
18474| [80553] Oracle MySQL and MariaDB salt security bypass
18475| [80443] Oracle MySQL Server unspecified code execution
18476| [80442] Oracle MySQL Server acl_get() buffer overflow
18477| [80440] Oracle MySQL Server table buffer overflow
18478| [80435] Oracle MySQL Server database privilege escalation
18479| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
18480| [80433] Oracle MySQL Server Stuxnet privilege escalation
18481| [80432] Oracle MySQL Server authentication information disclosure
18482| [79394] Oracle MySQL Server Server Installation information disclosure
18483| [79393] Oracle MySQL Server Server Replication denial of service
18484| [79392] Oracle MySQL Server Server Full Text Search denial of service
18485| [79391] Oracle MySQL Server Server denial of service
18486| [79390] Oracle MySQL Server Client information disclosure
18487| [79389] Oracle MySQL Server Server Optimizer denial of service
18488| [79388] Oracle MySQL Server Server Optimizer denial of service
18489| [79387] Oracle MySQL Server Server denial of service
18490| [79386] Oracle MySQL Server InnoDB Plugin denial of service
18491| [79385] Oracle MySQL Server InnoDB denial of service
18492| [79384] Oracle MySQL Server Client unspecified
18493| [79383] Oracle MySQL Server Server denial of service
18494| [79382] Oracle MySQL Server Protocol unspecified
18495| [79381] Oracle MySQL Server Information Schema unspecified
18496| [78954] SilverStripe MySQLDatabase.php information disclosure
18497| [78948] MySQL MyISAM table symlink
18498| [77865] MySQL unknown vuln
18499| [77864] MySQL sort order denial of service
18500| [77768] MySQLDumper refresh_dblist.php information disclosure
18501| [77177] MySQL Squid Access Report unspecified cross-site scripting
18502| [77065] Oracle MySQL Server Optimizer denial of service
18503| [77064] Oracle MySQL Server Optimizer denial of service
18504| [77063] Oracle MySQL Server denial of service
18505| [77062] Oracle MySQL InnoDB denial of service
18506| [77061] Oracle MySQL GIS Extension denial of service
18507| [77060] Oracle MySQL Server Optimizer denial of service
18508| [76189] MySQL unspecified error
18509| [76188] MySQL attempts security bypass
18510| [75287] MySQLDumper restore.php information disclosure
18511| [75286] MySQLDumper filemanagement.php directory traversal
18512| [75285] MySQLDumper main.php cross-site request forgery
18513| [75284] MySQLDumper install.php cross-site scripting
18514| [75283] MySQLDumper install.php file include
18515| [75282] MySQLDumper menu.php code execution
18516| [75022] Oracle MySQL Server Server Optimizer denial of service
18517| [75021] Oracle MySQL Server Server Optimizer denial of service
18518| [75020] Oracle MySQL Server Server DML denial of service
18519| [75019] Oracle MySQL Server Partition denial of service
18520| [75018] Oracle MySQL Server MyISAM denial of service
18521| [75017] Oracle MySQL Server Server Optimizer denial of service
18522| [74672] Oracle MySQL Server multiple unspecified
18523| [73092] MySQL unspecified code execution
18524| [72540] Oracle MySQL Server denial of service
18525| [72539] Oracle MySQL Server unspecified
18526| [72538] Oracle MySQL Server denial of service
18527| [72537] Oracle MySQL Server denial of service
18528| [72536] Oracle MySQL Server unspecified
18529| [72535] Oracle MySQL Server denial of service
18530| [72534] Oracle MySQL Server denial of service
18531| [72533] Oracle MySQL Server denial of service
18532| [72532] Oracle MySQL Server denial of service
18533| [72531] Oracle MySQL Server denial of service
18534| [72530] Oracle MySQL Server denial of service
18535| [72529] Oracle MySQL Server denial of service
18536| [72528] Oracle MySQL Server denial of service
18537| [72527] Oracle MySQL Server denial of service
18538| [72526] Oracle MySQL Server denial of service
18539| [72525] Oracle MySQL Server information disclosure
18540| [72524] Oracle MySQL Server denial of service
18541| [72523] Oracle MySQL Server denial of service
18542| [72522] Oracle MySQL Server denial of service
18543| [72521] Oracle MySQL Server denial of service
18544| [72520] Oracle MySQL Server denial of service
18545| [72519] Oracle MySQL Server denial of service
18546| [72518] Oracle MySQL Server unspecified
18547| [72517] Oracle MySQL Server unspecified
18548| [72516] Oracle MySQL Server unspecified
18549| [72515] Oracle MySQL Server denial of service
18550| [72514] Oracle MySQL Server unspecified
18551| [71965] MySQL port denial of service
18552| [70680] DBD::mysqlPP unspecified SQL injection
18553| [70370] TaskFreak! multi-mysql unspecified path disclosure
18554| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
18555| [68294] MySQLDriverCS statement.cs sql injection
18556| [68175] Prosody MySQL denial of service
18557| [67539] Zend Framework MySQL PDO security bypass
18558| [67254] DirectAdmin MySQL information disclosure
18559| [66567] Xoops mysql.sql information disclosure
18560| [65871] PyWebDAV MySQLAuthHandler class SQL injection
18561| [65543] MySQL Select Arbitrary data into a File
18562| [65529] MySQL Eventum full_name field cross-site scripting
18563| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
18564| [65379] Oracle MySQL Eventum list.php cross-site scripting
18565| [65266] Accellion File Transfer Appliance MySQL default password
18566| [64878] MySQL Geometry denial of service
18567| [64877] MySQL EXPLAIN EXTENDED denial of service
18568| [64876] MySQL prepared statement denial of service
18569| [64845] MySQL extreme-value denial of service
18570| [64844] MySQL Gis_line_string::init_from_wkb denial of service
18571| [64843] MySQL user-variable denial of service
18572| [64842] MySQL view preparation denial of service
18573| [64841] MySQL prepared statement denial of service
18574| [64840] MySQL LONGBLOB denial of service
18575| [64839] MySQL invocations denial of service
18576| [64838] MySQL Gis_line_string::init_from_wkb denial of service
18577| [64689] MySQL dict0crea.c denial of service
18578| [64688] MySQL SET column denial of service
18579| [64687] MySQL BINLOG command denial of service
18580| [64686] MySQL InnoDB denial of service
18581| [64685] MySQL HANDLER interface denial of service
18582| [64684] MySQL Item_singlerow_subselect::store denial of service
18583| [64683] MySQL OK packet denial of service
18584| [63518] MySQL Query Browser GUI Tools information disclosure
18585| [63517] MySQL Administrator GUI Tools information disclosure
18586| [62272] MySQL PolyFromWKB() denial of service
18587| [62269] MySQL LIKE predicates denial of service
18588| [62268] MySQL joins denial of service
18589| [62267] MySQL GREATEST() or LEAST() denial of service
18590| [62266] MySQL GROUP_CONCAT() denial of service
18591| [62265] MySQL expression values denial of service
18592| [62264] MySQL temporary table denial of service
18593| [62263] MySQL LEAST() or GREATEST() denial of service
18594| [62262] MySQL replication privilege escalation
18595| [61739] MySQL WITH ROLLUP denial of service
18596| [61343] MySQL LOAD DATA INFILE denial of service
18597| [61342] MySQL EXPLAIN denial of service
18598| [61341] MySQL HANDLER denial of service
18599| [61340] MySQL BINLOG denial of service
18600| [61339] MySQL IN() or CASE denial of service
18601| [61338] MySQL SET denial of service
18602| [61337] MySQL DDL denial of service
18603| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
18604| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
18605| [61316] PHP php_mysqlnd_auth_write buffer overflow
18606| [61274] MySQL TEMPORARY InnoDB denial of service
18607| [59905] MySQL ALTER DATABASE denial of service
18608| [59841] CMySQLite updateUser.php cross-site request forgery
18609| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
18610| [59075] PHP php_mysqlnd_auth_write() buffer overflow
18611| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
18612| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
18613| [59072] PHP php_mysqlnd_ok_read() information disclosure
18614| [58842] MySQL DROP TABLE file deletion
18615| [58676] Template Shares MySQL information disclosure
18616| [58531] MySQL COM_FIELD_LIST buffer overflow
18617| [58530] MySQL packet denial of service
18618| [58529] MySQL COM_FIELD_LIST security bypass
18619| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
18620| [57925] MySQL UNINSTALL PLUGIN security bypass
18621| [57006] Quicksilver Forums mysqldump information disclosure
18622| [56800] Employee Timeclock Software mysqldump information disclosure
18623| [56200] Flex MySQL Connector ActionScript SQL injection
18624| [55877] MySQL yaSSL buffer overflow
18625| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
18626| [55416] MySQL unspecified buffer overflow
18627| [55382] Ublog UblogMySQL.sql information disclosure
18628| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
18629| [54597] MySQL sql_table.cc security bypass
18630| [54596] MySQL mysqld denial of service
18631| [54365] MySQL OpenSSL security bypass
18632| [54364] MySQL MyISAM table symlink
18633| [53950] The mysql-ocaml mysql_real_escape_string weak security
18634| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
18635| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
18636| [52660] iScouter PHP Web Portal MySQL Password Retrieval
18637| [52220] aa33code mysql.inc information disclosure
18638| [52122] MySQL Connector/J unicode SQL injection
18639| [51614] MySQL dispatch_command() denial of service
18640| [51406] MySQL Connector/NET SSL spoofing
18641| [49202] MySQL UDF command execution
18642| [49050] MySQL XPath denial of service
18643| [48919] Cisco Application Networking Manager MySQL default account password
18644| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
18645| [47544] MySQL Calendar index.php SQL injection
18646| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
18647| [45649] MySQL MyISAM symlink security bypass
18648| [45648] MySQL MyISAM symlinks security bypass
18649| [45607] MySQL Quick Admin actions.php file include
18650| [45606] MySQL Quick Admin index.php file include
18651| [45590] MySQL command-line client cross-site scripting
18652| [45436] PromoteWeb MySQL go.php SQL injection
18653| [45042] MySQL empty bit-string literal denial of service
18654| [44662] mysql-lists unspecified cross-site scripting
18655| [42267] MySQL MyISAM security bypass
18656| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
18657| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
18658| [40920] MySQL sql_select.cc denial of service
18659| [40734] MySQL Server BINLOG privilege escalation
18660| [40350] MySQL password information disclosure
18661| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
18662| [39402] PHP LOCAL INFILE and MySQL extension security bypass
18663| [38999] aurora framework db_mysql.lib SQL injection
18664| [38990] MySQL federated engine denial of service
18665| [38989] MySQL DEFINER value privilege escalation
18666| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
18667| [38964] MySQL RENAME TABLE symlink
18668| [38733] ManageEngine EventLog Analyzer MySQL default password
18669| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
18670| [38189] MySQL default root password
18671| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
18672| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
18673| [36555] PHP MySQL extension multiple functions security bypass
18674| [35960] MySQL view privilege escalation
18675| [35959] MySQL CREATE TABLE LIKE information disclosure
18676| [35958] MySQL connection protocol denial of service
18677| [35291] MySQLDumper main.php security bypass
18678| [34811] MySQL udf_init and mysql_create_function command execution
18679| [34809] MySQL mysql_update privilege escalation
18680| [34349] MySQL ALTER information disclosure
18681| [34348] MySQL mysql_change_db privilege escalation
18682| [34347] MySQL RENAME TABLE weak security
18683| [34232] MySQL IF clause denial of service
18684| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
18685| [33285] Eve-Nuke mysql.php file include
18686| [32957] MySQL Commander dbopen.php file include
18687| [32933] cPanel load_language.php and mysqlconfig.php file include
18688| [32911] MySQL filesort function denial of service
18689| [32462] cPanel passwdmysql cross-site scripting
18690| [32288] RHSA-2006:0544 updates for mysql not installed
18691| [32266] MySQLNewsEngine affichearticles.php3 file include
18692| [31244] The Address Book MySQL export.php password information disclosure
18693| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
18694| [30760] BTSaveMySql URL file disclosure
18695| [30191] StoryStream mysql.php and mysqli.php file include
18696| [30085] MySQL MS-DOS device name denial of service
18697| [30031] Agora MysqlfinderAdmin.php file include
18698| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
18699| [29179] paBugs class.mysql.php file include
18700| [29120] ZoomStats MySQL file include
18701| [28448] MySQL case sensitive database name privilege escalation
18702| [28442] MySQL GRANT EXECUTE privilege escalation
18703| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
18704| [28202] MySQL multiupdate subselect query denial of service
18705| [28180] MySQL MERGE table security bypass
18706| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
18707| [27995] Opsware Network Automation System MySQL plaintext password
18708| [27904] MySQL date_format() format string
18709| [27635] MySQL Instance Manager denial of service
18710| [27212] MySQL SELECT str_to_date denial of service
18711| [26875] MySQL ASCII escaping SQL injection
18712| [26420] Apple Mac OS X MySQL Manager blank password
18713| [26236] MySQL login packet information disclosure
18714| [26232] MySQL COM_TABLE_DUMP buffer overflow
18715| [26228] MySQL sql_parce.cc information disclosure
18716| [26042] MySQL running
18717| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
18718| [24966] MySQL mysql_real_query logging bypass
18719| [24653] PAM-MySQL logging function denial of service
18720| [24652] PAM-MySQL authentication double free code execution
18721| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
18722| [24095] PHP ext/mysqli exception handling format string
18723| [23990] PHP mysql_connect() buffer overflow
18724| [23596] MySQL Auction search module could allow cross-site scripting
18725| [22642] RHSA-2005:334 updates for mysql not installed
18726| [21757] MySQL UDF library functions command execution
18727| [21756] MySQL LoadLibraryEx function denial of service
18728| [21738] MySQL UDF mysql_create_function function directory traversal
18729| [21737] MySQL user defined function buffer overflow
18730| [21640] MySQL Eventum multiple class SQL injection
18731| [21638] MySQL Eventum multiple scripts cross-site scripting
18732| [20984] xmysqladmin temporary file symlink
18733| [20656] MySQL mysql_install_db script symlink
18734| [20333] Plans MySQL password information disclosure
18735| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
18736| [19658] MySQL udf_init function gain access
18737| [19576] auraCMS mysql_fetch_row function path disclosure
18738| [18922] MySQL mysqlaccess script symlink attack
18739| [18824] MySQL UDF root privileges
18740| [18464] mysql_auth unspecified vulnerability
18741| [18449] Sugar Sales plaintext MySQL password
18742| [17783] MySQL underscore allows elevated privileges
18743| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
18744| [17667] MySQL UNION change denial of service
18745| [17666] MySQL ALTER TABLE RENAME bypass restriction
18746| [17493] MySQL libmysqlclient bulk inserts buffer overflow
18747| [17462] MySQLGuest AWSguest.php script cross-site scripting
18748| [17047] MySQL mysql_real_connect buffer overflow
18749| [17030] MySQL mysqlhotcopy insecure temporary file
18750| [16612] MySQL my_rnd buffer overflow
18751| [16604] MySQL check_scramble_323 function allows unauthorized access
18752| [15883] MySQL mysqld_multi script symlink attack
18753| [15617] MySQL mysqlbug script symlink attack
18754| [15417] Confixx db_mysql_loeschen2.php SQL injection
18755| [15280] Proofpoint Protection Server MySQL allows unauthorized access
18756| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
18757| [13153] MySQL long password buffer overflow
18758| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
18759| [12540] Teapop PostSQL and MySQL modules SQL injection
18760| [12337] MySQL mysql_real_connect function buffer overflow
18761| [11510] MySQL datadir/my.cnf modification could allow root privileges
18762| [11493] mysqlcc configuration and connection files are world writable
18763| [11340] SuckBot mod_mysql_logger denial of service
18764| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
18765| [10850] MySQL libmysql client read_one_row buffer overflow
18766| [10849] MySQL libmysql client read_rows buffer overflow
18767| [10848] MySQL COM_CHANGE_USER password buffer overflow
18768| [10847] MySQL COM_CHANGE_USER command password authentication bypass
18769| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
18770| [10483] Bugzilla stores passwords in plain text in the MySQL database
18771| [10455] gBook MySQL could allow administrative access
18772| [10243] MySQL my.ini "
18773| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
18774| [9909] MySQL logging disabled by default on Windows
18775| [9908] MySQL binding to the loopback adapter is disabled
18776| [9902] MySQL default root password could allow unauthorized access
18777| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
18778| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
18779| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
18780| [7206] WinMySQLadmin stores MySQL password in plain text
18781| [6617] MySQL "
18782| [6419] MySQL drop database command buffer overflow
18783| [6418] MySQL libmysqlclient.so buffer overflow
18784| [5969] MySQL select buffer overflow
18785| [5447] pam_mysql authentication input
18786| [5409] MySQL authentication algorithm obtain password hash
18787| [5057] PCCS MySQL Database Admin Tool could reveal username and password
18788| [4228] MySQL unauthenticated remote access
18789| [3849] MySQL default test account could allow any user to connect to the database
18790| [1568] MySQL creates readable log files
18791|
18792| Exploit-DB - https://www.exploit-db.com:
18793| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
18794| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
18795| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
18796| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
18797| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
18798| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
18799| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
18800| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
18801| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
18802| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
18803| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
18804| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
18805| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
18806|
18807| OpenVAS (Nessus) - http://www.openvas.org:
18808| [53251] Debian Security Advisory DSA 562-1 (mysql)
18809| [53230] Debian Security Advisory DSA 540-1 (mysql)
18810|
18811| SecurityTracker - https://www.securitytracker.com:
18812| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
18813| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
18814| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
18815| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
18816| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
18817| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
18818| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
18819| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
18820| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
18821| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
18822| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
18823| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
18824| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
18825| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
18826| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
18827| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
18828| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
18829| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
18830| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
18831| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
18832| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
18833| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
18834| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
18835| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
18836| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
18837| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
18838| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
18839| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
18840| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
18841| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
18842| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
18843| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
18844| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
18845| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
18846| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
18847| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
18848| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
18849| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
18850| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
18851| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
18852| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
18853| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
18854| [1016790] MySQL Replication Error Lets Local Users Deny Service
18855| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
18856| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
18857| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
18858| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
18859| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
18860| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
18861| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
18862| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
18863| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
18864| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
18865| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
18866| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
18867| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
18868| [1014172] xMySQLadmin Lets Local Users Delete Files
18869| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
18870| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
18871| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
18872| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
18873| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
18874| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
18875| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
18876| [1012500] mysql_auth Memory Leak Has Unspecified Impact
18877| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
18878| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
18879| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
18880| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
18881| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
18882| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
18883| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
18884| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
18885| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
18886| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
18887| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
18888| [1007518] DWebPro Discloses MySQL Database Password to Local Users
18889| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
18890| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
18891| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
18892| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
18893| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
18894| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
18895| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
18896| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
18897| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
18898| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
18899| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
18900| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
18901| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
18902|
18903| OSVDB - http://www.osvdb.org:
18904| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
18905| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
18906| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18907| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
18908| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
18909| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
18910| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
18911| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
18912| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
18913| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
18914| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
18915| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18916| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
18917| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
18918| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
18919| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
18920| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
18921| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
18922| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
18923| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
18924| [93174] MySQL Crafted Derived Table Handling DoS
18925| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
18926| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
18927| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
18928| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
18929| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
18930| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
18931| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
18932| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
18933| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
18934| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
18935| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
18936| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
18937| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
18938| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
18939| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
18940| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
18941| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
18942| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
18943| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
18944| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
18945| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
18946| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
18947| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
18948| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
18949| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
18950| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
18951| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
18952| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
18953| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
18954| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
18955| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
18956| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
18957| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
18958| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
18959| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
18960| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
18961| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
18962| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
18963| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
18964| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
18965| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
18966| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
18967| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
18968| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
18969| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
18970| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
18971| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
18972| [89042] ViciBox Server MySQL cron Service Default Credentials
18973| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
18974| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
18975| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
18976| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
18977| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
18978| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
18979| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
18980| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
18981| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
18982| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
18983| [87480] MySQL Malformed XML Comment Handling DoS
18984| [87466] MySQL SSL Certificate Revocation Weakness
18985| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
18986| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
18987| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
18988| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
18989| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
18990| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
18991| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
18992| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
18993| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
18994| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
18995| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
18996| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
18997| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
18998| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
18999| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
19000| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
19001| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
19002| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
19003| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
19004| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
19005| [84719] MySQLDumper index.php page Parameter XSS
19006| [84680] MySQL Squid Access Report access.log File Path XSS
19007| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
19008| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
19009| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
19010| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
19011| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
19012| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
19013| [83661] Oracle MySQL Unspecified Issue (59533)
19014| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
19015| [82803] Oracle MySQL Unspecified Issue (59387)
19016| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
19017| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
19018| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
19019| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
19020| [81614] MySQLDumper File Upload PHP Code Execution
19021| [81613] MySQLDumper main.php Multiple Function CSRF
19022| [81612] MySQLDumper restore.php filename Parameter XSS
19023| [81611] MySQLDumper sql.php Multiple Parameter XSS
19024| [81610] MySQLDumper install.php Multiple Parameter XSS
19025| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
19026| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
19027| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
19028| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
19029| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
19030| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
19031| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
19032| [81059] Oracle MySQL Server Multiple Unspecified Issues
19033| [79038] Webmin Process Listing MySQL Password Local Disclosure
19034| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
19035| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
19036| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
19037| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
19038| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
19039| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
19040| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
19041| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
19042| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
19043| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
19044| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
19045| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
19046| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
19047| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
19048| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
19049| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
19050| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
19051| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
19052| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
19053| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
19054| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
19055| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
19056| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
19057| [78375] Oracle MySQL Server Unspecified Local DoS
19058| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
19059| [78373] Oracle MySQL Server Unspecified Local Issue
19060| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
19061| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
19062| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
19063| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
19064| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
19065| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
19066| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
19067| [77040] DBD::mysqlPP Unspecified SQL Injection
19068| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
19069| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
19070| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
19071| [73387] Zend Framework PDO_MySql Character Set Security Bypass
19072| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
19073| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
19074| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
19075| [71368] Accellion File Transfer Appliance Weak MySQL root Password
19076| [70967] MySQL Eventum Admin User Creation CSRF
19077| [70966] MySQL Eventum preferences.php full_name Parameter XSS
19078| [70961] MySQL Eventum list.php Multiple Parameter XSS
19079| [70960] MySQL Eventum forgot_password.php URI XSS
19080| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
19081| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
19082| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
19083| [69395] MySQL Derived Table Grouping DoS
19084| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
19085| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
19086| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
19087| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
19088| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
19089| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
19090| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
19091| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
19092| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
19093| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
19094| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
19095| [68996] MySQL EXPLAIN EXTENDED Statement DoS
19096| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
19097| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
19098| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
19099| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
19100| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
19101| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
19102| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
19103| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
19104| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
19105| [67381] MySQL InnoDB Temporary Table Handling DoS
19106| [67380] MySQL BINLOG Statement Unspecified Argument DoS
19107| [67379] MySQL Multiple Operation NULL Argument Handling DoS
19108| [67378] MySQL Unique SET Column Join Statement Remote DoS
19109| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
19110| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
19111| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
19112| [66731] PHP Bundled MySQL Library Unspecified Issue
19113| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
19114| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
19115| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
19116| [65085] MySQL Enterprise Monitor Unspecified CSRF
19117| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
19118| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
19119| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
19120| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
19121| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
19122| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
19123| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
19124| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
19125| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
19126| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
19127| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
19128| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
19129| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
19130| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
19131| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
19132| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
19133| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
19134| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
19135| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
19136| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
19137| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
19138| [59907] MySQL on Windows bind-address Remote Connection Weakness
19139| [59906] MySQL on Windows Default Configuration Logging Weakness
19140| [59616] MySQL Hashed Password Weakness
19141| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
19142| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
19143| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
19144| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
19145| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
19146| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
19147| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
19148| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
19149| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
19150| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
19151| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
19152| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
19153| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
19154| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
19155| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
19156| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
19157| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
19158| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
19159| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
19160| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
19161| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
19162| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
19163| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
19164| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
19165| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
19166| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
19167| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
19168| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
19169| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
19170| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
19171| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
19172| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
19173| [52464] MySQL charset Column Truncation Weakness
19174| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
19175| [52378] Cisco ANM MySQL root Account Default Password
19176| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
19177| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
19178| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
19179| [50892] MySQL Calendar index.php username Parameter SQL Injection
19180| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
19181| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
19182| [48710] MySQL Command Line Client HTML Output XSS
19183| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
19184| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
19185| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
19186| [47789] mysql-lists Unspecified XSS
19187| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
19188| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
19189| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
19190| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
19191| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
19192| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
19193| [43179] MySQL Server BINLOG Statement Rights Checking Failure
19194| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
19195| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
19196| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
19197| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
19198| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
19199| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
19200| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
19201| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
19202| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
19203| [39279] PHP mysql_error() Function XSS
19204| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
19205| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
19206| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
19207| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
19208| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
19209| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
19210| [37782] MySQL Community Server External Table View Privilege Escalation
19211| [37781] MySQL ALTER TABLE Information Disclosure
19212| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
19213| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
19214| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
19215| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
19216| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
19217| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
19218| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
19219| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
19220| [36251] Associated Press (AP) Newspower Default MySQL root Password
19221| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
19222| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
19223| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
19224| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
19225| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
19226| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
19227| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
19228| [33974] MySQL information_schema Table Subselect Single-Row DoS
19229| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
19230| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
19231| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
19232| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
19233| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
19234| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
19235| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
19236| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
19237| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
19238| [32056] BTSaveMySql Direct Request Config File Disclosure
19239| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
19240| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
19241| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
19242| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
19243| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
19244| [29696] MySQLDumper sql.php db Parameter XSS
19245| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
19246| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
19247| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
19248| [28288] MySQL Instance_options::complete_initialization Function Overflow
19249| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
19250| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
19251| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
19252| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
19253| [28012] MySQL Case Sensitivity Unauthorized Database Creation
19254| [27919] MySQL VIEW Access information_schema.views Information Disclosure
19255| [27703] MySQL MERGE Table Privilege Persistence
19256| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
19257| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
19258| [27416] MySQL Server time.cc date_format Function Format String
19259| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
19260| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
19261| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
19262| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
19263| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
19264| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
19265| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
19266| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
19267| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
19268| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
19269| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
19270| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
19271| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
19272| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
19273| [25595] Apple Mac OS X MySQL Manager Blank root Password
19274| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
19275| [25227] MySQL COM_TABLE_DUMP Packet Overflow
19276| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
19277| [24245] Cholod Mysql Based Message Board Unspecified XSS
19278| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
19279| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
19280| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
19281| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
19282| [23526] MySQL Query NULL Charcter Logging Bypass
19283| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
19284| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
19285| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
19286| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
19287| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
19288| [22479] PHP mysqli Extension Error Message Format String
19289| [22232] PHP Pipe Variable mysql_connect() Function Overflow
19290| [21685] MySQL Auction Search Module keyword XSS
19291| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
19292| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
19293| [19457] aMember Pro mysql.inc.php Remote File Inclusion
19294| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
19295| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
19296| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
19297| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
19298| [18896] MySQL User-Defined Function init_syms() Function Overflow
19299| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
19300| [18894] MySQL drop database Request Remote Overflow
19301| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
19302| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
19303| [18406] MySQL Eventum releases.php SQL Injection
19304| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
19305| [18404] MySQL Eventum custom_fields.php SQL Injection
19306| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
19307| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
19308| [18401] MySQL Eventum list.php release Parameter XSS
19309| [18400] MySQL Eventum view.php id Parameter XSS
19310| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
19311| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
19312| [17223] xMySQLadmin Symlink Arbitrary File Deletion
19313| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
19314| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
19315| [16056] Plans Unspecified mySQL Remote Password Disclosure
19316| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
19317| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
19318| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
19319| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
19320| [14748] MySQL MS-DOS Device Names Request DoS
19321| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
19322| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
19323| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
19324| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
19325| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
19326| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
19327| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
19328| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
19329| [12919] MySQL MaxDB WebAgent websql Remote Overflow
19330| [12779] MySQL User Defined Function Privilege Escalation
19331| [12609] MySQL Eventum projects.php Multiple Parameter XSS
19332| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
19333| [12607] MySQL Eventum forgot_password.php email Parameter XSS
19334| [12606] MySQL Eventum index.php email Parameter XSS
19335| [12605] MySQL Eventum Default Vendor Account
19336| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
19337| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
19338| [11689] Roxen Web Server MySQL Socket Permission Weakness
19339| [10985] MySQL MATCH..AGAINST Query DoS
19340| [10959] MySQL GRANT ALL ON Privilege Escalation
19341| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
19342| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
19343| [10658] MySQL mysql_real_connect() Function Remote Overflow
19344| [10532] MySQL MaxDB webdbm Server Field DoS
19345| [10491] AWS MySQLguest AWSguest.php Script Insertion
19346| [10244] MySQL libmysqlclient Prepared Statements API Overflow
19347| [10226] MySQLGuest AWSguest.php Multiple Field XSS
19348| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
19349| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
19350| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
19351| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
19352| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
19353| [9907] MySQL SELECT Statement String Handling Overflow
19354| [9906] MySQL GRANT Privilege Arbitrary Password Modification
19355| [9509] teapop MySQL Authentication Module SQL Injection
19356| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
19357| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
19358| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
19359| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
19360| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
19361| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
19362| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
19363| [8886] MySQL libmysqlclient Library read_one_row Overflow
19364| [8885] MySQL libmysqlclient Library read_rows Overflow
19365| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
19366| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
19367| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
19368| [7128] MySQL show database Database Name Exposure
19369| [6716] MySQL Database Engine Weak Authentication Information Disclosure
19370| [6605] MySQL mysqld Readable Log File Information Disclosure
19371| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
19372| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
19373| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
19374| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
19375| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
19376| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
19377| [520] MySQL Database Name Traversal Arbitrary File Modification
19378| [380] MySQL Server on Windows Default Null Root Password
19379| [261] MySQL Short Check String Authentication Bypass
19380|_
19381Service Info: Host: hiram04.glofal.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
19382######################################################################################################################################
19383[+] URL: https://www.glofal.com/
19384[+] Started: Fri Feb 21 11:29:28 2020
19385
19386Interesting Finding(s):
19387
19388[+] https://www.glofal.com/
19389 | Interesting Entries:
19390 | - Server: Apache
19391 | - X-UA-Compatible: IE=edge,chrome=1
19392 | Found By: Headers (Passive Detection)
19393 | Confidence: 100%
19394
19395[+] https://www.glofal.com/robots.txt
19396 | Found By: Robots Txt (Aggressive Detection)
19397 | Confidence: 100%
19398
19399[+] https://www.glofal.com/xmlrpc.php
19400 | Found By: Direct Access (Aggressive Detection)
19401 | Confidence: 100%
19402 | References:
19403 | - http://codex.wordpress.org/XML-RPC_Pingback_API
19404 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
19405 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
19406 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
19407 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
19408
19409[+] https://www.glofal.com/readme.html
19410 | Found By: Direct Access (Aggressive Detection)
19411 | Confidence: 100%
19412
19413[+] Upload directory has listing enabled: https://www.glofal.com/wp-content/uploads/
19414 | Found By: Direct Access (Aggressive Detection)
19415 | Confidence: 100%
19416
19417[+] https://www.glofal.com/wp-cron.php
19418 | Found By: Direct Access (Aggressive Detection)
19419 | Confidence: 60%
19420 | References:
19421 | - https://www.iplocation.net/defend-wordpress-from-ddos
19422 | - https://github.com/wpscanteam/wpscan/issues/1299
19423
19424[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
19425 | Found By: Rss Generator (Passive Detection)
19426 | - https://www.glofal.com/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
19427 | - https://www.glofal.com/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
19428
19429[+] WordPress theme in use: everything
19430 | Location: https://www.glofal.com/wp-content/themes/everything/
19431 | Style URL: https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2
19432 | Style Name: Everything
19433 | Style URI: https://themes.webberwebber.com/everything/
19434 | Description: Everything is a responsive, Retina-ready, premium WordPress theme....
19435 | Author: Webber & Webber
19436 | Author URI: https://webberwebber.com/
19437 |
19438 | Found By: Css Style In Homepage (Passive Detection)
19439 | Confirmed By: Css Style In 404 Page (Passive Detection)
19440 |
19441 | Version: 4.8 (80% confidence)
19442 | Found By: Style (Passive Detection)
19443 | - https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2, Match: 'Version: 4.8'
19444
19445[+] Enumerating All Plugins (via Passive Methods)
19446[+] Checking Plugin Versions (via Passive and Aggressive Methods)
19447
19448[i] Plugin(s) Identified:
19449
19450[+] captcha
19451 | Location: https://www.glofal.com/wp-content/plugins/captcha/
19452 | Latest Version: 4.4.4 (up to date)
19453 | Last Updated: 2017-12-06T14:51:00.000Z
19454 |
19455 | Found By: Urls In Homepage (Passive Detection)
19456 | Confirmed By: Urls In 404 Page (Passive Detection)
19457 |
19458 | Version: 4.4.5 (100% confidence)
19459 | Found By: Query Parameter (Passive Detection)
19460 | - https://www.glofal.com/wp-content/plugins/captcha/css/front_end_style.css?ver=4.4.5
19461 | - https://www.glofal.com/wp-content/plugins/captcha/css/desktop_style.css?ver=4.4.5
19462 | Confirmed By:
19463 | Readme - Stable Tag (Aggressive Detection)
19464 | - https://www.glofal.com/wp-content/plugins/captcha/readme.txt
19465 | Readme - ChangeLog Section (Aggressive Detection)
19466 | - https://www.glofal.com/wp-content/plugins/captcha/readme.txt
19467
19468[+] contact-form-7
19469 | Location: https://www.glofal.com/wp-content/plugins/contact-form-7/
19470 | Latest Version: 5.1.6 (up to date)
19471 | Last Updated: 2019-11-30T13:01:00.000Z
19472 |
19473 | Found By: Urls In Homepage (Passive Detection)
19474 | Confirmed By: Urls In 404 Page (Passive Detection)
19475 |
19476 | Version: 5.1.6 (100% confidence)
19477 | Found By: Query Parameter (Passive Detection)
19478 | - https://www.glofal.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6
19479 | - https://www.glofal.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
19480 | Confirmed By:
19481 | Readme - Stable Tag (Aggressive Detection)
19482 | - https://www.glofal.com/wp-content/plugins/contact-form-7/readme.txt
19483 | Readme - ChangeLog Section (Aggressive Detection)
19484 | - https://www.glofal.com/wp-content/plugins/contact-form-7/readme.txt
19485
19486[+] LayerSlider
19487 | Location: https://www.glofal.com/wp-content/plugins/LayerSlider/
19488 |
19489 | Found By: Urls In Homepage (Passive Detection)
19490 | Confirmed By:
19491 | Urls In 404 Page (Passive Detection)
19492 | Meta Generator (Passive Detection)
19493 |
19494 | Version: 6.7.6 (70% confidence)
19495 | Found By: Query Parameter (Passive Detection)
19496 | - https://www.glofal.com/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.7.6
19497 | Confirmed By: Meta Generator (Passive Detection)
19498 | - https://www.glofal.com/, Match: 'Powered by LayerSlider 6.7.6 -'
19499
19500[+] masterslider
19501 | Location: https://www.glofal.com/wp-content/plugins/masterslider/
19502 |
19503 | Found By: Urls In Homepage (Passive Detection)
19504 | Confirmed By: Urls In 404 Page (Passive Detection)
19505 |
19506 | Version: 3.2.14 (80% confidence)
19507 | Found By: Readme - Stable Tag (Aggressive Detection)
19508 | - https://www.glofal.com/wp-content/plugins/masterslider/README.txt
19509
19510[+] our-team-enhanced
19511 | Location: https://www.glofal.com/wp-content/plugins/our-team-enhanced/
19512 | Last Updated: 2018-08-10T16:15:00.000Z
19513 | [!] The version is out of date, the latest version is 4.4.2
19514 |
19515 | Found By: Urls In Homepage (Passive Detection)
19516 | Confirmed By: Urls In 404 Page (Passive Detection)
19517 |
19518 | Version: 2.41 (100% confidence)
19519 | Found By: Readme - Stable Tag (Aggressive Detection)
19520 | - https://www.glofal.com/wp-content/plugins/our-team-enhanced/readme.txt
19521 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
19522 | - https://www.glofal.com/wp-content/plugins/our-team-enhanced/readme.txt
19523
19524[+] revslider
19525 | Location: https://www.glofal.com/wp-content/plugins/revslider/
19526 |
19527 | Found By: Urls In Homepage (Passive Detection)
19528 | Confirmed By:
19529 | Urls In 404 Page (Passive Detection)
19530 | Meta Generator (Passive Detection)
19531 |
19532 | Version: 5.4.8.3 (100% confidence)
19533 | Found By: Meta Generator (Passive Detection)
19534 | - https://www.glofal.com/, Match: 'Powered by Slider Revolution 5.4.8.3'
19535 | Confirmed By:
19536 | Query Parameter (Passive Detection)
19537 | - https://www.glofal.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
19538 | - https://www.glofal.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
19539 | - https://www.glofal.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
19540 | Release Log (Aggressive Detection)
19541 | - https://www.glofal.com/wp-content/plugins/revslider/release_log.html, Match: 'Version 5.4.8.3 StarPath (26th February 2019)'
19542
19543[+] smartcat_our_team
19544 | Location: https://www.glofal.com/wp-content/plugins/smartcat_our_team/
19545 |
19546 | Found By: Urls In Homepage (Passive Detection)
19547 | Confirmed By: Urls In 404 Page (Passive Detection)
19548 |
19549 | The version could not be determined.
19550
19551[+] testimonials-reviews-showcase
19552 | Location: https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/
19553 | Last Updated: 2015-09-22T05:29:00.000Z
19554 | [!] The version is out of date, the latest version is 1.2
19555 |
19556 | Found By: Urls In Homepage (Passive Detection)
19557 | Confirmed By: Urls In 404 Page (Passive Detection)
19558 |
19559 | Version: 1.1 (80% confidence)
19560 | Found By: Readme - Stable Tag (Aggressive Detection)
19561 | - https://www.glofal.com/wp-content/plugins/testimonials-reviews-showcase/readme.txt
19562
19563[+] woocommerce
19564 | Location: https://www.glofal.com/wp-content/plugins/woocommerce/
19565 | Latest Version: 3.9.2 (up to date)
19566 | Last Updated: 2020-02-13T16:59:00.000Z
19567 |
19568 | Found By: Meta Generator (Passive Detection)
19569 |
19570 | Version: 3.9.2 (100% confidence)
19571 | Found By: Meta Generator (Passive Detection)
19572 | - https://www.glofal.com/, Match: 'WooCommerce 3.9.2'
19573 | Confirmed By:
19574 | Readme - Stable Tag (Aggressive Detection)
19575 | - https://www.glofal.com/wp-content/plugins/woocommerce/readme.txt
19576 | Readme - ChangeLog Section (Aggressive Detection)
19577 | - https://www.glofal.com/wp-content/plugins/woocommerce/readme.txt
19578
19579[+] wp-google-map-plugin
19580 | Location: https://www.glofal.com/wp-content/plugins/wp-google-map-plugin/
19581 | Latest Version: 4.1.2 (up to date)
19582 | Last Updated: 2020-02-20T06:09:00.000Z
19583 |
19584 | Found By: Urls In Homepage (Passive Detection)
19585 | Confirmed By: Urls In 404 Page (Passive Detection)
19586 |
19587 | Version: 4.1.2 (50% confidence)
19588 | Found By: Readme - ChangeLog Section (Aggressive Detection)
19589 | - https://www.glofal.com/wp-content/plugins/wp-google-map-plugin/readme.txt
19590
19591[+] wp-user-manager
19592 | Location: https://www.glofal.com/wp-content/plugins/wp-user-manager/
19593 | Latest Version: 2.2.3 (up to date)
19594 | Last Updated: 2020-02-03T08:14:00.000Z
19595 |
19596 | Found By: Urls In Homepage (Passive Detection)
19597 | Confirmed By: Urls In 404 Page (Passive Detection)
19598 |
19599 | Version: 2.2.3 (100% confidence)
19600 | Found By: Query Parameter (Passive Detection)
19601 | - https://www.glofal.com/wp-content/plugins/wp-user-manager/assets/css/wpum.min.css?ver=2.2.3
19602 | Confirmed By:
19603 | Readme - Stable Tag (Aggressive Detection)
19604 | - https://www.glofal.com/wp-content/plugins/wp-user-manager/readme.txt
19605 | Readme - ChangeLog Section (Aggressive Detection)
19606 | - https://www.glofal.com/wp-content/plugins/wp-user-manager/readme.txt
19607
19608[+] wptables
19609 | Location: https://www.glofal.com/wp-content/plugins/wptables/
19610 | Latest Version: 1.3.9 (up to date)
19611 | Last Updated: 2018-02-11T12:01:00.000Z
19612 |
19613 | Found By: Urls In Homepage (Passive Detection)
19614 | Confirmed By: Urls In 404 Page (Passive Detection)
19615 |
19616 | Version: 1.3.9 (100% confidence)
19617 | Found By: Query Parameter (Passive Detection)
19618 | - https://www.glofal.com/wp-content/plugins/wptables/build/css/wptables.min.css?ver=1.3.9
19619 | - https://www.glofal.com/wp-content/plugins/wptables/build/js/wptables.min.js?ver=1.3.9
19620 | Confirmed By:
19621 | Readme - Stable Tag (Aggressive Detection)
19622 | - https://www.glofal.com/wp-content/plugins/wptables/README.txt
19623 | Readme - ChangeLog Section (Aggressive Detection)
19624 | - https://www.glofal.com/wp-content/plugins/wptables/README.txt
19625
19626[+] wpum-woocommerce
19627 | Location: https://www.glofal.com/wp-content/plugins/wpum-woocommerce/
19628 |
19629 | Found By: Urls In Homepage (Passive Detection)
19630 | Confirmed By: Urls In 404 Page (Passive Detection)
19631 |
19632 | Version: 1.0.2 (100% confidence)
19633 | Found By: Readme - Stable Tag (Aggressive Detection)
19634 | - https://www.glofal.com/wp-content/plugins/wpum-woocommerce/readme.txt
19635 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
19636 | - https://www.glofal.com/wp-content/plugins/wpum-woocommerce/readme.txt
19637
19638[+] Enumerating Config Backups (via Passive and Aggressive Methods)
19639 Checking Config Backups - Time: 00:00:05 <=============> (21 / 21) 100.00% Time: 00:00:05
19640
19641[i] No Config Backups Found.
19642
19643[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
19644[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
19645
19646[+] Finished: Fri Feb 21 11:30:17 2020
19647[+] Requests Done: 78
19648[+] Cached Requests: 24
19649[+] Data Sent: 16.107 KB
19650[+] Data Received: 517.933 KB
19651[+] Memory used: 180.805 MB
19652[+] Elapsed time: 00:00:48
19653######################################################################################################################################
19654[+] URL: https://www.glofal.com/
19655[+] Started: Fri Feb 21 11:29:21 2020
19656
19657Interesting Finding(s):
19658
19659[+] https://www.glofal.com/
19660 | Interesting Entries:
19661 | - Server: Apache
19662 | - X-UA-Compatible: IE=edge,chrome=1
19663 | Found By: Headers (Passive Detection)
19664 | Confidence: 100%
19665
19666[+] https://www.glofal.com/robots.txt
19667 | Found By: Robots Txt (Aggressive Detection)
19668 | Confidence: 100%
19669
19670[+] https://www.glofal.com/xmlrpc.php
19671 | Found By: Direct Access (Aggressive Detection)
19672 | Confidence: 100%
19673 | References:
19674 | - http://codex.wordpress.org/XML-RPC_Pingback_API
19675 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
19676 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
19677 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
19678 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
19679
19680[+] https://www.glofal.com/readme.html
19681 | Found By: Direct Access (Aggressive Detection)
19682 | Confidence: 100%
19683
19684[+] Upload directory has listing enabled: https://www.glofal.com/wp-content/uploads/
19685 | Found By: Direct Access (Aggressive Detection)
19686 | Confidence: 100%
19687
19688[+] https://www.glofal.com/wp-cron.php
19689 | Found By: Direct Access (Aggressive Detection)
19690 | Confidence: 60%
19691 | References:
19692 | - https://www.iplocation.net/defend-wordpress-from-ddos
19693 | - https://github.com/wpscanteam/wpscan/issues/1299
19694
19695[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
19696 | Found By: Rss Generator (Passive Detection)
19697 | - https://www.glofal.com/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
19698 | - https://www.glofal.com/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
19699
19700[+] WordPress theme in use: everything
19701 | Location: https://www.glofal.com/wp-content/themes/everything/
19702 | Style URL: https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2
19703 | Style Name: Everything
19704 | Style URI: https://themes.webberwebber.com/everything/
19705 | Description: Everything is a responsive, Retina-ready, premium WordPress theme....
19706 | Author: Webber & Webber
19707 | Author URI: https://webberwebber.com/
19708 |
19709 | Found By: Css Style In Homepage (Passive Detection)
19710 | Confirmed By: Css Style In 404 Page (Passive Detection)
19711 |
19712 | Version: 4.8 (80% confidence)
19713 | Found By: Style (Passive Detection)
19714 | - https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2, Match: 'Version: 4.8'
19715
19716[+] Enumerating Users (via Passive and Aggressive Methods)
19717 Brute Forcing Author IDs - Time: 00:00:12 <==> (10 / 10) 100.00% Time: 00:00:12
19718
19719[i] User(s) Identified:
19720
19721[+] Joel Bryant
19722 | Found By: Rss Generator (Passive Detection)
19723 | Confirmed By: Rss Generator (Aggressive Detection)
19724
19725[+] Ross Jackson
19726 | Found By: Rss Generator (Passive Detection)
19727 | Confirmed By: Rss Generator (Aggressive Detection)
19728
19729[+] joel
19730 | Found By: Wp Json Api (Aggressive Detection)
19731 | - https://www.glofal.com/wp-json/wp/v2/users/?per_page=100&page=1
19732 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19733
19734[+] ross
19735 | Found By: Wp Json Api (Aggressive Detection)
19736 | - https://www.glofal.com/wp-json/wp/v2/users/?per_page=100&page=1
19737 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19738
19739[+] webmaster
19740 | Found By: Wp Json Api (Aggressive Detection)
19741 | - https://www.glofal.com/wp-json/wp/v2/users/?per_page=100&page=1
19742 | Confirmed By:
19743 | Oembed API - Author URL (Aggressive Detection)
19744 | - https://www.glofal.com/wp-json/oembed/1.0/embed?url=https://www.glofal.com/&format=json
19745 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19746
19747[+] andrew
19748 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19749
19750[+] chris
19751 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19752
19753[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
19754[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
19755
19756[+] Finished: Fri Feb 21 11:30:12 2020
19757[+] Requests Done: 64
19758[+] Cached Requests: 8
19759[+] Data Sent: 13.426 KB
19760[+] Data Received: 10.833 MB
19761[+] Memory used: 177.113 MB
19762[+] Elapsed time: 00:00:50
19763#######################################################################################################################################
19764[+] URL: https://www.glofal.com/
19765[+] Started: Fri Feb 21 11:35:14 2020
19766
19767Interesting Finding(s):
19768
19769[+] https://www.glofal.com/
19770 | Interesting Entries:
19771 | - Server: Apache
19772 | - X-UA-Compatible: IE=edge,chrome=1
19773 | Found By: Headers (Passive Detection)
19774 | Confidence: 100%
19775
19776[+] https://www.glofal.com/robots.txt
19777 | Found By: Robots Txt (Aggressive Detection)
19778 | Confidence: 100%
19779
19780[+] https://www.glofal.com/xmlrpc.php
19781 | Found By: Direct Access (Aggressive Detection)
19782 | Confidence: 100%
19783 | References:
19784 | - http://codex.wordpress.org/XML-RPC_Pingback_API
19785 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
19786 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
19787 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
19788 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
19789
19790[+] https://www.glofal.com/readme.html
19791 | Found By: Direct Access (Aggressive Detection)
19792 | Confidence: 100%
19793
19794[+] Upload directory has listing enabled: https://www.glofal.com/wp-content/uploads/
19795 | Found By: Direct Access (Aggressive Detection)
19796 | Confidence: 100%
19797
19798[+] https://www.glofal.com/wp-cron.php
19799 | Found By: Direct Access (Aggressive Detection)
19800 | Confidence: 60%
19801 | References:
19802 | - https://www.iplocation.net/defend-wordpress-from-ddos
19803 | - https://github.com/wpscanteam/wpscan/issues/1299
19804
19805[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
19806 | Found By: Rss Generator (Passive Detection)
19807 | - https://www.glofal.com/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
19808 | - https://www.glofal.com/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
19809
19810[+] WordPress theme in use: everything
19811 | Location: https://www.glofal.com/wp-content/themes/everything/
19812 | Style URL: https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2
19813 | Style Name: Everything
19814 | Style URI: https://themes.webberwebber.com/everything/
19815 | Description: Everything is a responsive, Retina-ready, premium WordPress theme....
19816 | Author: Webber & Webber
19817 | Author URI: https://webberwebber.com/
19818 |
19819 | Found By: Css Style In Homepage (Passive Detection)
19820 | Confirmed By: Css Style In 404 Page (Passive Detection)
19821 |
19822 | Version: 4.8 (80% confidence)
19823 | Found By: Style (Passive Detection)
19824 | - https://www.glofal.com/wp-content/themes/everything/style.css?ver=5.3.2, Match: 'Version: 4.8'
19825
19826[+] Enumerating Users (via Passive and Aggressive Methods)
19827 Brute Forcing Author IDs - Time: 00:00:02 <============> (10 / 10) 100.00% Time: 00:00:02
19828
19829[i] User(s) Identified:
19830
19831[+] Joel Bryant
19832 | Found By: Rss Generator (Passive Detection)
19833 | Confirmed By: Rss Generator (Aggressive Detection)
19834
19835[+] Ross Jackson
19836 | Found By: Rss Generator (Passive Detection)
19837 | Confirmed By: Rss Generator (Aggressive Detection)
19838
19839[+] joel
19840 | Found By: Wp Json Api (Aggressive Detection)
19841 | - https://www.glofal.com/wp-json/wp/v2/users/?per_page=100&page=1
19842 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19843
19844[+] ross
19845 | Found By: Wp Json Api (Aggressive Detection)
19846 | - https://www.glofal.com/wp-json/wp/v2/users/?per_page=100&page=1
19847 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19848
19849[+] webmaster
19850 | Found By: Wp Json Api (Aggressive Detection)
19851 | - https://www.glofal.com/wp-json/wp/v2/users/?per_page=100&page=1
19852 | Confirmed By:
19853 | Oembed API - Author URL (Aggressive Detection)
19854 | - https://www.glofal.com/wp-json/oembed/1.0/embed?url=https://www.glofal.com/&format=json
19855 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19856
19857[+] andrew
19858 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19859
19860[+] chris
19861 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
19862
19863[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
19864[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
19865
19866[+] Finished: Fri Feb 21 11:35:25 2020
19867[+] Requests Done: 14
19868[+] Cached Requests: 49
19869[+] Data Sent: 2.612 KB
19870[+] Data Received: 107.946 KB
19871[+] Memory used: 144.152 MB
19872[+] Elapsed time: 00:00:10
19873######################################################################################################################################
19874[INFO] ------TARGET info------
19875[*] TARGET: https://www.glofal.com/
19876[*] TARGET IP: 151.106.38.107
19877[INFO] NO load balancer detected for www.glofal.com...
19878[*] DNS servers: glofal.com.
19879[*] TARGET server: Apache
19880[*] CC: FR
19881[*] Country: France
19882[*] RegionCode: IDF
19883[*] RegionName: Île-de-France
19884[*] City: Clichy-sous-Bois
19885[*] ASN: AS34088
19886[*] BGP_PREFIX: 151.106.32.0/20
19887[*] ISP: GDY-FRANCE Host Europe GmbH, DE
19888[INFO] SSL/HTTPS certificate detected
19889[*] Issuer: issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
19890[*] Subject: subject=OU = Domain Control Validated, CN = hiram02.glofal.com
19891[INFO] DNS enumeration:
19892[*] ftp.glofal.com 151.106.38.107
19893[*] mail.glofal.com glofal.com. 151.106.38.107
19894[*] ns1.glofal.com 151.106.38.107
19895[*] ns2.glofal.com 151.106.38.107
19896[*] ns3.glofal.com 151.106.38.107
19897[*] webmail.glofal.com portal.office.com. geo.portal.office.akadns.net. nonus_edge.portal.office.akadns.net. portal-office365-com.b-0004.b-msedge.net. b-0004.b-msedge.net. 13.107.6.156
19898[INFO] Possible abuse mails are:
19899[*] abuse@glofal.com
19900[*] abuse@www.glofal.com
19901[*] fbl-spamcop@ext.godaddy.com
19902[INFO] NO PAC (Proxy Auto Configuration) file FOUND
19903[ALERT] robots.txt file FOUND in http://www.glofal.com/robots.txt
19904[INFO] Checking for HTTP status codes recursively from http://www.glofal.com/robots.txt
19905[INFO] Status code Folders
19906[*] 200 http://www.glofal.com/
19907[INFO] Starting FUZZing in http://www.glofal.com/FUzZzZzZzZz...
19908[INFO] Status code Folders
19909[*] 200 http://www.glofal.com/images
19910[*] 200 http://www.glofal.com/full
19911[ALERT] Look in the source code. It may contain passwords
19912[INFO] Links found from https://www.glofal.com/ http://151.106.38.107/:
19913[*] http://151.106.38.107/cgi-sys/defaultwebpage.cgi
19914[*] http://LillianLodge925/
19915[*] http://masoniceducation.org/Leader/
19916[*] http://n/a
19917[*] https://al.gvsoftware.com/lodges_map
19918[*] https://al.gvsoftware.com/users/sign_in
19919[*] https://maps.google.com/maps?z=16&q=341+monument+drive+millbrook,+al+36054
19920[*] https://pinterest.com/pin/create/button/?url=https://www.glofal.com/&media=&description=Main+frontpage
19921[*] https://t.co/aQYJD1RHm3
19922[*] https://t.co/PvmcqnlRUq
19923[*] https://t.co/raziVbg0wP
19924[*] https://t.co/rUzDdTGM8P
19925[*] https://t.co/vUPxQL7K4y
19926[*] https://twitter.com/MWGLofAL
19927[*] https://twitter.com/MWGLofAL/status/1199908414551461888
19928[*] https://twitter.com/MWGLofAL/status/1210700778761048064
19929[*] https://twitter.com/MWGLofAL/status/1218689258329989120
19930[*] https://twitter.com/MWGLofAL/status/1226647585143828483
19931[*] https://twitter.com/MWGLofAL/status/1229850604077494272
19932[*] https://twitter.com/share
19933[*] https://www.facebook.com/GLofAL/
19934[*] https://www.glofal.com/
19935[*] https://www.glofal.com/2019/10/
19936[*] https://www.glofal.com/2019/11/
19937[*] https://www.glofal.com/2019/12/
19938[*] https://www.glofal.com/2020/01/
19939[*] https://www.glofal.com/a-time-of-thankfulness/
19940[*] https://www.glofal.com/a-time-of-thankfulness/comment-page-1/#comment-4
19941[*] https://www.glofal.com/a-time-of-thankfulness/comment-page-1/#comment-6
19942[*] https://www.glofal.com/a-time-of-thankfulness/#comments
19943[*] https://www.glofal.com/a-time-of-thankfulness/?share=facebook
19944[*] https://www.glofal.com/a-time-of-thankfulness/?share=twitter
19945[*] https://www.glofal.com/bicentennial-lapel-pins/
19946[*] https://www.glofal.com/category/blogs/
19947[*] https://www.glofal.com/category/blogs/grand-chaplain/
19948[*] https://www.glofal.com/category/blogs/grand-historian/
19949[*] https://www.glofal.com/category/blogs/grand-master/
19950[*] https://www.glofal.com/category/blogs/grand-orator/
19951[*] https://www.glofal.com/category/blogs/grand-secretary/
19952[*] https://www.glofal.com/category/blogs/webmaster/
19953[*] https://www.glofal.com/category/uncategorized/
19954[*] https://www.glofal.com/comments/feed/
19955[*] https://www.glofal.com/conferences-workshops/
19956[*] https://www.glofal.com/contact-us/
19957[*] https://www.glofal.com/emasons
19958[*] https://www.glofal.com/emasons/register/
19959[*] https://www.glofal.com/emasons/requestchange/
19960[*] https://www.glofal.com/emasons/search/
19961[*] https://www.glofal.com/emergingleaders/
19962[*] https://www.glofal.com/event-notifications-archive/
19963[*] https://www.glofal.com/event-notifications-archive/group1/
19964[*] https://www.glofal.com/event-notifications-archive/group-2-archive/
19965[*] https://www.glofal.com/event-notifications-archive/group-3-archive/
19966[*] https://www.glofal.com/event-notifications-archive/group-4-archive/
19967[*] https://www.glofal.com/event-notifications-archive/group-5-archive/
19968[*] https://www.glofal.com/events
19969[*] https://www.glofal.com/events/newevent/
19970[*] https://www.glofal.com/feed/
19971[*] https://www.glofal.com/frontpage-main/how-to-become-a-mason/
19972[*] https://www.glofal.com/grand-masters-traveling-gavel/
19973[*] https://www.glofal.com/internet-guidelines/
19974[*] https://www.glofal.com/lodges/
19975[*] https://www.glofal.com/masonic-patriotic-links/
19976[*] https://www.glofal.com/mission-statement/
19977[*] https://www.glofal.com/new-grand-treasurer/
19978[*] https://www.glofal.com/new-grand-treasurer/comment-page-1/#comment-16
19979[*] https://www.glofal.com/new-grand-treasurer/comment-page-1/#comment-18
19980[*] https://www.glofal.com/new-grand-treasurer/comment-page-1/#comment-19
19981[*] https://www.glofal.com/new-grand-treasurer/#comments
19982[*] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/
19983[*] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/#respond
19984[*] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/?share=facebook
19985[*] https://www.glofal.com/notice-of-improperly-displaying-an-american-flag/?share=twitter
19986[*] https://www.glofal.com/obituaries/
19987[*] https://www.glofal.com/obituary-submission/
19988[*] https://www.glofal.com/officers/
19989[*] https://www.glofal.com/officers/charitable-outreach-program/
19990[*] https://www.glofal.com/officers/committees/
19991[*] https://www.glofal.com/officers/committees/internet/
19992[*] https://www.glofal.com/officers/mw-past-grand-masters-of-alabama/
19993[*] https://www.glofal.com/online-lodge-supply-orders/
19994[*] https://www.glofal.com/password-reset/
19995[*] https://www.glofal.com/portfolio/tmm/2019-v2-fall/
19996[*] https://www.glofal.com/portfolio/tmm/2019-v2-fall-2/
19997[*] https://www.glofal.com/portfolio/videos/fof1/
19998[*] https://www.glofal.com/portfolio/videos/fof2/
19999[*] https://www.glofal.com/portfolio/videos/inside-installation/
20000[*] https://www.glofal.com/portfolio/videos/rotary-lecture/
20001[*] https://www.glofal.com/portfolio/videos/who/
20002[*] https://www.glofal.com/?share=facebook
20003[*] https://www.glofal.com/?share=twitter
20004[*] https://www.glofal.com/the-reason-for-the-season/
20005[*] https://www.glofal.com/the-reason-for-the-season/#respond
20006[*] https://www.glofal.com/the-reason-for-the-season/?share=facebook
20007[*] https://www.glofal.com/the-reason-for-the-season/?share=twitter
20008[*] https://www.glofal.com/tmm/
20009[*] https://www.glofal.com/wp-content/uploads/public_documents/Alabama_Social_Media_Policy.pdf
20010[*] https://www.glofal.com/wp-json/oembed/1.0/embed?url=https://www.glofal.com/
20011[*] https://www.glofal.com/wp-json/oembed/1.0/embed?url=https://www.glofal.com/&format=xml
20012[*] https://www.google.com/maps/embed/v1/place?q=341+Monument+DriveMillbrook,+AL+36054&key=AIzaSyDoaKLqQpvPw2d2lG7KOPmmm_OYcY_vo_o
20013[*] https://www.irs.gov/990n
20014cut: intervalle de champ incorrecte
20015Saisissez « cut --help » pour plus d'informations.
20016[INFO] Shodan detected the following opened ports on 151.106.38.107:
20017[*] 1
20018[*] 110
20019[*] 111
20020[*] 143
20021[*] 2079
20022[*] 2082
20023[*] 2083
20024[*] 2086
20025[*] 2087
20026[*] 2095
20027[*] 2096
20028[*] 22
20029[*] 3306
20030[*] 4
20031[*] 443
20032[*] 465
20033[*] 53
20034[*] 80
20035[*] 993
20036[*] 995
20037[INFO] ------VirusTotal SECTION------
20038[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
20039[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
20040[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
20041[INFO] ------Alexa Rank SECTION------
20042[INFO] Percent of Visitors Rank in Country:
20043[INFO] Percent of Search Traffic:
20044[INFO] Percent of Unique Visits:
20045[INFO] Total Sites Linking In:
20046[INFO] Useful links related to www.glofal.com - 151.106.38.107:
20047[*] https://www.virustotal.com/pt/ip-address/151.106.38.107/information/
20048[*] https://www.hybrid-analysis.com/search?host=151.106.38.107
20049[*] https://www.shodan.io/host/151.106.38.107
20050[*] https://www.senderbase.org/lookup/?search_string=151.106.38.107
20051[*] https://www.alienvault.com/open-threat-exchange/ip/151.106.38.107
20052[*] http://pastebin.com/search?q=151.106.38.107
20053[*] http://urlquery.net/search.php?q=151.106.38.107
20054[*] http://www.alexa.com/siteinfo/www.glofal.com
20055[*] http://www.google.com/safebrowsing/diagnostic?site=www.glofal.com
20056[*] https://censys.io/ipv4/151.106.38.107
20057[*] https://www.abuseipdb.com/check/151.106.38.107
20058[*] https://urlscan.io/search/#151.106.38.107
20059[*] https://github.com/search?q=151.106.38.107&type=Code
20060[INFO] Useful links related to AS34088 - 151.106.32.0/20:
20061[*] http://www.google.com/safebrowsing/diagnostic?site=AS:34088
20062[*] https://www.senderbase.org/lookup/?search_string=151.106.32.0/20
20063[*] http://bgp.he.net/AS34088
20064[*] https://stat.ripe.net/AS34088
20065[INFO] Date: 21/02/20 | Time: 11:36:39
20066[INFO] Total time: 1 minute(s) and 24 second(s)
20067#######################################################################################################################################
20068 Anonymous #OpKilluminati JTSEC Full Recon #33