· 6 years ago · Aug 11, 2019, 10:01 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname shabakah.com.sa ISP Shabakah Net
4Continent Asia Flag
5SA
6Country Saudi Arabia Country Code SA
7Region Ar Riyāḑ Local time 11 Aug 2019 10:30 +03
8City Riyadh Postal Code Unknown
9IP Address 212.102.11.2 Latitude 24.654
10 Longitude 46.715
11=======================================================================================================================================
12##########################################################################################################################################
13> shabakah.com.sa
14Server: 27.50.70.139
15Address: 27.50.70.139#53
16
17Non-authoritative answer:
18Name: shabakah.com.sa
19Address: 212.102.11.2
20>
21########################################################################################################################################
22[+] Target : shabakah.com.sa
23
24[+] IP Address : 212.102.11.2
25
26[+] Headers :
27
28[+] Date : Sun, 11 Aug 2019 07:17:44 GMT
29[+] Server : Apache
30[+] Cache-Control : private, max-age=0
31[+] Content-Type : text/html; charset=utf-8
32[+] Expires : Sat, 27 Jul 2019 07:17:43 GMT
33[+] Last-Modified : Sun, 11 Aug 2019 07:17:43 GMT
34[+] X-SharePointHealthScore : 0
35[+] X-AspNet-Version : 4.0.30319
36[+] SPRequestGuid : 711bf99e-bfc7-90c0-76f3-1b156d7bbc5a
37[+] request-id : 711bf99e-bfc7-90c0-76f3-1b156d7bbc5a
38[+] X-FRAME-OPTIONS : SAMEORIGIN, DENY
39[+] SPRequestDuration : 571
40[+] SPIisLatency : 0
41[+] X-Powered-By : Shabakah Net
42[+] MicrosoftSharePointTeamServices : DENY
43[+] X-Content-Type-Options : nosniff
44[+] X-MS-InvokeApp : 1; RequireReadOnly
45[+] Vary : Accept-Encoding
46[+] Content-Encoding : gzip
47[+] Keep-Alive : timeout=15, max=97
48[+] Connection : Keep-Alive
49[+] Transfer-Encoding : chunked
50
51[+] SSL Certificate Information :
52
53[+] countryName : SA
54[+] localityName : Riyadh
55[+] organizationName : Shabakah Integrated Technology Co.
56[+] commonName : *.shabakah.com.sa
57[+] countryName : US
58[+] organizationName : DigiCert Inc
59[+] commonName : DigiCert SHA2 Secure Server CA
60[+] Version : 3
61[+] Serial Number : 03AF1E16457E3EFF2ED846F27AC0D484
62[+] Not Before : Apr 11 00:00:00 2019 GMT
63[+] Not After : Jun 2 12:00:00 2021 GMT
64[+] OCSP : ('http://ocsp.digicert.com',)
65[+] subject Alt Name : (('DNS', '*.shabakah.com.sa'), ('DNS', 'mail.shabakah.com.sa'), ('DNS', 'autodiscover.shabakah.com.sa'), ('DNS', 'shabakah.com.sa'))
66[+] CA Issuers : ('http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt',)
67[+] CRL Distribution Points : ('http://crl3.digicert.com/ssca-sha2-g6.crl', 'http://crl4.digicert.com/ssca-sha2-g6.crl')
68
69[+] Whois Lookup :
70
71[+] NIR : None
72[+] ASN Registry : ripencc
73[+] ASN : 34426
74[+] ASN CIDR : 212.102.0.0/19
75[+] ASN Country Code : SA
76[+] ASN Date : 1999-05-27
77[+] ASN Description : SHABAKAHNET-ASN, SA
78[+] cidr : 212.102.11.0/24
79[+] name : SHABAKAH-NET
80[+] handle : ASA101-RIPE
81[+] range : 212.102.11.0 - 212.102.11.255
82[+] description : Internet Service Provider
83[+] country : SA
84[+] state : None
85[+] city : None
86[+] address : Shabakah Net ISP.
87PB NO. 55155
88RIYADH
89SAUDI ARABIA
90[+] postal_code : None
91[+] emails : None
92[+] created : 2002-10-03T06:24:14Z
93[+] updated : 2002-10-03T06:30:05Z
94
95[+] Crawling Target...
96
97[+] Looking for robots.txt........[ Not Found ]
98[+] Looking for sitemap.xml.......[ Not Found ]
99[+] Extracting CSS Links..........[ 8 ]
100[+] Extracting Javascript Links...[ 11 ]
101[+] Extracting Internal Links.....[ 1 ]
102[+] Extracting External Links.....[ 3 ]
103[+] Extracting Images.............[ 8 ]
104
105[+] Total Links Extracted : 31
106
107[+] Dumping Links in /opt/FinalRecon/dumps/shabakah.com.sa.dump
108[+] Completed!
109#########################################################################################################################################
110[+] Starting At 2019-08-11 03:38:04.296464
111[+] Collecting Information On: https://shabakah.com.sa/en-us/Pages/default.aspx
112[#] Status: 200
113--------------------------------------------------
114[#] Web Server Detected: Apache
115[#] X-Powered-By: Shabakah Net
116- Date: Sun, 11 Aug 2019 07:20:45 GMT
117- Server: Apache
118- Cache-Control: private, max-age=0
119- Content-Type: text/html; charset=utf-8
120- Expires: Sat, 27 Jul 2019 07:20:45 GMT
121- Last-Modified: Sun, 11 Aug 2019 07:20:45 GMT
122- X-SharePointHealthScore: 0
123- X-AspNet-Version: 4.0.30319
124- SPRequestGuid: 9e1bf99e-8f2d-90c0-76f3-11bd03e55c3a
125- request-id: 9e1bf99e-8f2d-90c0-76f3-11bd03e55c3a
126- X-FRAME-OPTIONS: SAMEORIGIN, DENY
127- SPRequestDuration: 595
128- SPIisLatency: 1
129- X-Powered-By: Shabakah Net
130- MicrosoftSharePointTeamServices: DENY
131- X-Content-Type-Options: nosniff
132- X-MS-InvokeApp: 1; RequireReadOnly
133- Vary: Accept-Encoding
134- Content-Encoding: gzip
135- Keep-Alive: timeout=15, max=100
136- Connection: Keep-Alive
137- Transfer-Encoding: chunked
138--------------------------------------------------
139[#] Finding Location..!
140[#] as: AS34426 Shabakah Net
141[#] city: Riyadh
142[#] country: Saudi Arabia
143[#] countryCode: SA
144[#] isp: Saudi Arabia backbone and local registry
145[#] lat: 24.6537
146[#] lon: 46.7152
147[#] org:
148[#] query: 212.102.11.2
149[#] region: 01
150[#] regionName: Ar Riyāḑ
151[#] status: success
152[#] timezone: Asia/Riyadh
153[#] zip:
154--------------------------------------------------
155[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
156--------------------------------------------------
157[#] Starting Reverse DNS
158[!] Found 13 any Domain
159- hrc.gov.sa
160- mawani.gov.sa
161- nhr.nhic.gov.sa
162- ports.gov.sa
163- shabakah.com.sa
164- shura.gov.sa
165- socpa.org.sa
166- ucj.edu.sa
167- www.jti.edu.sa
168- www.nhic.gov.sa
169- www.ports.gov.sa
170- www.shura.gov.sa
171- www.socpa.org.sa
172--------------------------------------------------
173[!] Scanning Open Port
174[#] 80/tcp open http
175[#] 443/tcp open https
176[#] 8008/tcp open http
177--------------------------------------------------
178[+] Collecting Information Disclosure!
179[#] Detecting sitemap.xml file
180[!] sitemap.xml File Found: https://shabakah.com.sa/en-us/Pages/default.aspx/sitemap.xml
181[#] Detecting robots.txt file
182[!] robots.txt File Found: https://shabakah.com.sa/en-us/Pages/default.aspx/robots.txt
183[#] Detecting GNU Mailman
184[-] GNU Mailman App Not Detected!?
185--------------------------------------------------
186[+] Crawling Url Parameter On: https://shabakah.com.sa/en-us/Pages/default.aspx
187--------------------------------------------------
188[#] Searching Html Form !
189[+] Html Form Discovered
190[#] action: ./default.aspx
191[#] class: None
192[#] id: aspnetForm
193[#] method: post
194--------------------------------------------------
195[!] Found 15 dom parameter
196[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
197[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
198[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
199[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
200[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
201[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
202[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
203[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
204[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
205[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
206[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
207[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
208[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
209[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
210[#] https://shabakah.com.sa/en-us/Pages/default.aspx/#
211--------------------------------------------------
212[!] 5 Internal Dynamic Parameter Discovered
213[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_layouts/15/1033/styles/Themable/corev15.css?rev=OqAycmyMLoQIDkAlzHdMhQ%3D%3D
214[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_layouts/closeConnection.aspx?loginasanotheruser=true
215[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/Contact-Form.aspx?mail=true
216[+] http://jobs.shabakah.com.sa/WebForms/MainJobs.aspx?lang=en
217[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/Contact-Form.aspx?mail=true
218--------------------------------------------------
219[-] No external Dynamic Paramter Found!?
220--------------------------------------------------
221[!] 105 Internal links Discovered
222[+] https://shabakah.com.sa/en-us/Pages/default.aspx//Style%20Library/en-US/Themable/Core%20Styles/controls15.css
223[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/css/flickerplate.css
224[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/_vti_bin/spsdisco.aspx
225[+] http://shabakah.com.sa:80/en-us/Pages/default.aspx
226[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/img/favicon.ico
227[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/css/shabakah.css
228[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/css/CustomSP.css
229[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/css/bootstrap.min.css
230[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/en-us/css/owl.carousel.css
231[+] https://shabakah.com.sa/en-us/Pages/default.aspx//_catalogs/masterpage/css/font-awesome.min.css
232[+] https://shabakah.com.sa/en-us/Pages/default.aspx/javascript:ChangeMUI('en-us','ar-sa')
233[+] https://shabakah.com.sa/en-us/Pages/default.aspx/javascript:ChangeMUI('ar-sa','en-us')
234[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/
235[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/Pages/default.aspx
236[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Home/Pages/Connect.aspx
237[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Home/Pages/HomeAutomationAndSecurity.aspx
238[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/ICT-Infrastructure-solutions.aspx
239[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/Network-access-and-security-solutions.aspx
240[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/Unified-Communications-solutions.aspx
241[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/Intrusion-prevention-and-surveillance-systems.aspx
242[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/Application-and-software-development-solutions.aspx
243[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/Data-center,-cloud-and-virtualization-solutions.aspx
244[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Solutions/For_Business/Pages/Enterprise-resource-management-solutions.aspx
245[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Pages/default.aspx
246[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Governmental.aspx
247[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Educational.aspx
248[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Healthcare.aspx
249[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Monetary Institutions.aspx
250[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Real estate.aspx
251[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Manufacturing.aspx
252[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Construction.aspx
253[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Freight.aspx
254[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Industries/Industry/Pages/Trade.aspx
255[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Pages/default.aspx
256[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Products/Pages/Hardware.aspx
257[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Products/Pages/Software.aspx
258[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Internet-and-Connectivity-Services.aspx
259[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Data-Center-Services.aspx
260[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Managed-Services.aspx
261[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/E-Government-Services.aspx
262[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Professional-services.aspx
263[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/Pages/default.aspx
264[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/Technical Support/Pages/Documentation.aspx
265[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/Technical Support/Pages/Tutorials---Demos.aspx
266[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/Technical Support/Pages/FAQ.aspx
267[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/Technical Support/Pages/Contact-Technical-Support-Team.aspx
268[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/SalesSupport/Pages/Contact-Sales-Support-Team.aspx
269[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/SalesSupport/Pages/Order.aspx
270[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Support/Client Support/Pages/Login.aspx
271[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Pages/default.aspx
272[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Overview/Pages/Vision.aspx
273[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Overview/Pages/Mission.aspx
274[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Overview/Pages/History.aspx
275[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Overview/Pages/Facts---Figures.aspx
276[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Overview/Pages/Technology-Vendors.aspx
277[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Our Values/Pages/HighlyStandardizedApproach.aspx
278[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Management/Pages/CEO-Message.aspx
279[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Our Client/Pages/Clients.aspx
280[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Our Client/Pages/Clients-Exited-Projects.aspx
281[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Our Client/Pages/Clients-Success-Stories.aspx
282[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Media Center/Pages/Latest-News.aspx
283[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Media Center/Pages/Events.aspx
284[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Media Center/Pages/Images-Gallery.aspx
285[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Media Center/Pages/Videos-Gallery.aspx
286[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Media Center/Pages/Shabakah-In-Media.aspx
287[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Company/Media Center/Pages/Newsletter.aspx
288[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Pages/default.aspx
289[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/CustomerSatisfactionSurvey.aspx
290[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/HeadquartersAndOffices.aspx
291[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/Find-Us-on-Map.aspx
292[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/Social-Media.aspx
293[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/Direct-E-Mails.aspx
294[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/ContactUs.aspx
295[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Careers/Pages/Why-Work-At-SHABAKAH.aspx
296[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Careers/Pages/We-Are-Looking-For.aspx
297[+] https://shabakah.com.sa/en-us/Pages/default.aspx/javascript: {}
298[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/ShabakahBusinesslines/Pages/default.aspx
299[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Professional-services.aspx
300[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Products/Pages/Hardware.aspx
301[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Products/Pages/Software.aspx
302[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Internet-and-Connectivity-Services.aspx
303[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Data-Center-Services.aspx
304[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/Managed-Services.aspx
305[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Products_Services/Services/Pages/E-Government-Services.aspx
306[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/CompanyInformation/Pages/default.aspx
307[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/CompanyInformation/Pages/Leadership.aspx
308[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/CompanyInformation/Pages/Careers-at-Shabakah.aspx
309[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/Contacts/Contacts/Pages/HeadquartersAndOffices.aspx
310[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/CompanyInformation/Pages/Investor-Relations.aspx
311[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/CompanyInformation/Pages/Shabakah-Foundation.aspx
312[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/CompanyInformation/Pages/Why-Choose-Shabakah.aspx
313[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/default.aspx
314[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/Newsroom.aspx
315[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/Articles.aspx
316[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/Events.aspx
317[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/Awards.aspx
318[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/Media-Resource-Center.aspx
319[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/NewsAndEvents/Pages/Media-and-Contacts.aspx
320[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/default.aspx
321[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/Shabakah-communities.aspx
322[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/Blogs.aspx
323[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/On-Twitter.aspx
324[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/On-Facebook.aspx
325[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/On-YouTube.aspx
326[+] https://shabakah.com.sa/en-us/Pages/default.aspx//en-us/footer/Community/Pages/Community-Terms-of-Use.aspx
327--------------------------------------------------
328[!] 3 External links Discovered
329[#] https://www.facebook.com/Shabakah-net-273982342656140/
330[#] https://twitter.com/shabakahnet
331[#] https://www.youtube.com/user/4193193
332--------------------------------------------------
333[#] Mapping Subdomain..
334[!] Found 18 Subdomain
335- mail-03.shabakah.com.sa
336- mail.shabakah.com.sa
337- autodiscover.shabakah.com.sa
338- jobs.shabakah.com.sa
339- www.shabakah.com.sa
340- lyncpool.shabakah.com.sa
341- dialin.shabakah.com.sa
342- lyncdiscover.shabakah.com.sa
343- ruh-lync-was.shabakah.com.sa
344- meet.shabakah.com.sa
345- cloud.shabakah.com.sa
346- office.shabakah.com.sa
347- edgepool.shabakah.com.sa
348- sip.shabakah.com.sa
349- webconf.shabakah.com.sa
350- av.shabakah.com.sa
351- testsrv.shabakah.com.sa
352- web44.shabakah.com.sa
353--------------------------------------------------
354[!] Done At 2019-08-11 03:39:00.693619
355#########################################################################################################################################
356[i] Scanning Site: https://shabakah.com.sa
357
358
359
360B A S I C I N F O
361====================
362
363
364[+] Site Title:
365
366 Home
367
368
369[+] IP address: 212.102.11.2
370[+] Web Server: Apache
371[+] CMS: Could Not Detect
372[+] Cloudflare: Not Detected
373[+] Robots File: Could NOT Find robots.txt!
374
375
376
377
378W H O I S L O O K U P
379========================
380
381 % SaudiNIC Whois server.
382% Rights restricted by copyright.
383% http://nic.sa/en/view/whois-cmd-copyright
384
385Domain Name: shabakah.com.sa
386
387 Registrant:
388 Shabakah Net مؤسسه نظام الشبكه لخدمه الانترنت
389 Address: لا يوجد
390 Riyadh الرياض
391 Saudi Arabia المملكة العربية السعودية
392
393 Administrative Contact:
394 Khaled Saleh ******** ******** **************
395 Address: *******
396 *************
397 *************************************
398
399 Technical Contact:
400 Bobby Mathews ******
401 Address: *******
402 *************
403 *************************************
404
405 Name Servers:
406 ns1.shabakah.net.sa
407 ns2.shabakah.net.sa
408 ns4.shabakah.net.sa
409
410Created on: 2000-04-14
411Last Updated on: 2017-05-25
412
413
414
415
416
417G E O I P L O O K U P
418=========================
419
420[i] IP Address: 212.102.11.2
421[i] Country: Saudi Arabia
422[i] State: Ar Riyad
423[i] City: Riyadh
424[i] Latitude: 24.6537
425[i] Longitude: 46.7152
426
427
428
429
430H T T P H E A D E R S
431=======================
432
433
434[i] HTTP/1.1 302 Redirect
435[i] Date: Sun, 11 Aug 2019 07:18:45 GMT
436[i] Server: Apache
437[i] Content-Type: text/html; charset=UTF-8
438[i] Location: https://shabakah.com.sa/Pages/VariationRoot.aspx
439[i] X-SharePointHealthScore: 0
440[i] SPRequestGuid: 811bf99e-1f2a-90c0-76f3-153c58e8a613
441[i] request-id: 811bf99e-1f2a-90c0-76f3-153c58e8a613
442[i] X-FRAME-OPTIONS: SAMEORIGIN
443[i] SPRequestDuration: 10
444[i] SPIisLatency: 0
445[i] X-Powered-By: Shabakah Net
446[i] MicrosoftSharePointTeamServices: DENY
447[i] X-Content-Type-Options: nosniff
448[i] X-MS-InvokeApp: 1; RequireReadOnly
449[i] X-FRAME-OPTIONS: DENY
450[i] Content-Length: 170
451[i] Vary: Accept-Encoding
452[i] Connection: close
453[i] HTTP/1.1 302 Found
454[i] Date: Sun, 11 Aug 2019 07:18:49 GMT
455[i] Server: Apache
456[i] Cache-Control: private, max-age=0
457[i] Content-Type: text/html; charset=utf-8
458[i] Expires: Sat, 27 Jul 2019 07:18:49 GMT
459[i] Last-Modified: Sun, 11 Aug 2019 07:18:49 GMT
460[i] Location: https://shabakah.com.sa/en-us
461[i] X-SharePointHealthScore: 0
462[i] X-AspNet-Version: 4.0.30319
463[i] SPRequestGuid: 811bf99e-5fc4-90c0-76f3-1ae31295c259
464[i] request-id: 811bf99e-5fc4-90c0-76f3-1ae31295c259
465[i] X-FRAME-OPTIONS: SAMEORIGIN
466[i] SPRequestDuration: 99
467[i] SPIisLatency: 0
468[i] X-Powered-By: Shabakah Net
469[i] MicrosoftSharePointTeamServices: DENY
470[i] X-Content-Type-Options: nosniff
471[i] X-MS-InvokeApp: 1; RequireReadOnly
472[i] X-FRAME-OPTIONS: DENY
473[i] Content-Length: 145
474[i] Vary: Accept-Encoding
475[i] Connection: close
476[i] HTTP/1.1 302 Redirect
477[i] Date: Sun, 11 Aug 2019 07:18:51 GMT
478[i] Server: Apache
479[i] Content-Type: text/html; charset=UTF-8
480[i] Location: https://shabakah.com.sa/en-us/Pages/default.aspx
481[i] X-SharePointHealthScore: 0
482[i] SPRequestGuid: 821bf99e-7f67-90c0-76f3-112d81742d76
483[i] request-id: 821bf99e-7f67-90c0-76f3-112d81742d76
484[i] X-FRAME-OPTIONS: SAMEORIGIN
485[i] SPRequestDuration: 12
486[i] SPIisLatency: 1
487[i] X-Powered-By: Shabakah Net
488[i] MicrosoftSharePointTeamServices: DENY
489[i] X-Content-Type-Options: nosniff
490[i] X-MS-InvokeApp: 1; RequireReadOnly
491[i] X-FRAME-OPTIONS: DENY
492[i] Content-Length: 170
493[i] Vary: Accept-Encoding
494[i] Connection: close
495[i] HTTP/1.1 200 OK
496[i] Date: Sun, 11 Aug 2019 07:18:54 GMT
497[i] Server: Apache
498[i] Cache-Control: private, max-age=0
499[i] Content-Type: text/html; charset=utf-8
500[i] Expires: Sat, 27 Jul 2019 07:18:54 GMT
501[i] Last-Modified: Sun, 11 Aug 2019 07:18:54 GMT
502[i] X-SharePointHealthScore: 0
503[i] X-AspNet-Version: 4.0.30319
504[i] SPRequestGuid: 831bf99e-bf01-90c0-76f3-15eed707d4fa
505[i] request-id: 831bf99e-bf01-90c0-76f3-15eed707d4fa
506[i] X-FRAME-OPTIONS: SAMEORIGIN
507[i] SPRequestDuration: 406
508[i] SPIisLatency: 0
509[i] X-Powered-By: Shabakah Net
510[i] MicrosoftSharePointTeamServices: DENY
511[i] X-Content-Type-Options: nosniff
512[i] X-MS-InvokeApp: 1; RequireReadOnly
513[i] X-FRAME-OPTIONS: DENY
514[i] Content-Length: 91644
515[i] Vary: Accept-Encoding
516[i] Connection: close
517
518
519
520
521D N S L O O K U P
522===================
523
524shabakah.com.sa. 3599 IN TXT "google-site-verification=c1wwo6KZ7r9tyfpDusyJkLOkcG3L9yNK__E-UkVa4C8"
525shabakah.com.sa. 3599 IN TXT "v=spf1 ip4:212.102.0.41 ip4:212.102.0.84 ip4:212.102.0.88 a:iron.shabakah.net.sa mx ~all"
526shabakah.com.sa. 3599 IN TXT "MS=E38924F26EA3C2AFE7F77BD71A6387AC11409F9B"
527shabakah.com.sa. 3599 IN NS ns1.shabakah.net.sa.
528shabakah.com.sa. 3599 IN NS ns2.shabakah.net.sa.
529shabakah.com.sa. 3599 IN NS ns4.shabakah.net.sa.
530shabakah.com.sa. 3599 IN MX 10 iron.shabakah.net.sa.
531shabakah.com.sa. 3599 IN MX 20 smtp.shabakah.net.sa.
532shabakah.com.sa. 3599 IN A 212.102.11.2
533shabakah.com.sa. 3599 IN SOA ns1.shabakah.net.sa. administrator.shabakah.net.sa. 2019070101 3600 1800 864000 3600
534
535
536
537
538S U B N E T C A L C U L A T I O N
539====================================
540
541Address = 212.102.11.2
542Network = 212.102.11.2 / 32
543Netmask = 255.255.255.255
544Broadcast = not needed on Point-to-Point links
545Wildcard Mask = 0.0.0.0
546Hosts Bits = 0
547Max. Hosts = 1 (2^0 - 0)
548Host Range = { 212.102.11.2 - 212.102.11.2 }
549
550
551
552N M A P P O R T S C A N
553============================
554
555Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 07:36 UTC
556Nmap scan report for shabakah.com.sa (212.102.11.2)
557Host is up (0.16s latency).
558rDNS record for 212.102.11.2: ruh-firewall.shabakah.net.sa
559
560PORT STATE SERVICE
56121/tcp filtered ftp
56222/tcp filtered ssh
56323/tcp filtered telnet
56480/tcp open http
565110/tcp filtered pop3
566143/tcp filtered imap
567443/tcp open https
5683389/tcp filtered ms-wbt-server
569
570Nmap done: 1 IP address (1 host up) scanned in 3.47 seconds
571
572
573
574S U B - D O M A I N F I N D E R
575==================================
576
577
578[i] Total Subdomains Found : 17
579
580[+] Subdomain: web44.shabakah.com.sa
581[-] IP: 212.102.11.47
582
583[+] Subdomain: cloud.shabakah.com.sa
584[-] IP: 212.102.0.126
585
586[+] Subdomain: office.shabakah.com.sa
587[-] IP: 212.102.11.103
588
589[+] Subdomain: webconf.shabakah.com.sa
590[-] IP: 212.102.11.91
591
592[+] Subdomain: mail.shabakah.com.sa
593[-] IP: 212.102.0.41
594
595[+] Subdomain: lyncpool.shabakah.com.sa
596[-] IP: 212.102.0.123
597
598[+] Subdomain: edgepool.shabakah.com.sa
599[-] IP: 212.102.11.90
600
601[+] Subdomain: dialin.shabakah.com.sa
602[-] IP: 212.102.0.123
603
604[+] Subdomain: sip.shabakah.com.sa
605[-] IP: 212.102.11.90
606
607[+] Subdomain: lyncdiscover.shabakah.com.sa
608[-] IP: 212.102.0.123
609
610[+] Subdomain: autodiscover.shabakah.com.sa
611[-] IP: 212.102.0.41
612
613[+] Subdomain: ruh-lync-was.shabakah.com.sa
614[-] IP: 212.102.0.123
615
616[+] Subdomain: jobs.shabakah.com.sa
617[-] IP: 212.102.11.2
618
619[+] Subdomain: meet.shabakah.com.sa
620[-] IP: 212.102.0.123
621
622[+] Subdomain: av.shabakah.com.sa
623[-] IP: 212.102.11.92
624
625[+] Subdomain: testsrv.shabakah.com.sa
626[-] IP: 212.102.0.114
627
628[+] Subdomain: www.shabakah.com.sa
629[-] IP: 212.102.11.2
630########################################################################################################################################
631[INFO] ------TARGET info------
632[*] TARGET: https://shabakah.com.sa/en-us/Pages/default.aspx
633[*] TARGET IP: 212.102.11.2
634[INFO] NO load balancer detected for shabakah.com.sa...
635[*] DNS servers: ns1.shabakah.net.sa.
636[*] TARGET server: Apache
637[*] CC: SA
638[*] Country: Saudi Arabia
639[*] RegionCode: 01
640[*] RegionName: Ar Riyāḑ
641[*] City: Riyadh
642[*] ASN: AS34426
643[*] BGP_PREFIX: 212.102.0.0/19
644[*] ISP: SHABAKAHNET-ASN Shabakah Net, SA
645[INFO] SSL/HTTPS certificate detected
646[*] Issuer: issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
647[*] Subject: subject=C = SA, L = Riyadh, O = Shabakah Integrated Technology Co., CN = *.shabakah.com.sa
648[INFO] DNS enumeration:
649[*] jobs.shabakah.com.sa 212.102.11.2
650[*] mail.shabakah.com.sa 212.102.0.41
651[*] test.shabakah.com.sa 212.102.0.121
652[*] webconf.shabakah.com.sa 212.102.11.91
653[INFO] Possible abuse mails are:
654[*] abdulwahab@shabakah.com
655[*] abuse@shabakah.com.sa
656[*] bobby@shabakah.net.sa
657[INFO] NO PAC (Proxy Auto Configuration) file FOUND
658[INFO] Checking for HTTP status codes recursively from /en-us/Pages/default.aspx
659[INFO] Status code Folders
660[*] 200 http://shabakah.com.sa/en-us/
661[*] 401 http://shabakah.com.sa/en-us/Pages/
662[INFO] Starting FUZZing in http://shabakah.com.sa/FUzZzZzZzZz...
663[INFO] Status code Folders
664[ALERT] Look in the source code. It may contain passwords
665[ALERT] Content in http://shabakah.com.sa/ AND http://www.shabakah.com.sa/ is different
666[INFO] MD5 for http://shabakah.com.sa/ is: 9def93ed44bbe3857a8963c7be2f35cb
667[INFO] MD5 for http://www.shabakah.com.sa/ is: 34d503bad96d604b4b40b991ca5d29a7
668[INFO] http://shabakah.com.sa/ redirects to https://shabakah.com.sa/en-us/Pages/default.aspx
669[INFO] http://www.shabakah.com.sa/ redirects to https://shabakah.com.sa/en-us/Pages/default.aspx
670[INFO] Links found from https://shabakah.com.sa/en-us/Pages/default.aspx http://212.102.11.2/:
671[*] http://jobs.shabakah.com.sa/WebForms/MainJobs.aspx?lang=en
672[*] https://shabakah.com.sa/en-us/
673[*] https://shabakah.com.sa/en-us/Company/Management/Pages/CEO-Message.aspx
674[*] https://shabakah.com.sa/en-us/Company/Media Center/Pages/Events.aspx
675[*] https://shabakah.com.sa/en-us/Company/Media Center/Pages/Images-Gallery.aspx
676[*] https://shabakah.com.sa/en-us/Company/Media Center/Pages/Latest-News.aspx
677[*] https://shabakah.com.sa/en-us/Company/Media Center/Pages/Newsletter.aspx
678[*] https://shabakah.com.sa/en-us/Company/Media Center/Pages/Shabakah-In-Media.aspx
679[*] https://shabakah.com.sa/en-us/Company/Media Center/Pages/Videos-Gallery.aspx
680[*] https://shabakah.com.sa/en-us/Company/Our Client/Pages/Clients.aspx
681[*] https://shabakah.com.sa/en-us/Company/Our Client/Pages/Clients-Exited-Projects.aspx
682[*] https://shabakah.com.sa/en-us/Company/Our Client/Pages/Clients-Success-Stories.aspx
683[*] https://shabakah.com.sa/en-us/Company/Our Values/Pages/HighlyStandardizedApproach.aspx
684[*] https://shabakah.com.sa/en-us/Company/Overview/Pages/Facts---Figures.aspx
685[*] https://shabakah.com.sa/en-us/Company/Overview/Pages/History.aspx
686[*] https://shabakah.com.sa/en-us/Company/Overview/Pages/Mission.aspx
687[*] https://shabakah.com.sa/en-us/Company/Overview/Pages/Technology-Vendors.aspx
688[*] https://shabakah.com.sa/en-us/Company/Overview/Pages/Vision.aspx
689[*] https://shabakah.com.sa/en-us/Company/Pages/default.aspx
690[*] https://shabakah.com.sa/en-us/Contacts/Careers/Pages/We-Are-Looking-For.aspx
691[*] https://shabakah.com.sa/en-us/Contacts/Careers/Pages/Why-Work-At-SHABAKAH.aspx
692[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/Contact-Form.aspx?mail=true
693[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/ContactUs.aspx
694[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/CustomerSatisfactionSurvey.aspx
695[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/Direct-E-Mails.aspx
696[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/Find-Us-on-Map.aspx
697[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/HeadquartersAndOffices.aspx
698[*] https://shabakah.com.sa/en-us/Contacts/Contacts/Pages/Social-Media.aspx
699[*] https://shabakah.com.sa/en-us/Contacts/Pages/default.aspx
700[*] https://shabakah.com.sa/en-us/footer/Community/Pages/Blogs.aspx
701[*] https://shabakah.com.sa/en-us/footer/Community/Pages/Community-Terms-of-Use.aspx
702[*] https://shabakah.com.sa/en-us/footer/Community/Pages/default.aspx
703[*] https://shabakah.com.sa/en-us/footer/Community/Pages/On-Facebook.aspx
704[*] https://shabakah.com.sa/en-us/footer/Community/Pages/On-Twitter.aspx
705[*] https://shabakah.com.sa/en-us/footer/Community/Pages/On-YouTube.aspx
706[*] https://shabakah.com.sa/en-us/footer/Community/Pages/Shabakah-communities.aspx
707[*] https://shabakah.com.sa/en-us/footer/CompanyInformation/Pages/Careers-at-Shabakah.aspx
708[*] https://shabakah.com.sa/en-us/footer/CompanyInformation/Pages/default.aspx
709[*] https://shabakah.com.sa/en-us/footer/CompanyInformation/Pages/Investor-Relations.aspx
710[*] https://shabakah.com.sa/en-us/footer/CompanyInformation/Pages/Leadership.aspx
711[*] https://shabakah.com.sa/en-us/footer/CompanyInformation/Pages/Shabakah-Foundation.aspx
712[*] https://shabakah.com.sa/en-us/footer/CompanyInformation/Pages/Why-Choose-Shabakah.aspx
713[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/Articles.aspx
714[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/Awards.aspx
715[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/default.aspx
716[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/Events.aspx
717[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/Media-and-Contacts.aspx
718[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/Media-Resource-Center.aspx
719[*] https://shabakah.com.sa/en-us/footer/NewsAndEvents/Pages/Newsroom.aspx
720[*] https://shabakah.com.sa/en-us/footer/ShabakahBusinesslines/Pages/default.aspx
721[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Construction.aspx
722[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Educational.aspx
723[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Freight.aspx
724[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Governmental.aspx
725[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Healthcare.aspx
726[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Manufacturing.aspx
727[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Monetary Institutions.aspx
728[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Real estate.aspx
729[*] https://shabakah.com.sa/en-us/Industries/Industry/Pages/Trade.aspx
730[*] https://shabakah.com.sa/en-us/Industries/Pages/default.aspx
731[*] https://shabakah.com.sa/en-us/Pages/default.aspx
732[*] https://shabakah.com.sa/en-us/Products_Services/Pages/default.aspx
733[*] https://shabakah.com.sa/en-us/Products_Services/Products/Pages/Hardware.aspx
734[*] https://shabakah.com.sa/en-us/Products_Services/Products/Pages/Software.aspx
735[*] https://shabakah.com.sa/en-us/Products_Services/Services/Pages/Data-Center-Services.aspx
736[*] https://shabakah.com.sa/en-us/Products_Services/Services/Pages/E-Government-Services.aspx
737[*] https://shabakah.com.sa/en-us/Products_Services/Services/Pages/Internet-and-Connectivity-Services.aspx
738[*] https://shabakah.com.sa/en-us/Products_Services/Services/Pages/Managed-Services.aspx
739[*] https://shabakah.com.sa/en-us/Products_Services/Services/Pages/Professional-services.aspx
740[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/Application-and-software-development-solutions.aspx
741[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/Data-center,-cloud-and-virtualization-solutions.aspx
742[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/Enterprise-resource-management-solutions.aspx
743[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/ICT-Infrastructure-solutions.aspx
744[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/Intrusion-prevention-and-surveillance-systems.aspx
745[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/Network-access-and-security-solutions.aspx
746[*] https://shabakah.com.sa/en-us/Solutions/For_Business/Pages/Unified-Communications-solutions.aspx
747[*] https://shabakah.com.sa/en-us/Solutions/For_Home/Pages/Connect.aspx
748[*] https://shabakah.com.sa/en-us/Solutions/For_Home/Pages/HomeAutomationAndSecurity.aspx
749[*] https://shabakah.com.sa/en-us/Solutions/Pages/default.aspx
750[*] https://shabakah.com.sa/en-us/Support/Client Support/Pages/Login.aspx
751[*] https://shabakah.com.sa/en-us/Support/Pages/default.aspx
752[*] https://shabakah.com.sa/en-us/Support/SalesSupport/Pages/Contact-Sales-Support-Team.aspx
753[*] https://shabakah.com.sa/en-us/Support/SalesSupport/Pages/Order.aspx
754[*] https://shabakah.com.sa/en-us/Support/Technical Support/Pages/Contact-Technical-Support-Team.aspx
755[*] https://shabakah.com.sa/en-us/Support/Technical Support/Pages/Documentation.aspx
756[*] https://shabakah.com.sa/en-us/Support/Technical Support/Pages/FAQ.aspx
757[*] https://shabakah.com.sa/en-us/Support/Technical Support/Pages/Tutorials---Demos.aspx
758[*] https://shabakah.com.sa/en-us/_vti_bin/spsdisco.aspx
759[*] https://shabakah.com.sa/_layouts/closeConnection.aspx?loginasanotheruser=true
760[*] https://twitter.com/shabakahnet
761[*] https://www.facebook.com/Shabakah-net-273982342656140/
762[*] https://www.youtube.com/user/4193193
763[INFO] GOOGLE has 78,300 results (0.21 seconds) about http://shabakah.com.sa/
764[INFO] BING shows 212.102.11.2 is shared with 6,070 hosts/vhosts
765[INFO] Shodan detected the following opened ports on 212.102.11.2:
766[*] 443
767[*] 80
768[*] 8008
769[INFO] ------VirusTotal SECTION------
770[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
771[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
772[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
773[INFO] ------Alexa Rank SECTION------
774[INFO] Percent of Visitors Rank in Country:
775[INFO] Percent of Search Traffic:
776[INFO] Percent of Unique Visits:
777[INFO] Total Sites Linking In:
778[INFO] Useful links related to shabakah.com.sa - 212.102.11.2:
779[*] https://www.virustotal.com/pt/ip-address/212.102.11.2/information/
780[*] https://www.hybrid-analysis.com/search?host=212.102.11.2
781[*] https://www.shodan.io/host/212.102.11.2
782[*] https://www.senderbase.org/lookup/?search_string=212.102.11.2
783[*] https://www.alienvault.com/open-threat-exchange/ip/212.102.11.2
784[*] http://pastebin.com/search?q=212.102.11.2
785[*] http://urlquery.net/search.php?q=212.102.11.2
786[*] http://www.alexa.com/siteinfo/shabakah.com.sa
787[*] http://www.google.com/safebrowsing/diagnostic?site=shabakah.com.sa
788[*] https://censys.io/ipv4/212.102.11.2
789[*] https://www.abuseipdb.com/check/212.102.11.2
790[*] https://urlscan.io/search/#212.102.11.2
791[*] https://github.com/search?q=212.102.11.2&type=Code
792[INFO] Useful links related to AS34426 - 212.102.0.0/19:
793[*] http://www.google.com/safebrowsing/diagnostic?site=AS:34426
794[*] https://www.senderbase.org/lookup/?search_string=212.102.0.0/19
795[*] http://bgp.he.net/AS34426
796[*] https://stat.ripe.net/AS34426
797[INFO] Date: 11/08/19 | Time: 03:41:46
798[INFO] Total time: 3 minute(s) and 38 second(s)
799########################################################################################################################################
800Trying "shabakah.com.sa"
801;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50570
802;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 3, ADDITIONAL: 1
803
804;; QUESTION SECTION:
805;shabakah.com.sa. IN ANY
806
807;; ANSWER SECTION:
808shabakah.com.sa. 3600 IN TXT "v=spf1 ip4:212.102.0.41 ip4:212.102.0.84 ip4:212.102.0.88 a:iron.shabakah.net.sa mx ~all"
809shabakah.com.sa. 3600 IN TXT "google-site-verification=c1wwo6KZ7r9tyfpDusyJkLOkcG3L9yNK__E-UkVa4C8"
810shabakah.com.sa. 3600 IN TXT "MS=E38924F26EA3C2AFE7F77BD71A6387AC11409F9B"
811shabakah.com.sa. 3600 IN MX 10 iron.shabakah.net.sa.
812shabakah.com.sa. 3600 IN MX 20 smtp.shabakah.net.sa.
813shabakah.com.sa. 3600 IN A 212.102.11.2
814shabakah.com.sa. 3600 IN SOA ns1.shabakah.net.sa. administrator.shabakah.net.sa. 2019070101 3600 1800 864000 3600
815shabakah.com.sa. 3600 IN NS ns2.shabakah.net.sa.
816shabakah.com.sa. 3600 IN NS ns1.shabakah.net.sa.
817shabakah.com.sa. 3600 IN NS ns4.shabakah.net.sa.
818
819;; AUTHORITY SECTION:
820shabakah.com.sa. 3600 IN NS ns1.shabakah.net.sa.
821shabakah.com.sa. 3600 IN NS ns2.shabakah.net.sa.
822shabakah.com.sa. 3600 IN NS ns4.shabakah.net.sa.
823
824;; ADDITIONAL SECTION:
825ns4.shabakah.net.sa. 3549 IN A 40.86.176.26
826
827Received 504 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 661 ms
828########################################################################################################################################
829
830; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace shabakah.com.sa
831;; global options: +cmd
832. 81200 IN NS e.root-servers.net.
833. 81200 IN NS h.root-servers.net.
834. 81200 IN NS i.root-servers.net.
835. 81200 IN NS j.root-servers.net.
836. 81200 IN NS k.root-servers.net.
837. 81200 IN NS l.root-servers.net.
838. 81200 IN NS d.root-servers.net.
839. 81200 IN NS m.root-servers.net.
840. 81200 IN NS f.root-servers.net.
841. 81200 IN NS g.root-servers.net.
842. 81200 IN NS a.root-servers.net.
843. 81200 IN NS c.root-servers.net.
844. 81200 IN NS b.root-servers.net.
845. 81200 IN RRSIG NS 8 0 518400 20190824050000 20190811040000 59944 . U5tZLW1LD49PZHD6FtQTaEJuuIg1G1xtUb3wymW84x5MyFmrSkzud6zh HzuWWMOVTrBMQCcxa8Q0P1enkXk3s33RpF7dED4LynlrZij76tdI18rD LZ7LocZAih1P2Fpdtpnawa1BH2OJ2wScytFyXtp7og3ntcqe0L83petJ cQUG3D4JdkyHQV3/LjWTOTp+73hz8LZEXeSlFX7PLPTPsuAdVwib4+cp tRa3n3MI8Esu7OzjkHprk5SjWVLfCmK60JAQzWYeCEkPeew0q6tbJmSp PmCbjq34U0L4oM9v5gnonyLYmpSUZSjhVwbBww+I6i/xk/YSrTWycz9r ATq7Kw==
846;; Received 525 bytes from 27.50.70.139#53(27.50.70.139) in 321 ms
847
848sa. 172800 IN NS i.nic.net.sa.
849sa. 172800 IN NS n.nic.net.sa.
850sa. 172800 IN NS p.nic.net.sa.
851sa. 172800 IN NS s.nic.net.sa.
852sa. 172800 IN NS s2.nic.net.sa.
853sa. 172800 IN NS ns1.nic.net.sa.
854sa. 172800 IN NS ns2.nic.net.sa.
855sa. 86400 IN DS 30574 8 2 02FC3370C8453439627440B913A8C0A6A4698F9E503F6BBB553D75D7 7E34367E
856sa. 86400 IN RRSIG DS 8 1 86400 20190824050000 20190811040000 59944 . gmrOffBuck3fsEMBZ/bLX4jNsT8qeGgaSccm9spNBnprlYx6NQyZA1qo UmZC9QQxMWahbxPzllCIZbdxZvarC0E6YouOcsKMhoUEySc59XhyAm+T anKyidMhGEj0kr8p0hXo26RWjjryEiZ2LDlVtHbDFwv975ovrFNTm989 KZwFfPc8lItgG4acFaUEcxP8TXi/tdUFAsJPzNkcHLhrDknzRLtQcF/k MHa00aDfrEO7K2CQG2oNvEmo0tkPieELOTynxQyUStKTQtipY5hNOKIs u/gNC1Cha5e7sV8CiWmw+H2DoqngJ6X8lxX9eHYoUl2Huy/Z0hL/EtFd uVSRtA==
857;; Received 812 bytes from 193.0.14.129#53(k.root-servers.net) in 207 ms
858
859shabakah.com.sa. 3600 IN NS ns4.shabakah.net.sa.
860shabakah.com.sa. 3600 IN NS ns2.shabakah.net.sa.
861shabakah.com.sa. 3600 IN NS ns1.shabakah.net.sa.
862637vjl0hq6ee07i8u6qt233t5eemf5ct.com.sa. 3600 IN NSEC3 1 1 5 63938D6D460D499A 7LH6E19PHO05AKRQI4LEKUA8BI1ARORV NS SOA RRSIG DNSKEY NSEC3PARAM
863637vjl0hq6ee07i8u6qt233t5eemf5ct.com.sa. 3600 IN RRSIG NSEC3 8 3 3600 20190820155318 20190806145258 65268 com.sa. bw9oIWMHlhv1rxNmDp8hyp0tr3WFg3+pQMMfePcR8soyKIcjAEGf1two 8r58eyiSHSsUyGkMizDDJDjKT5Gw1FUKMmZ3a070Nowc3cRrc+ZYn17q bb8KAYcG1YvMyQUovjv/I3bc3b2Tlv9aqGXVdjKmMsSk+0euSrXN2B4C MAqRPOSn9EKjaXdfvGG46mhV3HRhgyyRyPOf52t7BMZbAbodnjg/75b6 SJpKrykb5eB1ef8yaBalD6GDe2aK51RdLfiohfhNtp+3ZEZU7TPdPHiQ QbuObZSb6917XeGeLCoaHbGRHdrBp7DgUKit9pIsGX888RFQIZmTNPXv 3K2a5Q==
864dpn5e0e78k2knvdije1u112fnb5r4bt8.com.sa. 3600 IN NSEC3 1 1 5 63938D6D460D499A EGTTDMP82C0SD30RB361OT6U6B4TJ4CV NS DS RRSIG
865dpn5e0e78k2knvdije1u112fnb5r4bt8.com.sa. 3600 IN RRSIG NSEC3 8 3 3600 20190820155218 20190806145258 65268 com.sa. Bd/pzN0Y9cD/fVgcvp8iaN8wFz36RuD3Nfverwbu+tfbF1P+pPnEk6Ij ZEwN856lw3/rHNjBJ/ZVOJvmz+Hl8bMy1SSOX7ETndOYpioetefWWnuR YHtymtStW92wOfkpO6sCYIzmp9w4dc6tGtBx+ZRhL+oD2ZcBVwuRWNmU 8k0rtkZYP61T+X5lFxDxOL9lD9SejLRawycn6j3nqm4ntdSvSG4UoYOR q2SVCBl8r0nOSabvpF4K/stRiLU/7c8pElw4WgDzCcyK23NqoJydc8de QIWII7Kb3JgOCyJV4hbIPThCGkPKtLRWw+2S429PFwv0r2O8t9efPa9G 3aKtTQ==
866;; Received 902 bytes from 37.107.255.170#53(s2.nic.net.sa) in 460 ms
867
868shabakah.com.sa. 3600 IN A 212.102.11.2
869shabakah.com.sa. 3600 IN NS ns1.shabakah.net.sa.
870shabakah.com.sa. 3600 IN NS ns4.shabakah.net.sa.
871shabakah.com.sa. 3600 IN NS ns2.shabakah.net.sa.
872;; Received 175 bytes from 40.86.176.26#53(ns4.shabakah.net.sa) in 310 ms
873########################################################################################################################################
874[*] Performing General Enumeration of Domain: shabakah.com.sa
875[-] DNSSEC is not configured for shabakah.com.sa
876[*] SOA ns1.shabakah.net.sa 212.102.0.2
877[*] NS ns2.shabakah.net.sa 212.102.0.3
878[*] Bind Version for 212.102.0.3 10.2 Ahmed.Java@Gmail.Com
879[*] NS ns4.shabakah.net.sa 40.86.176.26
880[*] Bind Version for 40.86.176.26 10.2 Ahmed.Java@Gmail.Com
881[*] NS ns1.shabakah.net.sa 212.102.0.2
882[*] Bind Version for 212.102.0.2 10.2 By:Ahmed.Java@Gmail.Com
883[*] MX iron.shabakah.net.sa 212.102.0.84
884[*] MX smtp.shabakah.net.sa 212.102.0.88
885[*] A shabakah.com.sa 212.102.11.2
886[*] TXT shabakah.com.sa v=spf1 ip4:212.102.0.41 ip4:212.102.0.84 ip4:212.102.0.88 a:iron.shabakah.net.sa mx ~all
887[*] TXT shabakah.com.sa MS=E38924F26EA3C2AFE7F77BD71A6387AC11409F9B
888[*] TXT shabakah.com.sa google-site-verification=c1wwo6KZ7r9tyfpDusyJkLOkcG3L9yNK__E-UkVa4C8
889[*] Enumerating SRV Records
890[*] SRV _sip._tls.shabakah.com.sa sip.shabakah.com.sa 212.102.11.90 443 0
891[*] SRV _sipfederationtls._tcp.shabakah.com.sa sip.shabakah.com.sa 212.102.11.90 5061 0
892[*] SRV _xmpp-server._tcp.shabakah.com.sa sip.shabakah.com.sa 212.102.11.90 5269 0
893[*] SRV _autodiscover._tcp.shabakah.com.sa mail.shabakah.com.sa 212.102.0.41 443 0
894[+] 4 Records Found
895########################################################################################################################################
896[*] Processing domain shabakah.com.sa
897[*] Using system resolvers ['27.50.70.139', '38.132.106.139', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
898[+] Getting nameservers
899212.102.0.3 - ns2.shabakah.net.sa
90040.86.176.26 - ns4.shabakah.net.sa
901212.102.0.2 - ns1.shabakah.net.sa
902[-] Zone transfer failed
903
904[+] TXT records found
905"v=spf1 ip4:212.102.0.41 ip4:212.102.0.84 ip4:212.102.0.88 a:iron.shabakah.net.sa mx ~all"
906"MS=E38924F26EA3C2AFE7F77BD71A6387AC11409F9B"
907"google-site-verification=c1wwo6KZ7r9tyfpDusyJkLOkcG3L9yNK__E-UkVa4C8"
908
909[+] MX records found, added to target list
91010 iron.shabakah.net.sa.
91120 smtp.shabakah.net.sa.
912
913[*] Scanning shabakah.com.sa for A records
914212.102.11.2 - shabakah.com.sa
915212.102.0.41 - autodiscover.shabakah.com.sa
916212.102.11.92 - av.shabakah.com.sa
917212.102.0.126 - cloud.shabakah.com.sa
918212.102.0.60 - crm.shabakah.com.sa
919212.102.11.2 - demo.shabakah.com.sa
920212.102.0.123 - dialin.shabakah.com.sa
921212.102.0.121 - fb.shabakah.com.sa
922212.102.11.2 - jobs.shabakah.com.sa
923212.102.0.123 - lyncdiscover.shabakah.com.sa
924212.102.0.41 - mail.shabakah.com.sa
925212.102.0.123 - meet.shabakah.com.sa
926212.102.11.103 - office.shabakah.com.sa
927212.102.11.62 - portal.shabakah.com.sa
928212.102.11.90 - sip.shabakah.com.sa
929212.102.0.121 - test.shabakah.com.sa
93041.33.171.198 - testsite.shabakah.com.sa
931212.102.11.91 - webconf.shabakah.com.sa
932212.102.11.2 - www.shabakah.com.sa
933########################################################################################################################################
934
935
936
937 AVAILABLE PLUGINS
938 -----------------
939
940 OpenSslCipherSuitesPlugin
941 HeartbleedPlugin
942 RobotPlugin
943 CompressionPlugin
944 HttpHeadersPlugin
945 FallbackScsvPlugin
946 OpenSslCcsInjectionPlugin
947 SessionRenegotiationPlugin
948 EarlyDataPlugin
949 SessionResumptionPlugin
950 CertificateInfoPlugin
951
952
953
954 CHECKING HOST(S) AVAILABILITY
955 -----------------------------
956
957 212.102.11.2:443 => 212.102.11.2
958
959
960
961
962 SCAN RESULTS FOR 212.102.11.2:443 - 212.102.11.2
963 ------------------------------------------------
964
965 * TLS 1.2 Session Resumption Support:
966 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
967 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
968
969 * ROBOT Attack:
970 OK - Not vulnerable
971
972 * TLSV1_1 Cipher Suites:
973 Forward Secrecy OK - Supported
974 RC4 OK - Not Supported
975
976 Preferred:
977 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
978 Accepted:
979 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
980 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
981 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
982 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
983 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
984 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
985 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
986 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
987 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
988
989 * Certificate Information:
990 Content
991 SHA1 Fingerprint: 29eeb01f5148e3e1e5859f6d23013f41d595745a
992 Common Name: *.nhic.gov.sa
993 Issuer: DigiCert SHA2 Secure Server CA
994 Serial Number: 3105000904663805404888365771025906156
995 Not Before: 2018-09-25 00:00:00
996 Not After: 2019-10-04 12:00:00
997 Signature Algorithm: sha256
998 Public Key Algorithm: RSA
999 Key Size: 2048
1000 Exponent: 65537 (0x10001)
1001 DNS Subject Alternative Names: ['*.nhic.gov.sa', 'nhic.gov.sa']
1002
1003 Trust
1004 Hostname Validation: FAILED - Certificate does NOT match 212.102.11.2
1005 Android CA Store (9.0.0_r9): OK - Certificate is trusted
1006 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1007 Java CA Store (jdk-11.0.2): OK - Certificate is trusted
1008 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1009 Mozilla CA Store (2018-11-22): OK - Certificate is trusted
1010 OPENJDK CA Store (jdk-11.0.2): OK - Certificate is trusted
1011 Windows CA Store (2018-12-08): OK - Certificate is trusted
1012 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
1013 Received Chain: *.nhic.gov.sa --> DigiCert SHA2 Secure Server CA --> DigiCert Global Root CA
1014 Verified Chain: *.nhic.gov.sa --> DigiCert SHA2 Secure Server CA --> DigiCert Global Root CA
1015 Received Chain Contains Anchor: WARNING - Received certificate chain contains the anchor certificate
1016 Received Chain Order: OK - Order is valid
1017 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
1018
1019 Extensions
1020 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1021 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
1022
1023 OCSP Stapling
1024 NOT SUPPORTED - Server did not send back an OCSP response
1025
1026 * OpenSSL Heartbleed:
1027 OK - Not vulnerable to Heartbleed
1028
1029 * Deflate Compression:
1030 OK - Compression disabled
1031
1032 * TLSV1_2 Cipher Suites:
1033 Forward Secrecy OK - Supported
1034 RC4 OK - Not Supported
1035
1036 Preferred:
1037 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1038 Accepted:
1039 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1040 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
1041 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1042 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
1043 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
1044 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1045 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1046 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1047 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 403 Forbidden
1048 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1049 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
1050 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
1051 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1052 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1053 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1054 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
1055 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1056 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
1057 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
1058 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1059 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1060 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1061
1062 * SSLV2 Cipher Suites:
1063 Server rejected all cipher suites.
1064
1065 * Downgrade Attacks:
1066 TLS_FALLBACK_SCSV: OK - Supported
1067
1068 * OpenSSL CCS Injection:
1069 OK - Not vulnerable to OpenSSL CCS injection
1070
1071 * Session Renegotiation:
1072 Client-initiated Renegotiation: OK - Rejected
1073 Secure Renegotiation: OK - Supported
1074
1075 * SSLV3 Cipher Suites:
1076 Server rejected all cipher suites.
1077
1078 * TLSV1_3 Cipher Suites:
1079 Server rejected all cipher suites.
1080
1081 * TLSV1 Cipher Suites:
1082 Forward Secrecy OK - Supported
1083 RC4 OK - Not Supported
1084
1085 Preferred:
1086 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1087 Accepted:
1088 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1089 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1090 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1091 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1092 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1093 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1094 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1095 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1096 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1097
1098
1099 SCAN COMPLETED IN 40.86 S
1100 -------------------------
1101#######################################################################################################################################
1102dnsenum VERSION:1.2.4
1103
1104----- shabakah.com.sa -----
1105
1106
1107Host's addresses:
1108__________________
1109
1110shabakah.com.sa. 3597 IN A 212.102.11.2
1111
1112
1113Name Servers:
1114______________
1115
1116ns1.shabakah.net.sa. 2551 IN A 212.102.0.2
1117ns4.shabakah.net.sa. 328 IN A 40.86.176.26
1118ns2.shabakah.net.sa. 328 IN A 212.102.0.3
1119
1120
1121Mail (MX) Servers:
1122___________________
1123
1124iron.shabakah.net.sa. 327 IN A 212.102.0.84
1125smtp.shabakah.net.sa. 327 IN A 212.102.0.88
1126
1127
1128Trying Zone Transfers and getting Bind Versions:
1129_________________________________________________
1130
1131
1132Trying Zone Transfer for shabakah.com.sa on ns1.shabakah.net.sa ...
1133
1134Trying Zone Transfer for shabakah.com.sa on ns4.shabakah.net.sa ...
1135
1136Trying Zone Transfer for shabakah.com.sa on ns2.shabakah.net.sa ...
1137
1138brute force file not specified, bay.
1139########################################################################################################################################
1140% SaudiNIC Whois server.
1141% Rights restricted by copyright.
1142% http://nic.sa/en/view/whois-cmd-copyright
1143
1144Domain Name: shabakah.com.sa
1145
1146 Registrant:
1147 Shabakah Net مؤسسه نظام الشبكه لخدمه الانترنت
1148 Address: لا يوجد
1149 Riyadh الرياض
1150 Saudi Arabia المملكة العربية السعودية
1151
1152 Administrative Contact:
1153 Khaled Saleh ******** ******** **************
1154 Address: *******
1155 *************
1156 *************************************
1157
1158 Technical Contact:
1159 Bobby Mathews ******
1160 Address: *******
1161 *************
1162 *************************************
1163
1164 Name Servers:
1165 ns1.shabakah.net.sa
1166 ns2.shabakah.net.sa
1167 ns4.shabakah.net.sa
1168
1169Created on: 2000-04-14
1170Last Updated on: 2017-05-25
1171########################################################################################################################################
1172[3/100] http://mawani.shabakah.com.sa/ar-sa/Employees/Documents/userguid_emp.pdf
1173[4/100] https://tamm.shabakah.com.sa/Files/%25D8%25A7%25D8%25B3%25D8%25B9%25D8%25A7%25D8%25B1%2520%25D8%25AA%25D9%2585.pdf
1174 [x] Error in the parsing process
1175[5/100] http://mawani.shabakah.com.sa/ar-sa/Employees/Documents/userguid_VPN.pdf
1176[6/100] https://tamm.shabakah.com.sa/Files/%25D9%2586%25D9%2585%25D9%2588%25D8%25B0%25D8%25AC%2520%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A9%2520%25D8%25AA%25D9%2585.pdf
1177 [x] Error in the parsing process
1178[7/100] http://mawani.shabakah.com.sa/ar-sa/Employees/Documents/invoicestep.pdf
1179[8/100] https://muqeem.shabakah.com.sa/Files/%25D9%2586%25D9%2585%25D9%2588%25D8%25B0%25D8%25AC%2520%25D9%2585%25D9%2582%25D9%258A%25D9%2585%2520%25D9%2585%25D9%2586%25D8%25B4%25D8%25A7%25D8%25AA.pdf
1180 [x] Error in the parsing process
1181[9/100] http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Documents/%25D8%25AA%25D9%2585%25D9%2587%25D9%258A%25D8%25AF.pdf
1182 [x] Error in the parsing process
1183[10/100] https://muqeem.shabakah.com.sa/Files/%25D8%25AD%25D8%25B0%25D9%2581%2520%25D9%2588%25D8%25A5%25D8%25B6%25D8%25A7%25D9%2581%25D8%25A9%2520%25D9%2585%25D9%2582%25D9%258A%25D9%2585.pdf
1184 [x] Error in the parsing process
1185[11/100] http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Documents/%25D8%25AA%25D8%25B9%25D8%25B1%25D9%258A%25D9%2580%25D9%2580%25D9%2581%2520%25D9%2585%25D8%25B5%25D8%25B7%25D9%2584%25D8%25AD%25D8%25A7%25D8%25AA.pdf
1186 [x] Error in the parsing process
1187[12/100] http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Documents/%25D8%25AA%25D8%25B9%25D8%25B1%25D9%258A%25D9%2581%25D8%25A7%25D8%25AA.pdf
1188 [x] Error in the parsing process
1189[13/100] https://tamm.shabakah.com.sa/Files/%25D8%25AD%25D8%25B0%25D9%2581%2520%25D9%2588%25D8%25A5%25D8%25B6%25D8%25A7%25D9%2581%25D8%25A9%2520%25D8%25AA%25D9%2585.pdf
1190 [x] Error in the parsing process
1191[14/100] http://mawani.shabakah.com.sa/ar-sa/Aboutus/Documents/%25D8%25A2%25D9%2584%25D9%258A%25D8%25A9%2520%25D8%25A7%25D9%2584%25D9%2583%25D8%25B4%25D9%2581%2520%25D8%25A7%25D9%2584%25D8%25AC%25D9%2585%25D8%25B1%25D9%2583%25D9%258A.pdf
1192 [x] Error in the parsing process
1193[15/100] http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Documents/%25D8%25A7%25D9%2584%25D8%25AA%25D8%25B7%25D8%25A8%25D9%258A%25D9%2582%2520%25D9%2588%25D8%25A7%25D9%2584%25D8%25AD%25D8%25AF%2520%25D8%25A7%25D9%2584%25D8%25A3%25D8%25AF%25D9%2586%25D9%2589%2520%25D9%2584%25D9%2584%25D9%2585%25D8%25B9%25D8%25A7%25D9%258A%25D9%258A%25D8%25B1.pdf
1194 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Documents/%25D8%25A7%25D9%2584%25D8%25AA%25D8%25B7%25D8%25A8%25D9%258A%25D9%2582%2520%25D9%2588%25D8%25A7%25D9%2584%25D8%25AD%25D8%25AF%2520%25D8%25A7%25D9%2584%25D8%25A3%25D8%25AF%25D9%2586%25D9%2589%2520%25D9%2584%25D9%2584%25D9%2585%25D8%25B9%25D8%25A7%25D9%258A%25D9%258A%25D8%25B1.pdf
1195[16/100] http://mawani.shabakah.com.sa/ar-sa/SAPorts/jeddah/portnews/Documents/%25D8%25A7%25D8%25B3%25D8%25AA%25D9%2585%25D8%25A7%25D8%25B1%25D8%25A9%2520%25D8%25AA%25D8%25B1%25D8%25B4%25D9%258A%25D8%25AD.pdf
1196 [x] Error in the parsing process
1197[17/100] http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Documents/%25D8%25AC%25D8%25AF%25D9%2588%25D9%2584%2520%25D8%25A3%25D8%25AC%25D9%2588%25D8%25B1%2520%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A7%25D8%25AA%2520%25D8%25A8%25D8%25B6%25D8%25A7%25D8%25A6%25D8%25B9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D8%25B1%25D8%25A7%25D9%2586%25D8%25B2%25D9%258A%25D8%25AA%2520%25D9%2588%25D8%25A7%25D9%2584%25D9%2585%25D8%25B3%25D8%25A7%25D9%2581%25D9%2586%25D8%25A9.pdf
1198 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Documents/%25D8%25AC%25D8%25AF%25D9%2588%25D9%2584%2520%25D8%25A3%25D8%25AC%25D9%2588%25D8%25B1%2520%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A7%25D8%25AA%2520%25D8%25A8%25D8%25B6%25D8%25A7%25D8%25A6%25D8%25B9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D8%25B1%25D8%25A7%25D9%2586%25D8%25B2%25D9%258A%25D8%25AA%2520%25D9%2588%25D8%25A7%25D9%2584%25D9%2585%25D8%25B3%25D8%25A7%25D9%2581%25D9%2586%25D8%25A9.pdf
1199[18/100] http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Documents/%25D9%2585%25D9%2584%25D8%25AD%25D9%2582%2520%25D9%2584%25D9%2584%25D8%25AC%25D8%25AF%25D9%2588%25D9%2584%2520(%25D8%25A8)%2520%25D8%25A3%25D8%25AC%25D9%2588%25D8%25B1%2520%25D8%25A7%25D9%2584%25D9%2585%25D8%25B9%25D8%25AF%25D8%25A7%25D8%25AA%2520%25D9%2588%25D8%25A7%25D9%2584%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A7%25D8%25AA.pdf
1200 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Documents/%25D9%2585%25D9%2584%25D8%25AD%25D9%2582%2520%25D9%2584%25D9%2584%25D8%25AC%25D8%25AF%25D9%2588%25D9%2584%2520(%25D8%25A8)%2520%25D8%25A3%25D8%25AC%25D9%2588%25D8%25B1%2520%25D8%25A7%25D9%2584%25D9%2585%25D8%25B9%25D8%25AF%25D8%25A7%25D8%25AA%2520%25D9%2588%25D8%25A7%25D9%2584%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A7%25D8%25AA.pdf
1201[19/100] http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D9%2585%25D9%2584%25D8%25AD%25D9%2582%2520%25D9%2585%25D8%25A4%25D8%25B4%25D8%25B1%25D8%25A7%25D8%25AA%2520%25D8%25A7%25D9%2584%25D8%25A7%25D8%25AF%25D8%25A7%25D8%25A1.pdf
1202 [x] Error in the parsing process
1203[20/100] http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D9%2585%25D9%2584%25D8%25AD%25D9%2582%2520%25D8%25A7%25D9%2584%25D9%2585%25D8%25AE%25D8%25A7%25D9%2584%25D9%2581%25D8%25A7%25D8%25AA%2520%25D9%2588%25D8%25A7%25D9%2584%25D8%25AC%25D8%25B2%25D8%25A7%25D8%25A1%25D8%25A7%25D8%25AA%2520%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1.pdf
1204 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D9%2585%25D9%2584%25D8%25AD%25D9%2582%2520%25D8%25A7%25D9%2584%25D9%2585%25D8%25AE%25D8%25A7%25D9%2584%25D9%2581%25D8%25A7%25D8%25AA%2520%25D9%2588%25D8%25A7%25D9%2584%25D8%25AC%25D8%25B2%25D8%25A7%25D8%25A1%25D8%25A7%25D8%25AA%2520%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1.pdf
1205[21/100] http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586%2520%25D8%25A7%25D9%2584%25D8%25B9%25D8%25A7%25D9%2585%25D9%2584%25D9%258A%25D9%2586%2520%25D8%25A8%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25A7%25D9%2586%25D8%25A6.pdf
1206 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586%2520%25D8%25A7%25D9%2584%25D8%25B9%25D8%25A7%25D9%2585%25D9%2584%25D9%258A%25D9%2586%2520%25D8%25A8%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25A7%25D9%2586%25D8%25A6.pdf
1207[22/100] http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D8%25AE%25D8%25B7%25D8%25A7%25D8%25A8%2520%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1.pdf
1208 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/Documents/%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D9%2584%25D8%25A8%25D8%25AD%25D8%25B1%25D9%258A%25D9%258A%25D9%2586/%25D8%25AE%25D8%25B7%25D8%25A7%25D8%25A8%2520%25D8%25A7%25D9%2584%25D9%2584%25D8%25A7%25D8%25A6%25D8%25AD%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D9%2586%25D8%25B8%25D9%258A%25D9%2585%25D9%258A%25D8%25A9%2520%25D9%2584%25D9%2584%25D9%2588%25D9%2583%25D9%2584%25D8%25A7%25D8%25A1.pdf
1209[23/100] http://mawani.shabakah.com.sa/ar-sa/Employees/Documents/%25D8%25A7%25D9%2584%25D8%25AF%25D9%2584%25D9%258A%25D9%2584%2520%25D8%25A7%25D9%2584%25D8%25A5%25D8%25B1%25D8%25B4%25D8%25A7%25D8%25AF%25D9%258A%2520%25D9%2584%25D8%25B9%25D9%2585%25D9%2584%2520%25D8%25A7%25D8%25B9%25D8%25AF%25D8%25A7%25D8%25AF%25D8%25A7%25D8%25AA%2520%25D8%25A7%25D9%2584%25D8%25AC%25D8%25A7%25D9%2581%25D8%25A7%2520%25D8%25A7%25D9%2584%25D8%25AE%25D8%25A7%25D8%25B5%25D8%25A9%2520%25D8%25A8%25D8%25A7%25D9%2584%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A7%25D8%25AA%2520%25D8%25B9%25D9%2584%25D9%2589%2520%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D9%2582%25D8%25B9%2520%25D8%25A7%25D9%2584%25D8%25AC%25D8%25AF%25D9%258A%25D8%25AF.pdf
1210 [x] Error downloading http://mawani.shabakah.com.sa/ar-sa/Employees/Documents/%25D8%25A7%25D9%2584%25D8%25AF%25D9%2584%25D9%258A%25D9%2584%2520%25D8%25A7%25D9%2584%25D8%25A5%25D8%25B1%25D8%25B4%25D8%25A7%25D8%25AF%25D9%258A%2520%25D9%2584%25D8%25B9%25D9%2585%25D9%2584%2520%25D8%25A7%25D8%25B9%25D8%25AF%25D8%25A7%25D8%25AF%25D8%25A7%25D8%25AA%2520%25D8%25A7%25D9%2584%25D8%25AC%25D8%25A7%25D9%2581%25D8%25A7%2520%25D8%25A7%25D9%2584%25D8%25AE%25D8%25A7%25D8%25B5%25D8%25A9%2520%25D8%25A8%25D8%25A7%25D9%2584%25D8%25AE%25D8%25AF%25D9%2585%25D8%25A7%25D8%25AA%2520%25D8%25B9%25D9%2584%25D9%2589%2520%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D9%2582%25D8%25B9%2520%25D8%25A7%25D9%2584%25D8%25AC%25D8%25AF%25D9%258A%25D8%25AF.pdf
1211==================================================================================================================================
1212
1213[+] List of users found:
1214--------------------------
1215Mahmoud AlBaroudi
1216Mahmoud Turbak
1217
1218[+] List of software found:
1219-----------------------------
1220��Microsoft� Word 2013
1221��Microsoft� Word 2016
1222=======================================================================================================================================
1223########################################################################################################################################
1224[-] Enumerating subdomains now for shabakah.com.sa
1225[-] verbosity is enabled, will show the subdomains results in realtime
1226[-] Searching now in Baidu..
1227[-] Searching now in Yahoo..
1228[-] Searching now in Google..
1229[-] Searching now in Bing..
1230[-] Searching now in Ask..
1231[-] Searching now in Netcraft..
1232[-] Searching now in DNSdumpster..
1233[-] Searching now in Virustotal..
1234[-] Searching now in ThreatCrowd..
1235[-] Searching now in SSL Certificates..
1236[-] Searching now in PassiveDNS..
1237ThreatCrowd: meet.shabakah.com.sa
1238SSL Certificates: cloud.shabakah.com.sa
1239SSL Certificates: mail.testsrv.shabakah.com.sa
1240SSL Certificates: testsrv.shabakah.com.sa
1241SSL Certificates: www.testsrv.shabakah.com.sa
1242SSL Certificates: office.shabakah.com.sa
1243SSL Certificates: autodiscover.shabakah.com.sa
1244SSL Certificates: mail.shabakah.com.sa
1245SSL Certificates: web27.shabakah.com.sa
1246SSL Certificates: av.shabakah.com.sa
1247SSL Certificates: sip.shabakah.com.sa
1248SSL Certificates: webconf.shabakah.com.sa
1249SSL Certificates: dialin.shabakah.com.sa
1250SSL Certificates: edgepool.shabakah.com.sa
1251SSL Certificates: lyncadmin.shabakah.com.sa
1252SSL Certificates: LyncdiscoverInternal.shabakah.com.sa
1253SSL Certificates: Lyncdiscover.shabakah.com.sa
1254SSL Certificates: lyncpool.shabakah.com.sa
1255SSL Certificates: meet.shabakah.com.sa
1256SSL Certificates: RUH-Lync-01.shabakah.com.sa
1257SSL Certificates: Ruh-Lync-02.shabakah.com.sa
1258SSL Certificates: ruh-lync-was.shabakah.com.sa
1259SSL Certificates: lyncdiscoverinternal.shabakah.com.sa
1260SSL Certificates: lyncdiscover.shabakah.com.sa
1261SSL Certificates: ruh-lync-01.shabakah.com.sa
1262SSL Certificates: ruh-lync-02.shabakah.com.sa
1263SSL Certificates: mail-01.shabakah.com.sa
1264SSL Certificates: mail-03.shabakah.com.sa
1265SSL Certificates: mail-02.shabakah.com.sa
1266SSL Certificates: exchange.shabakah.com.sa
1267SSL Certificates: exchum1.shabakah.com.sa
1268SSL Certificates: lyncfe4.shabakah.com.sa
1269Bing: hc.shabakah.com.sa
1270Bing: mawani.shabakah.com.sa
1271Bing: ess.shabakah.com.sa
1272Bing: muqeem.shabakah.com.sa
1273Bing: tamm.shabakah.com.sa
1274Bing: jobs.shabakah.com.sa
1275Yahoo: tamm.shabakah.com.sa
1276Yahoo: muqeem.shabakah.com.sa
1277Yahoo: www.shabakah.com.sa
1278Yahoo: mawani.shabakah.com.sa
1279Yahoo: jobs.shabakah.com.sa
1280Yahoo: ess.shabakah.com.sa
1281Yahoo: hc.shabakah.com.sa
1282DNSdumpster: edgepool.shabakah.com.sa
1283DNSdumpster: ruh-lync-was.shabakah.com.sa
1284DNSdumpster: lyncpool.shabakah.com.sa
1285DNSdumpster: av.shabakah.com.sa
1286DNSdumpster: testsrv.shabakah.com.sa
1287DNSdumpster: mail.shabakah.com.sa
1288DNSdumpster: autodiscover.shabakah.com.sa
1289DNSdumpster: sip.shabakah.com.sa
1290DNSdumpster: office.shabakah.com.sa
1291DNSdumpster: dialin.shabakah.com.sa
1292DNSdumpster: lyncdiscover.shabakah.com.sa
1293DNSdumpster: webconf.shabakah.com.sa
1294DNSdumpster: web44.shabakah.com.sa
1295DNSdumpster: www.shabakah.com.sa
1296DNSdumpster: mail-03.shabakah.com.sa
1297DNSdumpster: jobs.shabakah.com.sa
1298DNSdumpster: cloud.shabakah.com.sa
1299DNSdumpster: meet.shabakah.com.sa
1300[-] Saving results to file: /usr/share/sniper/loot/workspace/shabakah.com.sa/domains/domains-shabakah.com.sa.txt
1301[-] Total Unique Subdomains Found: 39
1302www.shabakah.com.sa
1303Lyncdiscover.shabakah.com.sa
1304LyncdiscoverInternal.shabakah.com.sa
1305RUH-Lync-01.shabakah.com.sa
1306Ruh-Lync-02.shabakah.com.sa
1307autodiscover.shabakah.com.sa
1308av.shabakah.com.sa
1309cloud.shabakah.com.sa
1310dialin.shabakah.com.sa
1311edgepool.shabakah.com.sa
1312ess.shabakah.com.sa
1313exchange.shabakah.com.sa
1314exchum1.shabakah.com.sa
1315hc.shabakah.com.sa
1316jobs.shabakah.com.sa
1317lyncadmin.shabakah.com.sa
1318lyncdiscover.shabakah.com.sa
1319lyncdiscoverinternal.shabakah.com.sa
1320lyncfe4.shabakah.com.sa
1321lyncpool.shabakah.com.sa
1322mail.shabakah.com.sa
1323mail-01.shabakah.com.sa
1324mail-02.shabakah.com.sa
1325mail-03.shabakah.com.sa
1326mawani.shabakah.com.sa
1327meet.shabakah.com.sa
1328muqeem.shabakah.com.sa
1329office.shabakah.com.sa
1330ruh-lync-01.shabakah.com.sa
1331ruh-lync-02.shabakah.com.sa
1332ruh-lync-was.shabakah.com.sa
1333sip.shabakah.com.sa
1334tamm.shabakah.com.sa
1335testsrv.shabakah.com.sa
1336www.testsrv.shabakah.com.sa
1337mail.testsrv.shabakah.com.sa
1338web27.shabakah.com.sa
1339web44.shabakah.com.sa
1340webconf.shabakah.com.sa
1341########################################################################################################################################
1342shabakah.com.sa,212.102.11.2
1343cloud.shabakah.com.sa,212.102.0.126
1344mail.shabakah.com.sa,212.102.0.41
1345testsrv.shabakah.com.sa,212.102.0.114
1346autodiscover.shabakah.com.sa,212.102.0.41
1347sip.shabakah.com.sa,212.102.11.90
1348office.shabakah.com.sa,212.102.11.103
1349av.shabakah.com.sa,212.102.11.92
1350webconf.shabakah.com.sa,212.102.11.91
1351lyncpool.shabakah.com.sa,212.102.0.123
1352meet.shabakah.com.sa,212.102.0.123
1353dialin.shabakah.com.sa,212.102.0.123
1354edgepool.shabakah.com.sa,212.102.11.90
1355mail-03.shabakah.com.sa,212.102.0.41
1356lyncdiscover.shabakah.com.sa,212.102.0.123
1357ruh-lync-was.shabakah.com.sa,212.102.0.123
1358web44.shabakah.com.sa,212.102.11.47
1359demo.shabakah.com.sa,212.102.11.2
1360crm.shabakah.com.sa,212.102.0.60
1361tamm.shabakah.com.sa,212.102.11.2
1362lb.shabakah.com.sa,212.102.11.56
1363hc.shabakah.com.sa,212.102.11.2
1364jobs.shabakah.com.sa,212.102.11.2
1365muqeem.shabakah.com.sa,212.102.11.2
1366ess.shabakah.com.sa,212.102.11.2
1367www.shabakah.com.sa,212.102.11.2
1368mawani.shabakah.com.sa,212.102.11.2
1369prtg.shabakah.com.sa,212.102.11.2
1370portal.shabakah.com.sa,212.102.11.62
1371testsite.shabakah.com.sa,41.33.171.198
1372test.shabakah.com.sa,212.102.0.121
1373portal2.shabakah.com.sa,212.102.11.62
1374#########################################################################################################################################
1375===============================================
1376-=Subfinder v1.1.3 github.com/subfinder/subfinder
1377===============================================
1378
1379
1380Running Source: Ask
1381Running Source: Archive.is
1382Running Source: Baidu
1383Running Source: Bing
1384Running Source: CertDB
1385Running Source: CertificateTransparency
1386Running Source: Certspotter
1387Running Source: Commoncrawl
1388Running Source: Crt.sh
1389Running Source: Dnsdb
1390Running Source: DNSDumpster
1391Running Source: DNSTable
1392Running Source: Dogpile
1393Running Source: Exalead
1394Running Source: Findsubdomains
1395Running Source: Googleter
1396Running Source: Hackertarget
1397Running Source: Ipv4Info
1398Running Source: PTRArchive
1399Running Source: Sitedossier
1400Running Source: Threatcrowd
1401Running Source: ThreatMiner
1402Running Source: WaybackArchive
1403Running Source: Yahoo
1404
1405Running enumeration on shabakah.com.sa
1406
1407dnsdb: Unexpected return status 503
1408
1409waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.shabakah.com.sa/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
1410
1411
1412Starting Bruteforcing of shabakah.com.sa with 9985 words
1413
1414Total 68 Unique subdomains found for shabakah.com.sa
1415
1416.shabakah.com.sa
1417Lyncdiscover.shabakah.com.sa
1418LyncdiscoverInternal.shabakah.com.sa
1419RUH-Lync-01.shabakah.com.sa
1420Ruh-Lync-02.shabakah.com.sa
1421autodiscover.shabakah.com.sa
1422autodiscover.shabakah.com.sa
1423av.shabakah.com.sa
1424av.shabakah.com.sa
1425cloud.shabakah.com.sa
1426cloud.shabakah.com.sa
1427cptest.shabakah.com.sa
1428crm.shabakah.com.sa
1429demo.shabakah.com.sa
1430dialin.shabakah.com.sa
1431dialin.shabakah.com.sa
1432edgepool.shabakah.com.sa
1433ess.shabakah.com.sa
1434ess.shabakah.com.sa
1435exchange.shabakah.com.sa
1436exchum1.shabakah.com.sa
1437fb.shabakah.com.sa
1438hc.shabakah.com.sa
1439hc.shabakah.com.sa
1440jobs.shabakah.com.sa
1441jobs.shabakah.com.sa
1442lb.shabakah.com.sa
1443lyncadmin.shabakah.com.sa
1444lyncdiscover.shabakah.com.sa
1445lyncdiscover.shabakah.com.sa
1446lyncdiscoverinternal.shabakah.com.sa
1447lyncfe4.shabakah.com.sa
1448lyncpool.shabakah.com.sa
1449mail-01.shabakah.com.sa
1450mail-02.shabakah.com.sa
1451mail-03.shabakah.com.sa
1452mail.shabakah.com.sa
1453mail.shabakah.com.sa
1454mail.testsrv.shabakah.com.sa
1455mawani.shabakah.com.sa
1456meet.shabakah.com.sa
1457meet.shabakah.com.sa
1458muqeem.shabakah.com.sa
1459office.shabakah.com.sa
1460office.shabakah.com.sa
1461owa.shabakah.com.sa
1462portal.shabakah.com.sa
1463portal2.shabakah.com.sa
1464prtg.shabakah.com.sa
1465ruh-lync-01.shabakah.com.sa
1466ruh-lync-02.shabakah.com.sa
1467ruh-lync-was.shabakah.com.sa
1468sip.shabakah.com.sa
1469sip.shabakah.com.sa
1470sipexternal.shabakah.com.sa
1471sms2.shabakah.com.sa
1472tamm.shabakah.com.sa
1473test.shabakah.com.sa
1474testsite.shabakah.com.sa
1475testsrv.shabakah.com.sa
1476vcenter.shabakah.com.sa
1477web27.shabakah.com.sa
1478web44.shabakah.com.sa
1479webconf.shabakah.com.sa
1480webconf.shabakah.com.sa
1481www.shabakah.com.sa
1482www.shabakah.com.sa
1483www.testsrv.shabakah.com.sa
1484########################################################################################################################################
1485[*] Processing domain shabakah.com.sa
1486[*] Using system resolvers ['27.50.70.139', '38.132.106.139', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1487[+] Getting nameservers
1488212.102.0.3 - ns2.shabakah.net.sa
1489212.102.0.2 - ns1.shabakah.net.sa
149040.86.176.26 - ns4.shabakah.net.sa
1491[-] Zone transfer failed
1492
1493[+] TXT records found
1494"google-site-verification=c1wwo6KZ7r9tyfpDusyJkLOkcG3L9yNK__E-UkVa4C8"
1495"MS=E38924F26EA3C2AFE7F77BD71A6387AC11409F9B"
1496"v=spf1 ip4:212.102.0.41 ip4:212.102.0.84 ip4:212.102.0.88 a:iron.shabakah.net.sa mx ~all"
1497
1498[+] MX records found, added to target list
149910 iron.shabakah.net.sa.
150020 smtp.shabakah.net.sa.
1501
1502[*] Scanning shabakah.com.sa for A records
1503212.102.11.2 - shabakah.com.sa
1504212.102.0.41 - autodiscover.shabakah.com.sa
1505212.102.11.92 - av.shabakah.com.sa
1506212.102.0.60 - crm.shabakah.com.sa
1507212.102.11.2 - demo.shabakah.com.sa
1508212.102.11.2 - jobs.shabakah.com.sa
1509212.102.11.56 - lb.shabakah.com.sa
1510212.102.0.41 - mail.shabakah.com.sa
1511212.102.11.103 - office.shabakah.com.sa
1512212.102.11.62 - portal.shabakah.com.sa
1513212.102.0.121 - test.shabakah.com.sa
151441.33.171.198 - testsite.shabakah.com.sa
1515212.102.11.2 - www.shabakah.com.sa
1516########################################################################################################################################
1517
1518autodiscover.shabakah.com.sa
1519av.shabakah.com.sa
1520cloud.shabakah.com.sa
1521dialin.shabakah.com.sa
1522edgepool.shabakah.com.sa
1523exchange.shabakah.com.sa
1524exchum1.shabakah.com.sa
1525lyncadmin.shabakah.com.sa
1526LyncdiscoverInternal.shabakah.com.sa
1527lyncdiscoverinternal.shabakah.com.sa
1528Lyncdiscover.shabakah.com.sa
1529lyncdiscover.shabakah.com.sa
1530lyncfe4.shabakah.com.sa
1531lyncpool.shabakah.com.sa
1532mail-01.shabakah.com.sa
1533mail-02.shabakah.com.sa
1534mail-03.shabakah.com.sa
1535mail.shabakah.com.sa
1536mail.testsrv.shabakah.com.sa
1537meet.shabakah.com.sa
1538office.shabakah.com.sa
1539RUH-Lync-01.shabakah.com.sa
1540ruh-lync-01.shabakah.com.sa
1541Ruh-Lync-02.shabakah.com.sa
1542ruh-lync-02.shabakah.com.sa
1543ruh-lync-was.shabakah.com.sa
1544*.shabakah.com.sa
1545sip.shabakah.com.sa
1546testsrv.shabakah.com.sa
1547web27.shabakah.com.sa
1548webconf.shabakah.com.sa
1549www.testsrv.shabakah.com.sa
1550#########################################################################################################################################
1551autodiscover.shabakah.com.sa
1552av.shabakah.com.sa
1553cloud.shabakah.com.sa
1554dialin.shabakah.com.sa
1555edgepool.shabakah.com.sa
1556jobs.shabakah.com.sa
1557lyncdiscover.shabakah.com.sa
1558lyncpool.shabakah.com.sa
1559lync.shabakah.com.sa
1560mail-03.shabakah.com.sa
1561mail.shabakah.com.sa
1562meet.shabakah.com.sa
1563office.shabakah.com.sa
1564ruh-lync-was.shabakah.com.sa
1565sip.shabakah.com.sa
1566testsrv.shabakah.com.sa
1567web44.shabakah.com.sa
1568webconf.shabakah.com.sa
1569www.shabakah.com.sa
1570########################################################################################################################################
1571[*] Found SPF record:
1572[*] v=spf1 ip4:212.102.0.41 ip4:212.102.0.84 ip4:212.102.0.88 a:iron.shabakah.net.sa mx ~all
1573[*] SPF record contains an All item: ~all
1574[*] Found DMARC record:
1575[*] v=DMARC1; p=reject; ruf=mailto:a.abdelsalam@shabakah.com.sa;
1576[-] DMARC policy set to reject
1577[*] Forensics reports will be sent: mailto:a.abdelsalam@shabakah.com.sa
1578[-] Spoofing not possible for shabakah.com.sa
1579########################################################################################################################################
1580[Not Vulnerable] cptest.shabakah.com.sa
1581[Not Vulnerable] domain
1582[Not Vulnerable] exchum1.shabakah.com.sa
1583[Not Vulnerable] mail-01.shabakah.com.sa
1584[Not Vulnerable] lync.shabakah.com.sa
1585[Not Vulnerable] LyncdiscoverInternal.shabakah.com.sa
1586[Not Vulnerable] lyncdiscoverinternal.shabakah.com.sa
1587[Not Vulnerable] mail-02.shabakah.com.sa
1588[Not Vulnerable] mail.testsrv.shabakah.com.sa
1589[Not Vulnerable] lyncfe4.shabakah.com.sa
1590[Not Vulnerable] lyncadmin.shabakah.com.sa
1591[Not Vulnerable] exchange.shabakah.com.sa
1592[Not Vulnerable] hc.shabakah.com.sa
1593[Not Vulnerable] autodiscover.shabakah.com.sa
1594[Not Vulnerable] mail.shabakah.com.sa
1595[Not Vulnerable] ess.shabakah.com.sa
1596[Not Vulnerable] cloud.shabakah.com.sa
1597[Not Vulnerable] mawani.shabakah.com.sa
1598[Not Vulnerable] .shabakah.com.sa
1599[Not Vulnerable] mail-03.shabakah.com.sa
1600[Not Vulnerable] jobs.shabakah.com.sa
1601[Not Vulnerable] *.shabakah.com.sa
1602[Not Vulnerable] owa.shabakah.com.sa
1603[Not Vulnerable] Ruh-Lync-02.shabakah.com.sa
1604[Not Vulnerable] ruh-lync-02.shabakah.com.sa
1605[Not Vulnerable] muqeem.shabakah.com.sa
1606[Not Vulnerable] sms2.shabakah.com.sa
1607[Not Vulnerable] prtg.shabakah.com.sa
1608[Not Vulnerable] lyncdiscover.shabakah.com.sa
1609[Not Vulnerable] dialin.shabakah.com.sa
1610[Not Vulnerable] av.shabakah.com.sa
1611[Not Vulnerable] lyncpool.shabakah.com.sa
1612[Not Vulnerable] Lyncdiscover.shabakah.com.sa
1613[Not Vulnerable] fb.shabakah.com.sa
1614[Not Vulnerable] tamm.shabakah.com.sa
1615[Not Vulnerable] crm.shabakah.com.sa
1616[Not Vulnerable] edgepool.shabakah.com.sa
1617[Not Vulnerable] shabakah.com.sa
1618[Not Vulnerable] testsrv.shabakah.com.sa
1619[Not Vulnerable] web27.shabakah.com.sa
1620[Not Vulnerable] vcenter.shabakah.com.sa
1621[Not Vulnerable] demo.shabakah.com.sa
1622[Not Vulnerable] www.testsrv.shabakah.com.sa
1623[Not Vulnerable] meet.shabakah.com.sa
1624[Not Vulnerable] ruh-lync-was.shabakah.com.sa
1625[Not Vulnerable] sipexternal.shabakah.com.sa
1626[Not Vulnerable] sip.shabakah.com.sa
1627[Not Vulnerable] portal.shabakah.com.sa
1628[Not Vulnerable] www.shabakah.com.sa
1629[Not Vulnerable] test.shabakah.com.sa
1630[Not Vulnerable] testsite.shabakah.com.sa
1631[Not Vulnerable] webconf.shabakah.com.sa
1632[Not Vulnerable] RUH-Lync-01.shabakah.com.sa
1633[Not Vulnerable] ruh-lync-01.shabakah.com.sa
1634[Not Vulnerable] portal2.shabakah.com.sa
1635[Not Vulnerable] lb.shabakah.com.sa
1636[Not Vulnerable] office.shabakah.com.sa
1637[Not Vulnerable] web44.shabakah.com.sa
1638#########################################################################################################################################
1639Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 05:00 EDT
1640Nmap scan report for shabakah.com.sa (212.102.11.2)
1641Host is up (0.53s latency).
1642rDNS record for 212.102.11.2: ruh-firewall.shabakah.net.sa
1643Not shown: 476 filtered ports, 4 closed ports
1644Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1645PORT STATE SERVICE
164680/tcp open http
1647443/tcp open https
16488008/tcp open http
1649########################################################################################################################################
1650Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 05:03 EDT
1651Nmap scan report for shabakah.com.sa (212.102.11.2)
1652Host is up (0.20s latency).
1653rDNS record for 212.102.11.2: ruh-firewall.shabakah.net.sa
1654Not shown: 2 filtered ports
1655PORT STATE SERVICE
165653/udp open|filtered domain
165767/udp open|filtered dhcps
165868/udp open|filtered dhcpc
165969/udp open|filtered tftp
166088/udp open|filtered kerberos-sec
1661123/udp open|filtered ntp
1662139/udp open|filtered netbios-ssn
1663161/udp open|filtered snmp
1664162/udp open|filtered snmptrap
1665389/udp open|filtered ldap
1666500/udp open|filtered isakmp
1667520/udp open|filtered route
16682049/udp open|filtered nfs
1669########################################################################################################################################
1670Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 05:04 EDT
1671NSE: Loaded 162 scripts for scanning.
1672NSE: Script Pre-scanning.
1673Initiating NSE at 05:04
1674Completed NSE at 05:04, 0.00s elapsed
1675Initiating NSE at 05:04
1676Completed NSE at 05:04, 0.00s elapsed
1677Initiating Parallel DNS resolution of 1 host. at 05:04
1678Completed Parallel DNS resolution of 1 host. at 05:04, 0.02s elapsed
1679Initiating SYN Stealth Scan at 05:04
1680Scanning shabakah.com.sa (212.102.11.2) [1 port]
1681Completed SYN Stealth Scan at 05:04, 0.54s elapsed (1 total ports)
1682Initiating Service scan at 05:04
1683Initiating OS detection (try #1) against shabakah.com.sa (212.102.11.2)
1684Retrying OS detection (try #2) against shabakah.com.sa (212.102.11.2)
1685Initiating Traceroute at 05:04
1686Completed Traceroute at 05:04, 3.47s elapsed
1687Initiating Parallel DNS resolution of 18 hosts. at 05:04
1688Completed Parallel DNS resolution of 18 hosts. at 05:04, 0.53s elapsed
1689NSE: Script scanning 212.102.11.2.
1690Initiating NSE at 05:04
1691Completed NSE at 05:04, 0.56s elapsed
1692Initiating NSE at 05:04
1693Completed NSE at 05:04, 0.00s elapsed
1694Nmap scan report for shabakah.com.sa (212.102.11.2)
1695Host is up (0.085s latency).
1696rDNS record for 212.102.11.2: ruh-firewall.shabakah.net.sa
1697
1698PORT STATE SERVICE VERSION
169980/tcp filtered http
1700Too many fingerprints match this host to give specific OS details
1701Network Distance: 20 hops
1702
1703TRACEROUTE (using proto 1/icmp)
1704HOP RTT ADDRESS
17051 211.30 ms 10.248.200.1
17062 211.48 ms 185.242.4.145
17073 211.46 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
17084 211.78 ms ix-xe-4-1-3-0.tcore2.tv2-tokyo.as6453.net (180.87.181.169)
17095 470.05 ms if-ae-2-2.tcore1.tv2-tokyo.as6453.net (180.87.180.1)
17106 216.76 ms if-et-21-2.hcore1.kv8-chiba.as6453.net (120.29.217.67)
17117 465.92 ms if-ae-5-2.tcore2.sv1-santa-clara.as6453.net (209.58.86.142)
17128 465.97 ms if-ae-38-2.tcore1.sqn-san-jose.as6453.net (63.243.205.74)
17139 455.27 ms if-ae-12-2.tcore1.nto-new-york.as6453.net (63.243.128.28)
171410 458.94 ms if-ae-7-2.tcore1.n0v-new-york.as6453.net (63.243.128.26)
171511 467.91 ms if-ae-2-2.tcore2.n0v-new-york.as6453.net (216.6.90.22)
171612 467.91 ms if-ae-4-2.tcore2.l78-london.as6453.net (80.231.131.157)
171713 460.05 ms if-ae-9-2.tcore2.wyn-marseille.as6453.net (80.231.200.13)
171814 519.25 ms 80.231.200.146
171915 515.43 ms 87.101.255.133
172016 ... 17
172118 527.26 ms 87.101.184.50
172219 522.68 ms ofw.shabakah.net.sa (212.102.0.66)
172320 523.84 ms ruh-firewall.shabakah.net.sa (212.102.11.2)
1724
1725NSE: Script Post-scanning.
1726Initiating NSE at 05:04
1727Completed NSE at 05:04, 0.00s elapsed
1728Initiating NSE at 05:04
1729Completed NSE at 05:04, 0.00s elapsed
1730Read data files from: /usr/bin/../share/nmap
1731########################################################################################################################################
1732http://shabakah.com.sa [301 Moved Permanently] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], RedirectLocation[https://shabakah.com.sa:443/], Title[301 Moved Permanently]
1733https://shabakah.com.sa/ [302 Found] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], Microsoft-Sharepoint[DENY], RedirectLocation[https://shabakah.com.sa/Pages/VariationRoot.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net]
1734https://shabakah.com.sa/Pages/VariationRoot.aspx [302 Found] ASP_NET[4.0.30319], Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], Microsoft-Sharepoint[DENY], RedirectLocation[https://shabakah.com.sa/en-us], Title[Object moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net]
1735https://shabakah.com.sa/en-us [302 Found] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], Microsoft-Sharepoint[DENY], RedirectLocation[https://shabakah.com.sa/en-us/Pages/default.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net]
1736https://shabakah.com.sa/en-us/Pages/default.aspx [200 OK] ASP_NET[4.0.30319], Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], JQuery, MetaGenerator[Microsoft SharePoint], Microsoft-Sharepoint[DENY], Modernizr[custom-v2.7.1.min], PasswordField[ctl00$ctl48], Script[text/javascript], Title[Home][Title element contains newline(s)!], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net], X-UA-Compatible[IE=10]
1737########################################################################################################################################
1738
1739wig - WebApp Information Gatherer
1740
1741
1742Scanning https://shabakah.com.sa...
1743___________________________________ SITE INFO ____________________________________
1744IP Title
1745212.102.11.2 Home
1746
1747____________________________________ VERSION _____________________________________
1748Name Versions Type
1749SharePoint CMS
1750ASP.NET 4.0.30319 Platform
1751Apache Platform
1752
1753__________________________________ INTERESTING ___________________________________
1754URL Note Type
1755/_layouts/create.aspx Sharepoint Create Page Interesting
1756
1757_____________________________________ TOOLS ______________________________________
1758Name Link Software
1759sparty https://github.com/alias1/sparty SharePoint
1760spscan https://github.com/toddsiegel/spscan SharePoint
1761Sharepoint URL Brute http://www.bishopfox.com/download/414/ SharePoint
1762
1763__________________________________________________________________________________
1764Time: 111.3 sec Urls: 196 Fingerprints: 40401
1765########################################################################################################################################
1766HTTP/1.1 301 Moved Permanently
1767Date: Sun, 11 Aug 2019 09:07:33 GMT
1768Server: Apache
1769Location: https://shabakah.com.sa:443/
1770Content-Type: text/html; charset=iso-8859-1
1771
1772HTTP/1.1 301 Moved Permanently
1773Date: Sun, 11 Aug 2019 09:07:34 GMT
1774Server: Apache
1775Location: https://shabakah.com.sa:443/
1776Content-Type: text/html; charset=iso-8859-1
1777
1778HTTP/1.1 302 Redirect
1779Date: Sun, 11 Aug 2019 08:50:14 GMT
1780Server: Apache
1781Content-Length: 170
1782Content-Type: text/html; charset=UTF-8
1783Location: https://shabakah.com.sa/Pages/VariationRoot.aspx
1784X-SharePointHealthScore: 0
1785SPRequestGuid: bc20f99e-0fe5-90c0-76f3-17edb8f99df2
1786request-id: bc20f99e-0fe5-90c0-76f3-17edb8f99df2
1787X-FRAME-OPTIONS: SAMEORIGIN
1788SPRequestDuration: 18
1789SPIisLatency: 1
1790X-Powered-By: Shabakah Net
1791MicrosoftSharePointTeamServices: DENY
1792X-Content-Type-Options: nosniff
1793X-MS-InvokeApp: 1; RequireReadOnly
1794X-FRAME-OPTIONS: DENY
1795
1796HTTP/1.1 302 Found
1797Date: Sun, 11 Aug 2019 08:50:14 GMT
1798Server: Apache
1799Cache-Control: private, max-age=0
1800Content-Length: 145
1801Content-Type: text/html; charset=utf-8
1802Expires: Sat, 27 Jul 2019 08:50:14 GMT
1803Last-Modified: Sun, 11 Aug 2019 08:50:14 GMT
1804Location: https://shabakah.com.sa/en-us
1805X-SharePointHealthScore: 0
1806X-AspNet-Version: 4.0.30319
1807SPRequestGuid: bd20f99e-2f07-90c0-76f3-1407455325a7
1808request-id: bd20f99e-2f07-90c0-76f3-1407455325a7
1809X-FRAME-OPTIONS: SAMEORIGIN
1810SPRequestDuration: 140
1811SPIisLatency: 1
1812X-Powered-By: Shabakah Net
1813MicrosoftSharePointTeamServices: DENY
1814X-Content-Type-Options: nosniff
1815X-MS-InvokeApp: 1; RequireReadOnly
1816X-FRAME-OPTIONS: DENY
1817
1818HTTP/1.1 302 Redirect
1819Date: Sun, 11 Aug 2019 08:50:15 GMT
1820Server: Apache
1821Content-Length: 170
1822Content-Type: text/html; charset=UTF-8
1823Location: https://shabakah.com.sa/en-us/Pages/default.aspx
1824X-SharePointHealthScore: 0
1825SPRequestGuid: bd20f99e-2f32-90c0-76f3-12d34c8cf9ba
1826request-id: bd20f99e-2f32-90c0-76f3-12d34c8cf9ba
1827X-FRAME-OPTIONS: SAMEORIGIN
1828SPRequestDuration: 12
1829SPIisLatency: 0
1830X-Powered-By: Shabakah Net
1831MicrosoftSharePointTeamServices: DENY
1832X-Content-Type-Options: nosniff
1833X-MS-InvokeApp: 1; RequireReadOnly
1834X-FRAME-OPTIONS: DENY
1835
1836HTTP/1.1 200 OK
1837Date: Sun, 11 Aug 2019 08:50:16 GMT
1838Server: Apache
1839Cache-Control: private, max-age=0
1840Content-Length: 91644
1841Content-Type: text/html; charset=utf-8
1842Expires: Sat, 27 Jul 2019 08:50:16 GMT
1843Last-Modified: Sun, 11 Aug 2019 08:50:16 GMT
1844X-SharePointHealthScore: 0
1845X-AspNet-Version: 4.0.30319
1846SPRequestGuid: bd20f99e-5f54-90c0-76f3-1d926d886562
1847request-id: bd20f99e-5f54-90c0-76f3-1d926d886562
1848X-FRAME-OPTIONS: SAMEORIGIN
1849SPRequestDuration: 487
1850SPIisLatency: 0
1851X-Powered-By: Shabakah Net
1852MicrosoftSharePointTeamServices: DENY
1853X-Content-Type-Options: nosniff
1854X-MS-InvokeApp: 1; RequireReadOnly
1855X-FRAME-OPTIONS: DENY
1856########################################################################################################################################
1857------------------------------------------------------------------------------------------------------------------------
1858
1859[ ! ] Starting SCANNER INURLBR 2.1 at [11-08-2019 05:08:11]
1860[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
1861It is the end user's responsibility to obey all applicable local, state and federal laws.
1862Developers assume no liability and are not responsible for any misuse or damage caused by this program
1863
1864[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/shabakah.com.sa/output/inurlbr-shabakah.com.sa ]
1865[ INFO ][ DORK ]::[ site:shabakah.com.sa ]
1866[ INFO ][ SEARCHING ]:: {
1867[ INFO ][ ENGINE ]::[ GOOGLE - www.google.vu ]
1868
1869[ INFO ][ SEARCHING ]::
1870-[:::]
1871[ INFO ][ ENGINE ]::[ GOOGLE API ]
1872
1873[ INFO ][ SEARCHING ]::
1874-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1875[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.jp ID: 012984904789461885316:oy3-mu17hxk ]
1876
1877[ INFO ][ SEARCHING ]::
1878-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1879
1880[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
1881
1882
1883 _[ - ]::--------------------------------------------------------------------------------------------------------------
1884|_[ + ] [ 0 / 100 ]-[05:08:43] [ - ]
1885|_[ + ] Target:: [ https://www.shabakah.com.sa/ ]
1886|_[ + ] Exploit::
1887|_[ + ] Information Server:: HTTP/1.1 302 Redirect, Server: Apache X-Powered-By: Shabakah Net, IP:212.102.11.2:443
1888|_[ + ] More details:: / - / , ISP:
1889|_[ + ] Found:: UNIDENTIFIED
1890
1891 _[ - ]::--------------------------------------------------------------------------------------------------------------
1892|_[ + ] [ 1 / 100 ]-[05:08:46] [ - ]
1893|_[ + ] Target:: [ https://prtg.shabakah.com.sa/ ]
1894|_[ + ] Exploit::
1895|_[ + ] Information Server:: HTTP/1.1 302 Moved Temporarily, Server: Apache , IP:212.102.11.2:443
1896|_[ + ] More details:: / - / , ISP:
1897|_[ + ] Found:: UNIDENTIFIED
1898
1899 _[ - ]::--------------------------------------------------------------------------------------------------------------
1900|_[ + ] [ 2 / 100 ]-[05:08:52] [ - ]
1901|_[ + ] Target:: [ https://muqeem.shabakah.com.sa/ ]
1902|_[ + ] Exploit::
1903|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:443
1904|_[ + ] More details:: / - / , ISP:
1905|_[ + ] Found:: UNIDENTIFIED
1906
1907 _[ - ]::--------------------------------------------------------------------------------------------------------------
1908|_[ + ] [ 3 / 100 ]-[05:08:57] [ - ]
1909|_[ + ] Target:: [ https://tamm.shabakah.com.sa/ ]
1910|_[ + ] Exploit::
1911|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:443
1912|_[ + ] More details:: / - / , ISP:
1913|_[ + ] Found:: UNIDENTIFIED
1914
1915 _[ - ]::--------------------------------------------------------------------------------------------------------------
1916|_[ + ] [ 4 / 100 ]-[05:08:59] [ - ]
1917|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs ]
1918|_[ + ] Exploit::
1919|_[ + ] Information Server:: HTTP/1.1 302 Redirect, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1920|_[ + ] More details:: / - / , ISP:
1921|_[ + ] Found:: UNIDENTIFIED
1922
1923 _[ - ]::--------------------------------------------------------------------------------------------------------------
1924|_[ + ] [ 5 / 100 ]-[05:09:03] [ - ]
1925|_[ + ] Target:: [ https://prtg.shabakah.com.sa/home ]
1926|_[ + ] Exploit::
1927|_[ + ] Information Server:: HTTP/1.1 302 Moved Temporarily, Server: Apache , IP:212.102.11.2:443
1928|_[ + ] More details:: / - / , ISP:
1929|_[ + ] Found:: UNIDENTIFIED
1930
1931 _[ - ]::--------------------------------------------------------------------------------------------------------------
1932|_[ + ] [ 6 / 100 ]-[05:09:07] [ - ]
1933|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/Conditions.aspx ]
1934|_[ + ] Exploit::
1935|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1936|_[ + ] More details:: / - / , ISP:
1937|_[ + ] Found:: UNIDENTIFIED
1938
1939 _[ - ]::--------------------------------------------------------------------------------------------------------------
1940|_[ + ] [ 7 / 100 ]-[05:09:12] [ - ]
1941|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/default.aspx ]
1942|_[ + ] Exploit::
1943|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1944|_[ + ] More details:: / - / , ISP:
1945|_[ + ] Found:: UNIDENTIFIED
1946
1947 _[ - ]::--------------------------------------------------------------------------------------------------------------
1948|_[ + ] [ 8 / 100 ]-[05:09:17] [ - ]
1949|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/default.aspx ]
1950|_[ + ] Exploit::
1951|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1952|_[ + ] More details:: / - / , ISP:
1953|_[ + ] Found:: UNIDENTIFIED
1954
1955 _[ - ]::--------------------------------------------------------------------------------------------------------------
1956|_[ + ] [ 9 / 100 ]-[05:09:22] [ - ]
1957|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/sitemap.aspx ]
1958|_[ + ] Exploit::
1959|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1960|_[ + ] More details:: / - / , ISP:
1961|_[ + ] Found:: UNIDENTIFIED
1962
1963 _[ - ]::--------------------------------------------------------------------------------------------------------------
1964|_[ + ] [ 10 / 100 ]-[05:09:26] [ - ]
1965|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/videosarchive.aspx ]
1966|_[ + ] Exploit::
1967|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1968|_[ + ] More details:: / - / , ISP:
1969|_[ + ] Found:: UNIDENTIFIED
1970
1971 _[ - ]::--------------------------------------------------------------------------------------------------------------
1972|_[ + ] [ 11 / 100 ]-[05:09:30] [ - ]
1973|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/conditions.aspx ]
1974|_[ + ] Exploit::
1975|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1976|_[ + ] More details:: / - / , ISP:
1977|_[ + ] Found:: UNIDENTIFIED
1978
1979 _[ - ]::--------------------------------------------------------------------------------------------------------------
1980|_[ + ] [ 12 / 100 ]-[05:09:35] [ - ]
1981|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/pages/sitemap.aspx ]
1982|_[ + ] Exploit::
1983|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1984|_[ + ] More details:: / - / , ISP:
1985|_[ + ] Found:: UNIDENTIFIED
1986
1987 _[ - ]::--------------------------------------------------------------------------------------------------------------
1988|_[ + ] [ 13 / 100 ]-[05:09:39] [ - ]
1989|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/VideosArchive.aspx ]
1990|_[ + ] Exploit::
1991|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
1992|_[ + ] More details:: / - / , ISP:
1993|_[ + ] Found:: UNIDENTIFIED
1994
1995 _[ - ]::--------------------------------------------------------------------------------------------------------------
1996|_[ + ] [ 14 / 100 ]-[05:09:42] [ - ]
1997|_[ + ] Target:: [ https://www.shabakah.com.sa/ar-sa/Industries ]
1998|_[ + ] Exploit::
1999|_[ + ] Information Server:: HTTP/1.1 302 Redirect, Server: Apache X-Powered-By: Shabakah Net, IP:212.102.11.2:443
2000|_[ + ] More details:: / - / , ISP:
2001|_[ + ] Found:: UNIDENTIFIED
2002
2003 _[ - ]::--------------------------------------------------------------------------------------------------------------
2004|_[ + ] [ 15 / 100 ]-[05:09:48] [ - ]
2005|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/mandaterequest.aspx ]
2006|_[ + ] Exploit::
2007|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2008|_[ + ] More details:: / - / , ISP:
2009|_[ + ] Found:: UNIDENTIFIED
2010
2011 _[ - ]::--------------------------------------------------------------------------------------------------------------
2012|_[ + ] [ 16 / 100 ]-[05:09:52] [ - ]
2013|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table4.aspx ]
2014|_[ + ] Exploit::
2015|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2016|_[ + ] More details:: / - / , ISP:
2017|_[ + ] Found:: UNIDENTIFIED
2018
2019 _[ - ]::--------------------------------------------------------------------------------------------------------------
2020|_[ + ] [ 17 / 100 ]-[05:09:57] [ - ]
2021|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table1.aspx ]
2022|_[ + ] Exploit::
2023|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2024|_[ + ] More details:: / - / , ISP:
2025|_[ + ] Found:: UNIDENTIFIED
2026
2027 _[ - ]::--------------------------------------------------------------------------------------------------------------
2028|_[ + ] [ 18 / 100 ]-[05:10:01] [ - ]
2029|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table4.aspx ]
2030|_[ + ] Exploit::
2031|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2032|_[ + ] More details:: / - / , ISP:
2033|_[ + ] Found:: UNIDENTIFIED
2034
2035 _[ - ]::--------------------------------------------------------------------------------------------------------------
2036|_[ + ] [ 19 / 100 ]-[05:10:06] [ - ]
2037|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/Applicationandreducethecriteria.aspx ]
2038|_[ + ] Exploit::
2039|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2040|_[ + ] More details:: / - / , ISP:
2041|_[ + ] Found:: UNIDENTIFIED
2042
2043 _[ - ]::--------------------------------------------------------------------------------------------------------------
2044|_[ + ] [ 20 / 100 ]-[05:10:10] [ - ]
2045|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/pages/table1.aspx ]
2046|_[ + ] Exploit::
2047|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2048|_[ + ] More details:: / - / , ISP:
2049|_[ + ] Found:: UNIDENTIFIED
2050
2051 _[ - ]::--------------------------------------------------------------------------------------------------------------
2052|_[ + ] [ 21 / 100 ]-[05:10:18] [ - ]
2053|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Aboutus/Pages/CustomsDetection.aspx ]
2054|_[ + ] Exploit::
2055|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2056|_[ + ] More details:: / - / , ISP:
2057|_[ + ] Found:: UNIDENTIFIED
2058
2059 _[ - ]::--------------------------------------------------------------------------------------------------------------
2060|_[ + ] [ 22 / 100 ]-[05:10:23] [ - ]
2061|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/aboutus/pages/vision.aspx ]
2062|_[ + ] Exploit::
2063|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2064|_[ + ] More details:: / - / , ISP:
2065|_[ + ] Found:: UNIDENTIFIED
2066
2067 _[ - ]::--------------------------------------------------------------------------------------------------------------
2068|_[ + ] [ 23 / 100 ]-[05:10:27] [ - ]
2069|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/servicesandcapacities.aspx ]
2070|_[ + ] Exploit::
2071|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2072|_[ + ] More details:: / - / , ISP:
2073|_[ + ] Found:: UNIDENTIFIED
2074
2075 _[ - ]::--------------------------------------------------------------------------------------------------------------
2076|_[ + ] [ 24 / 100 ]-[05:10:31] [ - ]
2077|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table2.aspx ]
2078|_[ + ] Exploit::
2079|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2080|_[ + ] More details:: / - / , ISP:
2081|_[ + ] Found:: UNIDENTIFIED
2082
2083 _[ - ]::--------------------------------------------------------------------------------------------------------------
2084|_[ + ] [ 25 / 100 ]-[05:10:35] [ - ]
2085|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/introduction.aspx ]
2086|_[ + ] Exploit::
2087|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2088|_[ + ] More details:: / - / , ISP:
2089|_[ + ] Found:: UNIDENTIFIED
2090
2091 _[ - ]::--------------------------------------------------------------------------------------------------------------
2092|_[ + ] [ 26 / 100 ]-[05:10:40] [ - ]
2093|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/mediacenter/pages/regulationofmarineagents.aspx ]
2094|_[ + ] Exploit::
2095|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2096|_[ + ] More details:: / - / , ISP:
2097|_[ + ] Found:: UNIDENTIFIED
2098
2099 _[ - ]::--------------------------------------------------------------------------------------------------------------
2100|_[ + ] [ 27 / 100 ]-[05:10:44] [ - ]
2101|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table3.aspx ]
2102|_[ + ] Exploit::
2103|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2104|_[ + ] More details:: / - / , ISP:
2105|_[ + ] Found:: UNIDENTIFIED
2106
2107 _[ - ]::--------------------------------------------------------------------------------------------------------------
2108|_[ + ] [ 28 / 100 ]-[05:10:49] [ - ]
2109|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/contactus/pages/feedbackcontact.aspx ]
2110|_[ + ] Exploit::
2111|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2112|_[ + ] More details:: / - / , ISP:
2113|_[ + ] Found:: UNIDENTIFIED
2114
2115 _[ - ]::--------------------------------------------------------------------------------------------------------------
2116|_[ + ] [ 29 / 100 ]-[05:10:53] [ - ]
2117|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/privatizationprogram.aspx ]
2118|_[ + ] Exploit::
2119|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2120|_[ + ] More details:: / - / , ISP:
2121|_[ + ] Found:: UNIDENTIFIED
2122
2123 _[ - ]::--------------------------------------------------------------------------------------------------------------
2124|_[ + ] [ 30 / 100 ]-[05:10:57] [ - ]
2125|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/ContactUs/Pages/ContactUs.aspx ]
2126|_[ + ] Exploit::
2127|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2128|_[ + ] More details:: / - / , ISP:
2129|_[ + ] Found:: UNIDENTIFIED
2130
2131 _[ - ]::--------------------------------------------------------------------------------------------------------------
2132|_[ + ] [ 31 / 100 ]-[05:11:01] [ - ]
2133|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/vision.aspx ]
2134|_[ + ] Exploit::
2135|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2136|_[ + ] More details:: / - / , ISP:
2137|_[ + ] Found:: UNIDENTIFIED
2138
2139 _[ - ]::--------------------------------------------------------------------------------------------------------------
2140|_[ + ] [ 32 / 100 ]-[05:11:06] [ - ]
2141|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/portstariffs/pages/table5.aspx ]
2142|_[ + ] Exploit::
2143|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2144|_[ + ] More details:: / - / , ISP:
2145|_[ + ] Found:: UNIDENTIFIED
2146
2147 _[ - ]::--------------------------------------------------------------------------------------------------------------
2148|_[ + ] [ 33 / 100 ]-[05:11:11] [ - ]
2149|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/eservices/pages/vesselsearch.aspx ]
2150|_[ + ] Exploit::
2151|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2152|_[ + ] More details:: / - / , ISP:
2153|_[ + ] Found:: UNIDENTIFIED
2154
2155 _[ - ]::--------------------------------------------------------------------------------------------------------------
2156|_[ + ] [ 34 / 100 ]-[05:11:15] [ - ]
2157|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/privacy-policy.aspx ]
2158|_[ + ] Exploit::
2159|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2160|_[ + ] More details:: / - / , ISP:
2161|_[ + ] Found:: UNIDENTIFIED
2162
2163 _[ - ]::--------------------------------------------------------------------------------------------------------------
2164|_[ + ] [ 35 / 100 ]-[05:11:19] [ - ]
2165|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table2.aspx ]
2166|_[ + ] Exploit::
2167|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2168|_[ + ] More details:: / - / , ISP:
2169|_[ + ] Found:: UNIDENTIFIED
2170
2171 _[ - ]::--------------------------------------------------------------------------------------------------------------
2172|_[ + ] [ 36 / 100 ]-[05:11:23] [ - ]
2173|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/pages/feedbackcontact.aspx ]
2174|_[ + ] Exploit::
2175|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2176|_[ + ] More details:: / - / , ISP:
2177|_[ + ] Found:: UNIDENTIFIED
2178
2179 _[ - ]::--------------------------------------------------------------------------------------------------------------
2180|_[ + ] [ 37 / 100 ]-[05:11:28] [ - ]
2181|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Pages/privacy-policy.aspx ]
2182|_[ + ] Exploit::
2183|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2184|_[ + ] More details:: / - / , ISP:
2185|_[ + ] Found:: UNIDENTIFIED
2186
2187 _[ - ]::--------------------------------------------------------------------------------------------------------------
2188|_[ + ] [ 38 / 100 ]-[05:11:32] [ - ]
2189|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/ContactUs/Pages/FeedbackContact2.aspx ]
2190|_[ + ] Exploit::
2191|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2192|_[ + ] More details:: / - / , ISP:
2193|_[ + ] Found:: UNIDENTIFIED
2194
2195 _[ - ]::--------------------------------------------------------------------------------------------------------------
2196|_[ + ] [ 39 / 100 ]-[05:11:36] [ - ]
2197|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/aboutus/pages/privatizationprogram.aspx ]
2198|_[ + ] Exploit::
2199|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2200|_[ + ] More details:: / - / , ISP:
2201|_[ + ] Found:: UNIDENTIFIED
2202
2203 _[ - ]::--------------------------------------------------------------------------------------------------------------
2204|_[ + ] [ 40 / 100 ]-[05:11:40] [ - ]
2205|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/DEFINITIONS.aspx ]
2206|_[ + ] Exploit::
2207|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2208|_[ + ] More details:: / - / , ISP:
2209|_[ + ] Found:: UNIDENTIFIED
2210
2211 _[ - ]::--------------------------------------------------------------------------------------------------------------
2212|_[ + ] [ 41 / 100 ]-[05:11:45] [ - ]
2213|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/Pages/ContactUs.aspx ]
2214|_[ + ] Exploit::
2215|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2216|_[ + ] More details:: / - / , ISP:
2217|_[ + ] Found:: UNIDENTIFIED
2218
2219 _[ - ]::--------------------------------------------------------------------------------------------------------------
2220|_[ + ] [ 42 / 100 ]-[05:11:49] [ - ]
2221|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table3.aspx ]
2222|_[ + ] Exploit::
2223|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2224|_[ + ] More details:: / - / , ISP:
2225|_[ + ] Found:: UNIDENTIFIED
2226
2227 _[ - ]::--------------------------------------------------------------------------------------------------------------
2228|_[ + ] [ 43 / 100 ]-[05:11:54] [ - ]
2229|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/DEFINITIONS.aspx ]
2230|_[ + ] Exploit::
2231|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2232|_[ + ] More details:: / - / , ISP:
2233|_[ + ] Found:: UNIDENTIFIED
2234
2235 _[ - ]::--------------------------------------------------------------------------------------------------------------
2236|_[ + ] [ 44 / 100 ]-[05:11:58] [ - ]
2237|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/MediaCenter/Pages/default.aspx ]
2238|_[ + ] Exploit::
2239|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2240|_[ + ] More details:: / - / , ISP:
2241|_[ + ] Found:: UNIDENTIFIED
2242
2243 _[ - ]::--------------------------------------------------------------------------------------------------------------
2244|_[ + ] [ 45 / 100 ]-[05:12:02] [ - ]
2245|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/aboutus/pages/servicesandcapacities.aspx ]
2246|_[ + ] Exploit::
2247|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2248|_[ + ] More details:: / - / , ISP:
2249|_[ + ] Found:: UNIDENTIFIED
2250
2251 _[ - ]::--------------------------------------------------------------------------------------------------------------
2252|_[ + ] [ 46 / 100 ]-[05:12:07] [ - ]
2253|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/OpenData/Pages/OpenDataLibrary.aspx ]
2254|_[ + ] Exploit::
2255|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2256|_[ + ] More details:: / - / , ISP:
2257|_[ + ] Found:: UNIDENTIFIED
2258
2259 _[ - ]::--------------------------------------------------------------------------------------------------------------
2260|_[ + ] [ 47 / 100 ]-[05:12:11] [ - ]
2261|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/vesselsearch.aspx ]
2262|_[ + ] Exploit::
2263|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2264|_[ + ] More details:: / - / , ISP:
2265|_[ + ] Found:: UNIDENTIFIED
2266
2267 _[ - ]::--------------------------------------------------------------------------------------------------------------
2268|_[ + ] [ 48 / 100 ]-[05:12:15] [ - ]
2269|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/boardofdirectors.aspx ]
2270|_[ + ] Exploit::
2271|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2272|_[ + ] More details:: / - / , ISP:
2273|_[ + ] Found:: UNIDENTIFIED
2274
2275 _[ - ]::--------------------------------------------------------------------------------------------------------------
2276|_[ + ] [ 49 / 100 ]-[05:12:19] [ - ]
2277|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/orgstruct.aspx ]
2278|_[ + ] Exploit::
2279|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2280|_[ + ] More details:: / - / , ISP:
2281|_[ + ] Found:: UNIDENTIFIED
2282
2283 _[ - ]::--------------------------------------------------------------------------------------------------------------
2284|_[ + ] [ 50 / 100 ]-[05:12:24] [ - ]
2285|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/emp.aspx ]
2286|_[ + ] Exploit::
2287|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2288|_[ + ] More details:: / - / , ISP:
2289|_[ + ] Found:: UNIDENTIFIED
2290
2291 _[ - ]::--------------------------------------------------------------------------------------------------------------
2292|_[ + ] [ 51 / 100 ]-[05:12:28] [ - ]
2293|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/eservices/pages/invoices.aspx ]
2294|_[ + ] Exploit::
2295|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2296|_[ + ] More details:: / - / , ISP:
2297|_[ + ] Found:: UNIDENTIFIED
2298
2299 _[ - ]::--------------------------------------------------------------------------------------------------------------
2300|_[ + ] [ 52 / 100 ]-[05:12:32] [ - ]
2301|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/Pages/Vacancies.aspx ]
2302|_[ + ] Exploit::
2303|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2304|_[ + ] More details:: / - / , ISP:
2305|_[ + ] Found:: UNIDENTIFIED
2306
2307 _[ - ]::--------------------------------------------------------------------------------------------------------------
2308|_[ + ] [ 53 / 100 ]-[05:12:36] [ - ]
2309|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/Pages/introduction.aspx ]
2310|_[ + ] Exploit::
2311|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2312|_[ + ] More details:: / - / , ISP:
2313|_[ + ] Found:: UNIDENTIFIED
2314
2315 _[ - ]::--------------------------------------------------------------------------------------------------------------
2316|_[ + ] [ 54 / 100 ]-[05:12:41] [ - ]
2317|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/authentication/pages/forgetpassword.aspx ]
2318|_[ + ] Exploit::
2319|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2320|_[ + ] More details:: / - / , ISP:
2321|_[ + ] Found:: UNIDENTIFIED
2322
2323 _[ - ]::--------------------------------------------------------------------------------------------------------------
2324|_[ + ] [ 55 / 100 ]-[05:12:45] [ - ]
2325|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table5.aspx ]
2326|_[ + ] Exploit::
2327|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2328|_[ + ] More details:: / - / , ISP:
2329|_[ + ] Found:: UNIDENTIFIED
2330
2331 _[ - ]::--------------------------------------------------------------------------------------------------------------
2332|_[ + ] [ 56 / 100 ]-[05:12:49] [ - ]
2333|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/vpn.aspx ]
2334|_[ + ] Exploit::
2335|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2336|_[ + ] More details:: / - / , ISP:
2337|_[ + ] Found:: UNIDENTIFIED
2338
2339 _[ - ]::--------------------------------------------------------------------------------------------------------------
2340|_[ + ] [ 57 / 100 ]-[05:12:53] [ - ]
2341|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/sickleave.aspx ]
2342|_[ + ] Exploit::
2343|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2344|_[ + ] More details:: / - / , ISP:
2345|_[ + ] Found:: UNIDENTIFIED
2346
2347 _[ - ]::--------------------------------------------------------------------------------------------------------------
2348|_[ + ] [ 58 / 100 ]-[05:12:58] [ - ]
2349|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/authentication/Pages/login.aspx ]
2350|_[ + ] Exploit::
2351|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2352|_[ + ] More details:: / - / , ISP:
2353|_[ + ] Found:: UNIDENTIFIED
2354
2355 _[ - ]::--------------------------------------------------------------------------------------------------------------
2356|_[ + ] [ 59 / 100 ]-[05:13:02] [ - ]
2357|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/DefinitionOfTerms.aspx ]
2358|_[ + ] Exploit::
2359|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2360|_[ + ] More details:: / - / , ISP:
2361|_[ + ] Found:: UNIDENTIFIED
2362
2363 _[ - ]::--------------------------------------------------------------------------------------------------------------
2364|_[ + ] [ 60 / 100 ]-[05:13:06] [ - ]
2365|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/default.aspx ]
2366|_[ + ] Exploit::
2367|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2368|_[ + ] More details:: / - / , ISP:
2369|_[ + ] Found:: UNIDENTIFIED
2370
2371 _[ - ]::--------------------------------------------------------------------------------------------------------------
2372|_[ + ] [ 61 / 100 ]-[05:13:11] [ - ]
2373|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/ContactUs/pages/default.aspx ]
2374|_[ + ] Exploit::
2375|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2376|_[ + ] More details:: / - / , ISP:
2377|_[ + ] Found:: UNIDENTIFIED
2378
2379 _[ - ]::--------------------------------------------------------------------------------------------------------------
2380|_[ + ] [ 62 / 100 ]-[05:13:15] [ - ]
2381|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/OpenData/Pages/default.aspx ]
2382|_[ + ] Exploit::
2383|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2384|_[ + ] More details:: / - / , ISP:
2385|_[ + ] Found:: UNIDENTIFIED
2386
2387 _[ - ]::--------------------------------------------------------------------------------------------------------------
2388|_[ + ] [ 63 / 100 ]-[05:13:19] [ - ]
2389|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/mediacenter/pages/aboutopendata.aspx ]
2390|_[ + ] Exploit::
2391|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2392|_[ + ] More details:: / - / , ISP:
2393|_[ + ] Found:: UNIDENTIFIED
2394
2395 _[ - ]::--------------------------------------------------------------------------------------------------------------
2396|_[ + ] [ 64 / 100 ]-[05:13:23] [ - ]
2397|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/Pages/default.aspx ]
2398|_[ + ] Exploit::
2399|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2400|_[ + ] More details:: / - / , ISP:
2401|_[ + ] Found:: UNIDENTIFIED
2402
2403 _[ - ]::--------------------------------------------------------------------------------------------------------------
2404|_[ + ] [ 65 / 100 ]-[05:13:28] [ - ]
2405|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/VacationRequest.aspx ]
2406|_[ + ] Exploit::
2407|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2408|_[ + ] More details:: / - / , ISP:
2409|_[ + ] Found:: UNIDENTIFIED
2410
2411 _[ - ]::--------------------------------------------------------------------------------------------------------------
2412|_[ + ] [ 66 / 100 ]-[05:13:32] [ - ]
2413|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/jobpeformrequst.aspx ]
2414|_[ + ] Exploit::
2415|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2416|_[ + ] More details:: / - / , ISP:
2417|_[ + ] Found:: UNIDENTIFIED
2418
2419 _[ - ]::--------------------------------------------------------------------------------------------------------------
2420|_[ + ] [ 67 / 100 ]-[05:13:36] [ - ]
2421|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/Pages/FeedbackContact2.aspx ]
2422|_[ + ] Exploit::
2423|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2424|_[ + ] More details:: / - / , ISP:
2425|_[ + ] Found:: UNIDENTIFIED
2426
2427 _[ - ]::--------------------------------------------------------------------------------------------------------------
2428|_[ + ] [ 68 / 100 ]-[05:13:41] [ - ]
2429|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/SAPorts/Pages/default.aspx ]
2430|_[ + ] Exploit::
2431|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2432|_[ + ] More details:: / - / , ISP:
2433|_[ + ] Found:: UNIDENTIFIED
2434
2435 _[ - ]::--------------------------------------------------------------------------------------------------------------
2436|_[ + ] [ 69 / 100 ]-[05:13:45] [ - ]
2437|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/Pages/Rules.aspx ]
2438|_[ + ] Exploit::
2439|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2440|_[ + ] More details:: / - / , ISP:
2441|_[ + ] Found:: UNIDENTIFIED
2442
2443 _[ - ]::--------------------------------------------------------------------------------------------------------------
2444|_[ + ] [ 70 / 100 ]-[05:13:49] [ - ]
2445|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/fin.aspx ]
2446|_[ + ] Exploit::
2447|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2448|_[ + ] More details:: / - / , ISP:
2449|_[ + ] Found:: UNIDENTIFIED
2450
2451 _[ - ]::--------------------------------------------------------------------------------------------------------------
2452|_[ + ] [ 71 / 100 ]-[05:13:53] [ - ]
2453|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/eservices/pages/rent.aspx ]
2454|_[ + ] Exploit::
2455|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2456|_[ + ] More details:: / - / , ISP:
2457|_[ + ] Found:: UNIDENTIFIED
2458
2459 _[ - ]::--------------------------------------------------------------------------------------------------------------
2460|_[ + ] [ 72 / 100 ]-[05:13:58] [ - ]
2461|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/Pages/default.aspx ]
2462|_[ + ] Exploit::
2463|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2464|_[ + ] More details:: / - / , ISP:
2465|_[ + ] Found:: UNIDENTIFIED
2466
2467 _[ - ]::--------------------------------------------------------------------------------------------------------------
2468|_[ + ] [ 73 / 100 ]-[05:14:02] [ - ]
2469|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/MediaCenter/Pages/OpenDataPolicy.aspx ]
2470|_[ + ] Exploit::
2471|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2472|_[ + ] More details:: / - / , ISP:
2473|_[ + ] Found:: UNIDENTIFIED
2474
2475 _[ - ]::--------------------------------------------------------------------------------------------------------------
2476|_[ + ] [ 74 / 100 ]-[05:14:06] [ - ]
2477|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/default.aspx ]
2478|_[ + ] Exploit::
2479|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2480|_[ + ] More details:: / - / , ISP:
2481|_[ + ] Found:: UNIDENTIFIED
2482
2483 _[ - ]::--------------------------------------------------------------------------------------------------------------
2484|_[ + ] [ 75 / 100 ]-[05:14:11] [ - ]
2485|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/eca.aspx ]
2486|_[ + ] Exploit::
2487|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2488|_[ + ] More details:: / - / , ISP:
2489|_[ + ] Found:: UNIDENTIFIED
2490
2491 _[ - ]::--------------------------------------------------------------------------------------------------------------
2492|_[ + ] [ 76 / 100 ]-[05:14:15] [ - ]
2493|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/authentication/Pages/login.aspx ]
2494|_[ + ] Exploit::
2495|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2496|_[ + ] More details:: / - / , ISP:
2497|_[ + ] Found:: UNIDENTIFIED
2498
2499 _[ - ]::--------------------------------------------------------------------------------------------------------------
2500|_[ + ] [ 77 / 100 ]-[05:14:19] [ - ]
2501|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/MediaCenter/Pages/default.aspx ]
2502|_[ + ] Exploit::
2503|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2504|_[ + ] More details:: / - / , ISP:
2505|_[ + ] Found:: UNIDENTIFIED
2506
2507 _[ - ]::--------------------------------------------------------------------------------------------------------------
2508|_[ + ] [ 78 / 100 ]-[05:14:23] [ - ]
2509|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/MediaCenter/pages/aboutopendata.aspx ]
2510|_[ + ] Exploit::
2511|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2512|_[ + ] More details:: / - / , ISP:
2513|_[ + ] Found:: UNIDENTIFIED
2514
2515 _[ - ]::--------------------------------------------------------------------------------------------------------------
2516|_[ + ] [ 79 / 100 ]-[05:14:27] [ - ]
2517|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Employees/Pages/default.aspx ]
2518|_[ + ] Exploit::
2519|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2520|_[ + ] More details:: / - / , ISP:
2521|_[ + ] Found:: UNIDENTIFIED
2522
2523 _[ - ]::--------------------------------------------------------------------------------------------------------------
2524|_[ + ] [ 80 / 100 ]-[05:14:33] [ - ]
2525|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/SAPorts/Pages/default.aspx ]
2526|_[ + ] Exploit::
2527|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2528|_[ + ] More details:: / - / , ISP:
2529|_[ + ] Found:: UNIDENTIFIED
2530
2531 _[ - ]::--------------------------------------------------------------------------------------------------------------
2532|_[ + ] [ 81 / 100 ]-[05:14:37] [ - ]
2533|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/invoices.aspx ]
2534|_[ + ] Exploit::
2535|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2536|_[ + ] More details:: / - / , ISP:
2537|_[ + ] Found:: UNIDENTIFIED
2538
2539 _[ - ]::--------------------------------------------------------------------------------------------------------------
2540|_[ + ] [ 82 / 100 ]-[05:14:41] [ - ]
2541|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/authentication/pages/registernewuser.aspx ]
2542|_[ + ] Exploit::
2543|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2544|_[ + ] More details:: / - / , ISP:
2545|_[ + ] Found:: UNIDENTIFIED
2546
2547 _[ - ]::--------------------------------------------------------------------------------------------------------------
2548|_[ + ] [ 83 / 100 ]-[05:14:45] [ - ]
2549|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/Pages/Applicationandreducethecriteria.aspx ]
2550|_[ + ] Exploit::
2551|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2552|_[ + ] More details:: / - / , ISP:
2553|_[ + ] Found:: UNIDENTIFIED
2554
2555 _[ - ]::--------------------------------------------------------------------------------------------------------------
2556|_[ + ] [ 84 / 100 ]-[05:14:49] [ - ]
2557|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/Pages/default.aspx ]
2558|_[ + ] Exploit::
2559|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2560|_[ + ] More details:: / - / , ISP:
2561|_[ + ] Found:: UNIDENTIFIED
2562
2563 _[ - ]::--------------------------------------------------------------------------------------------------------------
2564|_[ + ] [ 85 / 100 ]-[05:14:53] [ - ]
2565|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsProcedures/Pages/Procedures.aspx ]
2566|_[ + ] Exploit::
2567|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2568|_[ + ] More details:: / - / , ISP:
2569|_[ + ] Found:: UNIDENTIFIED
2570
2571 _[ - ]::--------------------------------------------------------------------------------------------------------------
2572|_[ + ] [ 86 / 100 ]-[05:14:57] [ - ]
2573|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/MediaCenter/pages/regulationofmarineagents.aspx ]
2574|_[ + ] Exploit::
2575|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2576|_[ + ] More details:: / - / , ISP:
2577|_[ + ] Found:: UNIDENTIFIED
2578
2579 _[ - ]::--------------------------------------------------------------------------------------------------------------
2580|_[ + ] [ 87 / 100 ]-[05:15:01] [ - ]
2581|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Aboutus/Pages/survey.aspx ]
2582|_[ + ] Exploit::
2583|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2584|_[ + ] More details:: / - / , ISP:
2585|_[ + ] Found:: UNIDENTIFIED
2586
2587 _[ - ]::--------------------------------------------------------------------------------------------------------------
2588|_[ + ] [ 88 / 100 ]-[05:15:06] [ - ]
2589|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/rent.aspx ]
2590|_[ + ] Exploit::
2591|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2592|_[ + ] More details:: / - / , ISP:
2593|_[ + ] Found:: UNIDENTIFIED
2594
2595 _[ - ]::--------------------------------------------------------------------------------------------------------------
2596|_[ + ] [ 89 / 100 ]-[05:15:10] [ - ]
2597|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/EServices/Pages/Vacancies.aspx ]
2598|_[ + ] Exploit::
2599|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2600|_[ + ] More details:: / - / , ISP:
2601|_[ + ] Found:: UNIDENTIFIED
2602
2603 _[ - ]::--------------------------------------------------------------------------------------------------------------
2604|_[ + ] [ 90 / 100 ]-[05:15:14] [ - ]
2605|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/authentication/pages/registernewuser.aspx ]
2606|_[ + ] Exploit::
2607|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2608|_[ + ] More details:: / - / , ISP:
2609|_[ + ] Found:: UNIDENTIFIED
2610
2611 _[ - ]::--------------------------------------------------------------------------------------------------------------
2612|_[ + ] [ 91 / 100 ]-[05:15:18] [ - ]
2613|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/pages/definitionofterms.aspx ]
2614|_[ + ] Exploit::
2615|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2616|_[ + ] More details:: / - / , ISP:
2617|_[ + ] Found:: UNIDENTIFIED
2618
2619 _[ - ]::--------------------------------------------------------------------------------------------------------------
2620|_[ + ] [ 92 / 100 ]-[05:15:22] [ - ]
2621|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/Pages/default.aspx ]
2622|_[ + ] Exploit::
2623|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2624|_[ + ] More details:: / - / , ISP:
2625|_[ + ] Found:: UNIDENTIFIED
2626
2627 _[ - ]::--------------------------------------------------------------------------------------------------------------
2628|_[ + ] [ 93 / 100 ]-[05:15:27] [ - ]
2629|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/authentication/pages/forgetpassword.aspx ]
2630|_[ + ] Exploit::
2631|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2632|_[ + ] More details:: / - / , ISP:
2633|_[ + ] Found:: UNIDENTIFIED
2634
2635 _[ - ]::--------------------------------------------------------------------------------------------------------------
2636|_[ + ] [ 94 / 100 ]-[05:15:31] [ - ]
2637|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/mediacenter/pages/releases.aspx ]
2638|_[ + ] Exploit::
2639|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2640|_[ + ] More details:: / - / , ISP:
2641|_[ + ] Found:: UNIDENTIFIED
2642
2643 _[ - ]::--------------------------------------------------------------------------------------------------------------
2644|_[ + ] [ 95 / 100 ]-[05:15:37] [ - ]
2645|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/EServices/Biddings/Pages/BiddingsListResult.aspx ]
2646|_[ + ] Exploit::
2647|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2648|_[ + ] More details:: / - / , ISP:
2649|_[ + ] Found:: UNIDENTIFIED
2650
2651 _[ - ]::--------------------------------------------------------------------------------------------------------------
2652|_[ + ] [ 96 / 100 ]-[05:15:42] [ - ]
2653|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/MediaCenter/NewsCenter/Pages/default.aspx ]
2654|_[ + ] Exploit::
2655|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2656|_[ + ] More details:: / - / , ISP:
2657|_[ + ] Found:: UNIDENTIFIED
2658
2659 _[ - ]::--------------------------------------------------------------------------------------------------------------
2660|_[ + ] [ 97 / 100 ]-[05:15:47] [ - ]
2661|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/SAPorts/Jbeilt/Pages/default.aspx ]
2662|_[ + ] Exploit::
2663|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2664|_[ + ] More details:: / - / , ISP:
2665|_[ + ] Found:: UNIDENTIFIED
2666
2667 _[ - ]::--------------------------------------------------------------------------------------------------------------
2668|_[ + ] [ 98 / 100 ]-[05:15:51] [ - ]
2669|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/SAPorts/Jbeilt/Pages/default.aspx ]
2670|_[ + ] Exploit::
2671|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2672|_[ + ] More details:: / - / , ISP:
2673|_[ + ] Found:: UNIDENTIFIED
2674
2675 _[ - ]::--------------------------------------------------------------------------------------------------------------
2676|_[ + ] [ 99 / 100 ]-[05:15:56] [ - ]
2677|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/Biddings/Pages/BidingsAnnouncement.aspx ]
2678|_[ + ] Exploit::
2679|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
2680|_[ + ] More details:: / - / , ISP:
2681|_[ + ] Found:: UNIDENTIFIED
2682
2683[ INFO ] [ Shutting down ]
2684[ INFO ] [ End of process INURLBR at [11-08-2019 05:15:56]
2685[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
2686[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/shabakah.com.sa/output/inurlbr-shabakah.com.sa ]
2687|_________________________________________________________________________________________
2688
2689\_________________________________________________________________________________________/
2690#######################################################################################################################################
2691Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 05:16 EDT
2692NSE: Loaded 162 scripts for scanning.
2693NSE: Script Pre-scanning.
2694Initiating NSE at 05:16
2695Completed NSE at 05:16, 0.00s elapsed
2696Initiating NSE at 05:16
2697Completed NSE at 05:16, 0.00s elapsed
2698Initiating Parallel DNS resolution of 1 host. at 05:16
2699Completed Parallel DNS resolution of 1 host. at 05:16, 0.03s elapsed
2700Initiating SYN Stealth Scan at 05:16
2701Scanning shabakah.com.sa (212.102.11.2) [1 port]
2702Completed SYN Stealth Scan at 05:16, 0.54s elapsed (1 total ports)
2703Initiating Service scan at 05:16
2704Initiating OS detection (try #1) against shabakah.com.sa (212.102.11.2)
2705Retrying OS detection (try #2) against shabakah.com.sa (212.102.11.2)
2706Initiating Traceroute at 05:16
2707Completed Traceroute at 05:16, 3.46s elapsed
2708Initiating Parallel DNS resolution of 18 hosts. at 05:16
2709Completed Parallel DNS resolution of 18 hosts. at 05:16, 0.45s elapsed
2710NSE: Script scanning 212.102.11.2.
2711Initiating NSE at 05:16
2712Completed NSE at 05:16, 0.50s elapsed
2713Initiating NSE at 05:16
2714Completed NSE at 05:16, 0.00s elapsed
2715Nmap scan report for shabakah.com.sa (212.102.11.2)
2716Host is up (0.084s latency).
2717rDNS record for 212.102.11.2: ruh-firewall.shabakah.net.sa
2718
2719PORT STATE SERVICE VERSION
2720443/tcp filtered https
2721Too many fingerprints match this host to give specific OS details
2722Network Distance: 20 hops
2723
2724TRACEROUTE (using proto 1/icmp)
2725HOP RTT ADDRESS
27261 211.00 ms 10.248.200.1
27272 211.38 ms 185.242.4.145
27283 211.20 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
27294 212.04 ms ix-xe-4-1-3-0.tcore2.tv2-tokyo.as6453.net (180.87.181.169)
27305 469.62 ms if-ae-2-2.tcore1.tv2-tokyo.as6453.net (180.87.180.1)
27316 216.64 ms if-et-21-2.hcore1.kv8-chiba.as6453.net (120.29.217.67)
27327 465.47 ms if-ae-5-2.tcore2.sv1-santa-clara.as6453.net (209.58.86.142)
27338 463.58 ms if-ae-38-2.tcore1.sqn-san-jose.as6453.net (63.243.205.74)
27349 458.31 ms if-ae-12-2.tcore1.nto-new-york.as6453.net (63.243.128.28)
273510 459.95 ms if-ae-7-2.tcore1.n0v-new-york.as6453.net (63.243.128.26)
273611 463.29 ms if-ae-2-2.tcore2.n0v-new-york.as6453.net (216.6.90.22)
273712 463.84 ms if-ae-4-2.tcore2.l78-london.as6453.net (80.231.131.157)
273813 455.78 ms if-ae-9-2.tcore2.wyn-marseille.as6453.net (80.231.200.13)
273914 515.83 ms 80.231.200.146
274015 509.64 ms 87.101.255.133
274116 ... 17
274218 524.14 ms 87.101.184.50
274319 522.39 ms ofw.shabakah.net.sa (212.102.0.66)
274420 523.29 ms ruh-firewall.shabakah.net.sa (212.102.11.2)
2745
2746NSE: Script Post-scanning.
2747Initiating NSE at 05:16
2748Completed NSE at 05:16, 0.00s elapsed
2749Initiating NSE at 05:16
2750Completed NSE at 05:16, 0.00s elapsed
2751Read data files from: /usr/bin/../share/nmap
2752########################################################################################################################################
2753https://shabakah.com.sa [302 Found] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], Microsoft-Sharepoint[DENY], RedirectLocation[https://shabakah.com.sa/Pages/VariationRoot.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net]
2754https://shabakah.com.sa/Pages/VariationRoot.aspx [302 Found] ASP_NET[4.0.30319], Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], Microsoft-Sharepoint[DENY], RedirectLocation[https://shabakah.com.sa/en-us], Title[Object moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net]
2755https://shabakah.com.sa/en-us [302 Found] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], Microsoft-Sharepoint[DENY], RedirectLocation[https://shabakah.com.sa/en-us/Pages/default.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net]
2756https://shabakah.com.sa/en-us/Pages/default.aspx [200 OK] ASP_NET[4.0.30319], Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.2], JQuery, MetaGenerator[Microsoft SharePoint], Microsoft-Sharepoint[DENY], Modernizr[custom-v2.7.1.min], PasswordField[ctl00$ctl48], Script[text/javascript], Title[Home][Title element contains newline(s)!], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN, DENY], X-Powered-By[Shabakah Net], X-UA-Compatible[IE=10]
2757#######################################################################################################################################
2758
2759wig - WebApp Information Gatherer
2760
2761
2762Scanning https://shabakah.com.sa...
2763___________________________________ SITE INFO ____________________________________
2764IP Title
2765212.102.11.2 Home
2766
2767____________________________________ VERSION _____________________________________
2768Name Versions Type
2769SharePoint CMS
2770ASP.NET 4.0.30319 Platform
2771Apache Platform
2772
2773__________________________________ INTERESTING ___________________________________
2774URL Note Type
2775/_layouts/create.aspx Sharepoint Create Page Interesting
2776
2777_____________________________________ TOOLS ______________________________________
2778Name Link Software
2779sparty https://github.com/alias1/sparty SharePoint
2780spscan https://github.com/toddsiegel/spscan SharePoint
2781Sharepoint URL Brute http://www.bishopfox.com/download/414/ SharePoint
2782
2783__________________________________________________________________________________
2784Time: 6.6 sec Urls: 196 Fingerprints: 40401
2785########################################################################################################################################
2786HTTP/1.1 302 Redirect
2787Date: Sun, 11 Aug 2019 09:00:16 GMT
2788Server: Apache
2789Content-Length: 170
2790Content-Type: text/html; charset=UTF-8
2791Location: https://shabakah.com.sa/Pages/VariationRoot.aspx
2792X-SharePointHealthScore: 0
2793SPRequestGuid: 5021f99e-6f0f-90c0-76f3-14237884b655
2794request-id: 5021f99e-6f0f-90c0-76f3-14237884b655
2795X-FRAME-OPTIONS: SAMEORIGIN
2796SPRequestDuration: 19
2797SPIisLatency: 1
2798X-Powered-By: Shabakah Net
2799MicrosoftSharePointTeamServices: DENY
2800X-Content-Type-Options: nosniff
2801X-MS-InvokeApp: 1; RequireReadOnly
2802X-FRAME-OPTIONS: DENY
2803
2804HTTP/1.1 302 Redirect
2805Date: Sun, 11 Aug 2019 09:00:19 GMT
2806Server: Apache
2807Content-Length: 170
2808Content-Type: text/html; charset=UTF-8
2809Location: https://shabakah.com.sa/Pages/VariationRoot.aspx
2810X-SharePointHealthScore: 0
2811SPRequestGuid: 5021f99e-7fb3-90c0-76f3-11e82d164dc6
2812request-id: 5021f99e-7fb3-90c0-76f3-11e82d164dc6
2813X-FRAME-OPTIONS: SAMEORIGIN
2814SPRequestDuration: 15
2815SPIisLatency: 1
2816X-Powered-By: Shabakah Net
2817MicrosoftSharePointTeamServices: DENY
2818X-Content-Type-Options: nosniff
2819X-MS-InvokeApp: 1; RequireReadOnly
2820X-FRAME-OPTIONS: DENY
2821
2822HTTP/1.1 302 Found
2823Date: Sun, 11 Aug 2019 09:00:19 GMT
2824Server: Apache
2825Cache-Control: private, max-age=0
2826Content-Length: 145
2827Content-Type: text/html; charset=utf-8
2828Expires: Sat, 27 Jul 2019 09:00:20 GMT
2829Last-Modified: Sun, 11 Aug 2019 09:00:20 GMT
2830Location: https://shabakah.com.sa/en-us
2831X-SharePointHealthScore: 0
2832X-AspNet-Version: 4.0.30319
2833SPRequestGuid: 5021f99e-afd5-90c0-76f3-18fd099dde6f
2834request-id: 5021f99e-afd5-90c0-76f3-18fd099dde6f
2835X-FRAME-OPTIONS: SAMEORIGIN
2836SPRequestDuration: 100
2837SPIisLatency: 0
2838X-Powered-By: Shabakah Net
2839MicrosoftSharePointTeamServices: DENY
2840X-Content-Type-Options: nosniff
2841X-MS-InvokeApp: 1; RequireReadOnly
2842X-FRAME-OPTIONS: DENY
2843
2844HTTP/1.1 302 Redirect
2845Date: Sun, 11 Aug 2019 09:00:20 GMT
2846Server: Apache
2847Content-Length: 170
2848Content-Type: text/html; charset=UTF-8
2849Location: https://shabakah.com.sa/en-us/Pages/default.aspx
2850X-SharePointHealthScore: 0
2851SPRequestGuid: 5021f99e-bffc-90c0-76f3-1cd3a5f2a131
2852request-id: 5021f99e-bffc-90c0-76f3-1cd3a5f2a131
2853X-FRAME-OPTIONS: SAMEORIGIN
2854SPRequestDuration: 12
2855SPIisLatency: 1
2856X-Powered-By: Shabakah Net
2857MicrosoftSharePointTeamServices: DENY
2858X-Content-Type-Options: nosniff
2859X-MS-InvokeApp: 1; RequireReadOnly
2860X-FRAME-OPTIONS: DENY
2861
2862HTTP/1.1 200 OK
2863Date: Sun, 11 Aug 2019 09:00:21 GMT
2864Server: Apache
2865Cache-Control: private, max-age=0
2866Content-Length: 91644
2867Content-Type: text/html; charset=utf-8
2868Expires: Sat, 27 Jul 2019 09:00:21 GMT
2869Last-Modified: Sun, 11 Aug 2019 09:00:21 GMT
2870X-SharePointHealthScore: 0
2871X-AspNet-Version: 4.0.30319
2872SPRequestGuid: 5121f99e-ef1d-90c0-76f3-16e57e6094e8
2873request-id: 5121f99e-ef1d-90c0-76f3-16e57e6094e8
2874X-FRAME-OPTIONS: SAMEORIGIN
2875SPRequestDuration: 420
2876SPIisLatency: 0
2877X-Powered-By: Shabakah Net
2878MicrosoftSharePointTeamServices: DENY
2879X-Content-Type-Options: nosniff
2880X-MS-InvokeApp: 1; RequireReadOnly
2881X-FRAME-OPTIONS: DENY
2882#########################################################################################################################################
2883Version: 1.11.13-static
2884OpenSSL 1.0.2-chacha (1.0.2g-dev)
2885
2886Connected to 212.102.11.2
2887
2888Testing SSL server shabakah.com.sa on port 443 using SNI name shabakah.com.sa
2889
2890 TLS Fallback SCSV:
2891Server supports TLS Fallback SCSV
2892
2893 TLS renegotiation:
2894Secure session renegotiation supported
2895
2896 TLS Compression:
2897Compression disabled
2898
2899 Heartbleed:
2900TLS 1.2 not vulnerable to heartbleed
2901TLS 1.1 not vulnerable to heartbleed
2902TLS 1.0 not vulnerable to heartbleed
2903
2904 Supported Server Cipher(s):
2905Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2906Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2907Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2908Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2909Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2910Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2911Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2912Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2913Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2914Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2915Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
2916Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2917Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2918Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2919Accepted TLSv1.2 256 bits AES256-SHA256
2920Accepted TLSv1.2 256 bits AES256-SHA
2921Accepted TLSv1.2 128 bits AES128-SHA256
2922Accepted TLSv1.2 128 bits AES128-SHA
2923Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2924Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2925Accepted TLSv1.2 112 bits DES-CBC3-SHA
2926Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2927Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2928Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2929Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2930Accepted TLSv1.1 256 bits AES256-SHA
2931Accepted TLSv1.1 128 bits AES128-SHA
2932Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2933Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2934Accepted TLSv1.1 112 bits DES-CBC3-SHA
2935Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2936Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2937Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2938Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2939Accepted TLSv1.0 256 bits AES256-SHA
2940Accepted TLSv1.0 128 bits AES128-SHA
2941Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2942Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2943Accepted TLSv1.0 112 bits DES-CBC3-SHA
2944
2945 SSL Certificate:
2946Signature Algorithm: sha256WithRSAEncryption
2947RSA Key Strength: 2048
2948
2949Subject: *.shabakah.com.sa
2950Altnames: DNS:*.shabakah.com.sa, DNS:mail.shabakah.com.sa, DNS:autodiscover.shabakah.com.sa, DNS:shabakah.com.sa
2951Issuer: DigiCert SHA2 Secure Server CA
2952
2953Not valid before: Apr 11 00:00:00 2019 GMT
2954Not valid after: Jun 2 12:00:00 2021 GMT
2955########################################################################################################################################
2956------------------------------------------------------------------------------------------------------------------------
2957
2958[ ! ] Starting SCANNER INURLBR 2.1 at [11-08-2019 05:19:51]
2959[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
2960It is the end user's responsibility to obey all applicable local, state and federal laws.
2961Developers assume no liability and are not responsible for any misuse or damage caused by this program
2962
2963[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/shabakah.com.sa/output/inurlbr-shabakah.com.sa ]
2964[ INFO ][ DORK ]::[ site:shabakah.com.sa ]
2965[ INFO ][ SEARCHING ]:: {
2966[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.cu ]
2967
2968[ INFO ][ SEARCHING ]::
2969-[:::]
2970[ INFO ][ ENGINE ]::[ GOOGLE API ]
2971
2972[ INFO ][ SEARCHING ]::
2973-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2974[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.cat ID: 007843865286850066037:b0heuatvay8 ]
2975
2976[ INFO ][ SEARCHING ]::
2977-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2978
2979[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
2980
2981
2982 _[ - ]::--------------------------------------------------------------------------------------------------------------
2983|_[ + ] [ 0 / 100 ]-[05:20:24] [ - ]
2984|_[ + ] Target:: [ https://www.shabakah.com.sa/ ]
2985|_[ + ] Exploit::
2986|_[ + ] Information Server:: HTTP/1.1 302 Redirect, Server: Apache X-Powered-By: Shabakah Net, IP:212.102.11.2:443
2987|_[ + ] More details:: / - / , ISP:
2988|_[ + ] Found:: UNIDENTIFIED
2989
2990 _[ - ]::--------------------------------------------------------------------------------------------------------------
2991|_[ + ] [ 1 / 100 ]-[05:20:27] [ - ]
2992|_[ + ] Target:: [ https://prtg.shabakah.com.sa/ ]
2993|_[ + ] Exploit::
2994|_[ + ] Information Server:: HTTP/1.1 302 Moved Temporarily, Server: Apache , IP:212.102.11.2:443
2995|_[ + ] More details:: / - / , ISP:
2996|_[ + ] Found:: UNIDENTIFIED
2997
2998 _[ - ]::--------------------------------------------------------------------------------------------------------------
2999|_[ + ] [ 2 / 100 ]-[05:20:31] [ - ]
3000|_[ + ] Target:: [ https://muqeem.shabakah.com.sa/ ]
3001|_[ + ] Exploit::
3002|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:443
3003|_[ + ] More details:: / - / , ISP:
3004|_[ + ] Found:: UNIDENTIFIED
3005
3006 _[ - ]::--------------------------------------------------------------------------------------------------------------
3007|_[ + ] [ 3 / 100 ]-[05:20:36] [ - ]
3008|_[ + ] Target:: [ https://tamm.shabakah.com.sa/ ]
3009|_[ + ] Exploit::
3010|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:443
3011|_[ + ] More details:: / - / , ISP:
3012|_[ + ] Found:: UNIDENTIFIED
3013
3014 _[ - ]::--------------------------------------------------------------------------------------------------------------
3015|_[ + ] [ 4 / 100 ]-[05:20:38] [ - ]
3016|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs ]
3017|_[ + ] Exploit::
3018|_[ + ] Information Server:: HTTP/1.1 302 Redirect, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3019|_[ + ] More details:: / - / , ISP:
3020|_[ + ] Found:: UNIDENTIFIED
3021
3022 _[ - ]::--------------------------------------------------------------------------------------------------------------
3023|_[ + ] [ 5 / 100 ]-[05:20:42] [ - ]
3024|_[ + ] Target:: [ https://prtg.shabakah.com.sa/home ]
3025|_[ + ] Exploit::
3026|_[ + ] Information Server:: HTTP/1.1 302 Moved Temporarily, Server: Apache , IP:212.102.11.2:443
3027|_[ + ] More details:: / - / , ISP:
3028|_[ + ] Found:: UNIDENTIFIED
3029
3030 _[ - ]::--------------------------------------------------------------------------------------------------------------
3031|_[ + ] [ 6 / 100 ]-[05:20:46] [ - ]
3032|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/Conditions.aspx ]
3033|_[ + ] Exploit::
3034|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3035|_[ + ] More details:: / - / , ISP:
3036|_[ + ] Found:: UNIDENTIFIED
3037
3038 _[ - ]::--------------------------------------------------------------------------------------------------------------
3039|_[ + ] [ 7 / 100 ]-[05:20:50] [ - ]
3040|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/default.aspx ]
3041|_[ + ] Exploit::
3042|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3043|_[ + ] More details:: / - / , ISP:
3044|_[ + ] Found:: UNIDENTIFIED
3045
3046 _[ - ]::--------------------------------------------------------------------------------------------------------------
3047|_[ + ] [ 8 / 100 ]-[05:20:55] [ - ]
3048|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/default.aspx ]
3049|_[ + ] Exploit::
3050|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3051|_[ + ] More details:: / - / , ISP:
3052|_[ + ] Found:: UNIDENTIFIED
3053
3054 _[ - ]::--------------------------------------------------------------------------------------------------------------
3055|_[ + ] [ 9 / 100 ]-[05:21:00] [ - ]
3056|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/sitemap.aspx ]
3057|_[ + ] Exploit::
3058|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3059|_[ + ] More details:: / - / , ISP:
3060|_[ + ] Found:: UNIDENTIFIED
3061
3062 _[ - ]::--------------------------------------------------------------------------------------------------------------
3063|_[ + ] [ 10 / 100 ]-[05:21:04] [ - ]
3064|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/videosarchive.aspx ]
3065|_[ + ] Exploit::
3066|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3067|_[ + ] More details:: / - / , ISP:
3068|_[ + ] Found:: UNIDENTIFIED
3069
3070 _[ - ]::--------------------------------------------------------------------------------------------------------------
3071|_[ + ] [ 11 / 100 ]-[05:21:08] [ - ]
3072|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/pages/conditions.aspx ]
3073|_[ + ] Exploit::
3074|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3075|_[ + ] More details:: / - / , ISP:
3076|_[ + ] Found:: UNIDENTIFIED
3077
3078 _[ - ]::--------------------------------------------------------------------------------------------------------------
3079|_[ + ] [ 12 / 100 ]-[05:21:12] [ - ]
3080|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/pages/sitemap.aspx ]
3081|_[ + ] Exploit::
3082|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3083|_[ + ] More details:: / - / , ISP:
3084|_[ + ] Found:: UNIDENTIFIED
3085
3086 _[ - ]::--------------------------------------------------------------------------------------------------------------
3087|_[ + ] [ 13 / 100 ]-[05:21:17] [ - ]
3088|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/VideosArchive.aspx ]
3089|_[ + ] Exploit::
3090|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3091|_[ + ] More details:: / - / , ISP:
3092|_[ + ] Found:: UNIDENTIFIED
3093
3094 _[ - ]::--------------------------------------------------------------------------------------------------------------
3095|_[ + ] [ 14 / 100 ]-[05:21:20] [ - ]
3096|_[ + ] Target:: [ https://www.shabakah.com.sa/ar-sa/Industries ]
3097|_[ + ] Exploit::
3098|_[ + ] Information Server:: HTTP/1.1 302 Redirect, Server: Apache X-Powered-By: Shabakah Net, IP:212.102.11.2:443
3099|_[ + ] More details:: / - / , ISP:
3100|_[ + ] Found:: UNIDENTIFIED
3101
3102 _[ - ]::--------------------------------------------------------------------------------------------------------------
3103|_[ + ] [ 15 / 100 ]-[05:21:25] [ - ]
3104|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/mandaterequest.aspx ]
3105|_[ + ] Exploit::
3106|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3107|_[ + ] More details:: / - / , ISP:
3108|_[ + ] Found:: UNIDENTIFIED
3109
3110 _[ - ]::--------------------------------------------------------------------------------------------------------------
3111|_[ + ] [ 16 / 100 ]-[05:21:29] [ - ]
3112|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table4.aspx ]
3113|_[ + ] Exploit::
3114|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3115|_[ + ] More details:: / - / , ISP:
3116|_[ + ] Found:: UNIDENTIFIED
3117
3118 _[ - ]::--------------------------------------------------------------------------------------------------------------
3119|_[ + ] [ 17 / 100 ]-[05:21:33] [ - ]
3120|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table1.aspx ]
3121|_[ + ] Exploit::
3122|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3123|_[ + ] More details:: / - / , ISP:
3124|_[ + ] Found:: UNIDENTIFIED
3125
3126 _[ - ]::--------------------------------------------------------------------------------------------------------------
3127|_[ + ] [ 18 / 100 ]-[05:21:38] [ - ]
3128|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table4.aspx ]
3129|_[ + ] Exploit::
3130|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3131|_[ + ] More details:: / - / , ISP:
3132|_[ + ] Found:: UNIDENTIFIED
3133
3134 _[ - ]::--------------------------------------------------------------------------------------------------------------
3135|_[ + ] [ 19 / 100 ]-[05:21:42] [ - ]
3136|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/Applicationandreducethecriteria.aspx ]
3137|_[ + ] Exploit::
3138|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3139|_[ + ] More details:: / - / , ISP:
3140|_[ + ] Found:: UNIDENTIFIED
3141
3142 _[ - ]::--------------------------------------------------------------------------------------------------------------
3143|_[ + ] [ 20 / 100 ]-[05:21:46] [ - ]
3144|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/pages/table1.aspx ]
3145|_[ + ] Exploit::
3146|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3147|_[ + ] More details:: / - / , ISP:
3148|_[ + ] Found:: UNIDENTIFIED
3149
3150 _[ - ]::--------------------------------------------------------------------------------------------------------------
3151|_[ + ] [ 21 / 100 ]-[05:21:50] [ - ]
3152|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Aboutus/Pages/CustomsDetection.aspx ]
3153|_[ + ] Exploit::
3154|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3155|_[ + ] More details:: / - / , ISP:
3156|_[ + ] Found:: UNIDENTIFIED
3157
3158 _[ - ]::--------------------------------------------------------------------------------------------------------------
3159|_[ + ] [ 22 / 100 ]-[05:21:55] [ - ]
3160|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/aboutus/pages/vision.aspx ]
3161|_[ + ] Exploit::
3162|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3163|_[ + ] More details:: / - / , ISP:
3164|_[ + ] Found:: UNIDENTIFIED
3165
3166 _[ - ]::--------------------------------------------------------------------------------------------------------------
3167|_[ + ] [ 23 / 100 ]-[05:21:59] [ - ]
3168|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/servicesandcapacities.aspx ]
3169|_[ + ] Exploit::
3170|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3171|_[ + ] More details:: / - / , ISP:
3172|_[ + ] Found:: UNIDENTIFIED
3173
3174 _[ - ]::--------------------------------------------------------------------------------------------------------------
3175|_[ + ] [ 24 / 100 ]-[05:22:03] [ - ]
3176|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table2.aspx ]
3177|_[ + ] Exploit::
3178|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3179|_[ + ] More details:: / - / , ISP:
3180|_[ + ] Found:: UNIDENTIFIED
3181
3182 _[ - ]::--------------------------------------------------------------------------------------------------------------
3183|_[ + ] [ 25 / 100 ]-[05:22:07] [ - ]
3184|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/introduction.aspx ]
3185|_[ + ] Exploit::
3186|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3187|_[ + ] More details:: / - / , ISP:
3188|_[ + ] Found:: UNIDENTIFIED
3189
3190 _[ - ]::--------------------------------------------------------------------------------------------------------------
3191|_[ + ] [ 26 / 100 ]-[05:22:12] [ - ]
3192|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/mediacenter/pages/regulationofmarineagents.aspx ]
3193|_[ + ] Exploit::
3194|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3195|_[ + ] More details:: / - / , ISP:
3196|_[ + ] Found:: UNIDENTIFIED
3197
3198 _[ - ]::--------------------------------------------------------------------------------------------------------------
3199|_[ + ] [ 27 / 100 ]-[05:22:16] [ - ]
3200|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table3.aspx ]
3201|_[ + ] Exploit::
3202|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3203|_[ + ] More details:: / - / , ISP:
3204|_[ + ] Found:: UNIDENTIFIED
3205
3206 _[ - ]::--------------------------------------------------------------------------------------------------------------
3207|_[ + ] [ 28 / 100 ]-[05:22:20] [ - ]
3208|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/contactus/pages/feedbackcontact.aspx ]
3209|_[ + ] Exploit::
3210|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3211|_[ + ] More details:: / - / , ISP:
3212|_[ + ] Found:: UNIDENTIFIED
3213
3214 _[ - ]::--------------------------------------------------------------------------------------------------------------
3215|_[ + ] [ 29 / 100 ]-[05:22:24] [ - ]
3216|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/privatizationprogram.aspx ]
3217|_[ + ] Exploit::
3218|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3219|_[ + ] More details:: / - / , ISP:
3220|_[ + ] Found:: UNIDENTIFIED
3221
3222 _[ - ]::--------------------------------------------------------------------------------------------------------------
3223|_[ + ] [ 30 / 100 ]-[05:22:28] [ - ]
3224|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/ContactUs/Pages/ContactUs.aspx ]
3225|_[ + ] Exploit::
3226|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3227|_[ + ] More details:: / - / , ISP:
3228|_[ + ] Found:: UNIDENTIFIED
3229
3230 _[ - ]::--------------------------------------------------------------------------------------------------------------
3231|_[ + ] [ 31 / 100 ]-[05:22:33] [ - ]
3232|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/vision.aspx ]
3233|_[ + ] Exploit::
3234|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3235|_[ + ] More details:: / - / , ISP:
3236|_[ + ] Found:: UNIDENTIFIED
3237
3238 _[ - ]::--------------------------------------------------------------------------------------------------------------
3239|_[ + ] [ 32 / 100 ]-[05:22:37] [ - ]
3240|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/portstariffs/pages/table5.aspx ]
3241|_[ + ] Exploit::
3242|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3243|_[ + ] More details:: / - / , ISP:
3244|_[ + ] Found:: UNIDENTIFIED
3245
3246 _[ - ]::--------------------------------------------------------------------------------------------------------------
3247|_[ + ] [ 33 / 100 ]-[05:22:42] [ - ]
3248|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/eservices/pages/vesselsearch.aspx ]
3249|_[ + ] Exploit::
3250|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3251|_[ + ] More details:: / - / , ISP:
3252|_[ + ] Found:: UNIDENTIFIED
3253
3254 _[ - ]::--------------------------------------------------------------------------------------------------------------
3255|_[ + ] [ 34 / 100 ]-[05:22:46] [ - ]
3256|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Pages/privacy-policy.aspx ]
3257|_[ + ] Exploit::
3258|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3259|_[ + ] More details:: / - / , ISP:
3260|_[ + ] Found:: UNIDENTIFIED
3261
3262 _[ - ]::--------------------------------------------------------------------------------------------------------------
3263|_[ + ] [ 35 / 100 ]-[05:22:50] [ - ]
3264|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table2.aspx ]
3265|_[ + ] Exploit::
3266|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3267|_[ + ] More details:: / - / , ISP:
3268|_[ + ] Found:: UNIDENTIFIED
3269
3270 _[ - ]::--------------------------------------------------------------------------------------------------------------
3271|_[ + ] [ 36 / 100 ]-[05:22:54] [ - ]
3272|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/pages/feedbackcontact.aspx ]
3273|_[ + ] Exploit::
3274|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3275|_[ + ] More details:: / - / , ISP:
3276|_[ + ] Found:: UNIDENTIFIED
3277
3278 _[ - ]::--------------------------------------------------------------------------------------------------------------
3279|_[ + ] [ 37 / 100 ]-[05:23:03] [ - ]
3280|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Pages/privacy-policy.aspx ]
3281|_[ + ] Exploit::
3282|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3283|_[ + ] More details:: / - / , ISP:
3284|_[ + ] Found:: UNIDENTIFIED
3285
3286 _[ - ]::--------------------------------------------------------------------------------------------------------------
3287|_[ + ] [ 38 / 100 ]-[05:23:07] [ - ]
3288|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/ContactUs/Pages/FeedbackContact2.aspx ]
3289|_[ + ] Exploit::
3290|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3291|_[ + ] More details:: / - / , ISP:
3292|_[ + ] Found:: UNIDENTIFIED
3293
3294 _[ - ]::--------------------------------------------------------------------------------------------------------------
3295|_[ + ] [ 39 / 100 ]-[05:23:11] [ - ]
3296|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/aboutus/pages/privatizationprogram.aspx ]
3297|_[ + ] Exploit::
3298|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3299|_[ + ] More details:: / - / , ISP:
3300|_[ + ] Found:: UNIDENTIFIED
3301
3302 _[ - ]::--------------------------------------------------------------------------------------------------------------
3303|_[ + ] [ 40 / 100 ]-[05:23:15] [ - ]
3304|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/DEFINITIONS.aspx ]
3305|_[ + ] Exploit::
3306|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3307|_[ + ] More details:: / - / , ISP:
3308|_[ + ] Found:: UNIDENTIFIED
3309
3310 _[ - ]::--------------------------------------------------------------------------------------------------------------
3311|_[ + ] [ 41 / 100 ]-[05:23:20] [ - ]
3312|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/Pages/ContactUs.aspx ]
3313|_[ + ] Exploit::
3314|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3315|_[ + ] More details:: / - / , ISP:
3316|_[ + ] Found:: UNIDENTIFIED
3317
3318 _[ - ]::--------------------------------------------------------------------------------------------------------------
3319|_[ + ] [ 42 / 100 ]-[05:23:24] [ - ]
3320|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/table3.aspx ]
3321|_[ + ] Exploit::
3322|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3323|_[ + ] More details:: / - / , ISP:
3324|_[ + ] Found:: UNIDENTIFIED
3325
3326 _[ - ]::--------------------------------------------------------------------------------------------------------------
3327|_[ + ] [ 43 / 100 ]-[05:23:28] [ - ]
3328|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsTariffs/Pages/DEFINITIONS.aspx ]
3329|_[ + ] Exploit::
3330|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3331|_[ + ] More details:: / - / , ISP:
3332|_[ + ] Found:: UNIDENTIFIED
3333
3334 _[ - ]::--------------------------------------------------------------------------------------------------------------
3335|_[ + ] [ 44 / 100 ]-[05:23:32] [ - ]
3336|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/MediaCenter/Pages/default.aspx ]
3337|_[ + ] Exploit::
3338|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3339|_[ + ] More details:: / - / , ISP:
3340|_[ + ] Found:: UNIDENTIFIED
3341
3342 _[ - ]::--------------------------------------------------------------------------------------------------------------
3343|_[ + ] [ 45 / 100 ]-[05:23:38] [ - ]
3344|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/aboutus/pages/servicesandcapacities.aspx ]
3345|_[ + ] Exploit::
3346|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3347|_[ + ] More details:: / - / , ISP:
3348|_[ + ] Found:: UNIDENTIFIED
3349
3350 _[ - ]::--------------------------------------------------------------------------------------------------------------
3351|_[ + ] [ 46 / 100 ]-[05:23:42] [ - ]
3352|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/OpenData/Pages/OpenDataLibrary.aspx ]
3353|_[ + ] Exploit::
3354|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3355|_[ + ] More details:: / - / , ISP:
3356|_[ + ] Found:: UNIDENTIFIED
3357
3358 _[ - ]::--------------------------------------------------------------------------------------------------------------
3359|_[ + ] [ 47 / 100 ]-[05:23:47] [ - ]
3360|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/vesselsearch.aspx ]
3361|_[ + ] Exploit::
3362|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3363|_[ + ] More details:: / - / , ISP:
3364|_[ + ] Found:: UNIDENTIFIED
3365
3366 _[ - ]::--------------------------------------------------------------------------------------------------------------
3367|_[ + ] [ 48 / 100 ]-[05:23:51] [ - ]
3368|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/boardofdirectors.aspx ]
3369|_[ + ] Exploit::
3370|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3371|_[ + ] More details:: / - / , ISP:
3372|_[ + ] Found:: UNIDENTIFIED
3373
3374 _[ - ]::--------------------------------------------------------------------------------------------------------------
3375|_[ + ] [ 49 / 100 ]-[05:23:55] [ - ]
3376|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/pages/orgstruct.aspx ]
3377|_[ + ] Exploit::
3378|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3379|_[ + ] More details:: / - / , ISP:
3380|_[ + ] Found:: UNIDENTIFIED
3381
3382 _[ - ]::--------------------------------------------------------------------------------------------------------------
3383|_[ + ] [ 50 / 100 ]-[05:23:59] [ - ]
3384|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/emp.aspx ]
3385|_[ + ] Exploit::
3386|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3387|_[ + ] More details:: / - / , ISP:
3388|_[ + ] Found:: UNIDENTIFIED
3389
3390 _[ - ]::--------------------------------------------------------------------------------------------------------------
3391|_[ + ] [ 51 / 100 ]-[05:24:03] [ - ]
3392|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/eservices/pages/invoices.aspx ]
3393|_[ + ] Exploit::
3394|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3395|_[ + ] More details:: / - / , ISP:
3396|_[ + ] Found:: UNIDENTIFIED
3397
3398 _[ - ]::--------------------------------------------------------------------------------------------------------------
3399|_[ + ] [ 52 / 100 ]-[05:24:08] [ - ]
3400|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/Pages/Vacancies.aspx ]
3401|_[ + ] Exploit::
3402|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3403|_[ + ] More details:: / - / , ISP:
3404|_[ + ] Found:: UNIDENTIFIED
3405
3406 _[ - ]::--------------------------------------------------------------------------------------------------------------
3407|_[ + ] [ 53 / 100 ]-[05:24:12] [ - ]
3408|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/Pages/introduction.aspx ]
3409|_[ + ] Exploit::
3410|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3411|_[ + ] More details:: / - / , ISP:
3412|_[ + ] Found:: UNIDENTIFIED
3413
3414 _[ - ]::--------------------------------------------------------------------------------------------------------------
3415|_[ + ] [ 54 / 100 ]-[05:24:16] [ - ]
3416|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/authentication/pages/forgetpassword.aspx ]
3417|_[ + ] Exploit::
3418|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3419|_[ + ] More details:: / - / , ISP:
3420|_[ + ] Found:: UNIDENTIFIED
3421
3422 _[ - ]::--------------------------------------------------------------------------------------------------------------
3423|_[ + ] [ 55 / 100 ]-[05:24:20] [ - ]
3424|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/table5.aspx ]
3425|_[ + ] Exploit::
3426|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3427|_[ + ] More details:: / - / , ISP:
3428|_[ + ] Found:: UNIDENTIFIED
3429
3430 _[ - ]::--------------------------------------------------------------------------------------------------------------
3431|_[ + ] [ 56 / 100 ]-[05:24:24] [ - ]
3432|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/vpn.aspx ]
3433|_[ + ] Exploit::
3434|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3435|_[ + ] More details:: / - / , ISP:
3436|_[ + ] Found:: UNIDENTIFIED
3437
3438 _[ - ]::--------------------------------------------------------------------------------------------------------------
3439|_[ + ] [ 57 / 100 ]-[05:24:29] [ - ]
3440|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/sickleave.aspx ]
3441|_[ + ] Exploit::
3442|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3443|_[ + ] More details:: / - / , ISP:
3444|_[ + ] Found:: UNIDENTIFIED
3445
3446 _[ - ]::--------------------------------------------------------------------------------------------------------------
3447|_[ + ] [ 58 / 100 ]-[05:24:33] [ - ]
3448|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/authentication/Pages/login.aspx ]
3449|_[ + ] Exploit::
3450|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3451|_[ + ] More details:: / - / , ISP:
3452|_[ + ] Found:: UNIDENTIFIED
3453
3454 _[ - ]::--------------------------------------------------------------------------------------------------------------
3455|_[ + ] [ 59 / 100 ]-[05:24:37] [ - ]
3456|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/DefinitionOfTerms.aspx ]
3457|_[ + ] Exploit::
3458|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3459|_[ + ] More details:: / - / , ISP:
3460|_[ + ] Found:: UNIDENTIFIED
3461
3462 _[ - ]::--------------------------------------------------------------------------------------------------------------
3463|_[ + ] [ 60 / 100 ]-[05:24:43] [ - ]
3464|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/RulesRegulations/Pages/default.aspx ]
3465|_[ + ] Exploit::
3466|_[ + ] Information Server:: , , IP::0
3467|_[ + ] More details::
3468|_[ + ] Found:: UNIDENTIFIED
3469
3470 _[ - ]::--------------------------------------------------------------------------------------------------------------
3471|_[ + ] [ 61 / 100 ]-[05:24:47] [ - ]
3472|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/ContactUs/pages/default.aspx ]
3473|_[ + ] Exploit::
3474|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3475|_[ + ] More details:: / - / , ISP:
3476|_[ + ] Found:: UNIDENTIFIED
3477
3478 _[ - ]::--------------------------------------------------------------------------------------------------------------
3479|_[ + ] [ 62 / 100 ]-[05:24:51] [ - ]
3480|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/OpenData/Pages/default.aspx ]
3481|_[ + ] Exploit::
3482|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3483|_[ + ] More details:: / - / , ISP:
3484|_[ + ] Found:: UNIDENTIFIED
3485
3486 _[ - ]::--------------------------------------------------------------------------------------------------------------
3487|_[ + ] [ 63 / 100 ]-[05:24:56] [ - ]
3488|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/mediacenter/pages/aboutopendata.aspx ]
3489|_[ + ] Exploit::
3490|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3491|_[ + ] More details:: / - / , ISP:
3492|_[ + ] Found:: UNIDENTIFIED
3493
3494 _[ - ]::--------------------------------------------------------------------------------------------------------------
3495|_[ + ] [ 64 / 100 ]-[05:25:00] [ - ]
3496|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/Pages/default.aspx ]
3497|_[ + ] Exploit::
3498|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3499|_[ + ] More details:: / - / , ISP:
3500|_[ + ] Found:: UNIDENTIFIED
3501
3502 _[ - ]::--------------------------------------------------------------------------------------------------------------
3503|_[ + ] [ 65 / 100 ]-[05:25:04] [ - ]
3504|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/VacationRequest.aspx ]
3505|_[ + ] Exploit::
3506|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3507|_[ + ] More details:: / - / , ISP:
3508|_[ + ] Found:: UNIDENTIFIED
3509
3510 _[ - ]::--------------------------------------------------------------------------------------------------------------
3511|_[ + ] [ 66 / 100 ]-[05:25:08] [ - ]
3512|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/jobpeformrequst.aspx ]
3513|_[ + ] Exploit::
3514|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3515|_[ + ] More details:: / - / , ISP:
3516|_[ + ] Found:: UNIDENTIFIED
3517
3518 _[ - ]::--------------------------------------------------------------------------------------------------------------
3519|_[ + ] [ 67 / 100 ]-[05:25:12] [ - ]
3520|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/Pages/FeedbackContact2.aspx ]
3521|_[ + ] Exploit::
3522|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3523|_[ + ] More details:: / - / , ISP:
3524|_[ + ] Found:: UNIDENTIFIED
3525
3526 _[ - ]::--------------------------------------------------------------------------------------------------------------
3527|_[ + ] [ 68 / 100 ]-[05:25:17] [ - ]
3528|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/SAPorts/Pages/default.aspx ]
3529|_[ + ] Exploit::
3530|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3531|_[ + ] More details:: / - / , ISP:
3532|_[ + ] Found:: UNIDENTIFIED
3533
3534 _[ - ]::--------------------------------------------------------------------------------------------------------------
3535|_[ + ] [ 69 / 100 ]-[05:25:21] [ - ]
3536|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/Pages/Rules.aspx ]
3537|_[ + ] Exploit::
3538|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3539|_[ + ] More details:: / - / , ISP:
3540|_[ + ] Found:: UNIDENTIFIED
3541
3542 _[ - ]::--------------------------------------------------------------------------------------------------------------
3543|_[ + ] [ 70 / 100 ]-[05:25:25] [ - ]
3544|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Employees/Pages/fin.aspx ]
3545|_[ + ] Exploit::
3546|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3547|_[ + ] More details:: / - / , ISP:
3548|_[ + ] Found:: UNIDENTIFIED
3549
3550 _[ - ]::--------------------------------------------------------------------------------------------------------------
3551|_[ + ] [ 71 / 100 ]-[05:25:29] [ - ]
3552|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/eservices/pages/rent.aspx ]
3553|_[ + ] Exploit::
3554|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3555|_[ + ] More details:: / - / , ISP:
3556|_[ + ] Found:: UNIDENTIFIED
3557
3558 _[ - ]::--------------------------------------------------------------------------------------------------------------
3559|_[ + ] [ 72 / 100 ]-[05:25:33] [ - ]
3560|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Aboutus/Pages/default.aspx ]
3561|_[ + ] Exploit::
3562|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3563|_[ + ] More details:: / - / , ISP:
3564|_[ + ] Found:: UNIDENTIFIED
3565
3566 _[ - ]::--------------------------------------------------------------------------------------------------------------
3567|_[ + ] [ 73 / 100 ]-[05:25:38] [ - ]
3568|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/MediaCenter/Pages/OpenDataPolicy.aspx ]
3569|_[ + ] Exploit::
3570|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3571|_[ + ] More details:: / - / , ISP:
3572|_[ + ] Found:: UNIDENTIFIED
3573
3574 _[ - ]::--------------------------------------------------------------------------------------------------------------
3575|_[ + ] [ 74 / 100 ]-[05:25:42] [ - ]
3576|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/PortsTariffs/Pages/default.aspx ]
3577|_[ + ] Exploit::
3578|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3579|_[ + ] More details:: / - / , ISP:
3580|_[ + ] Found:: UNIDENTIFIED
3581
3582 _[ - ]::--------------------------------------------------------------------------------------------------------------
3583|_[ + ] [ 75 / 100 ]-[05:25:46] [ - ]
3584|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/eca.aspx ]
3585|_[ + ] Exploit::
3586|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3587|_[ + ] More details:: / - / , ISP:
3588|_[ + ] Found:: UNIDENTIFIED
3589
3590 _[ - ]::--------------------------------------------------------------------------------------------------------------
3591|_[ + ] [ 76 / 100 ]-[05:25:50] [ - ]
3592|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/authentication/Pages/login.aspx ]
3593|_[ + ] Exploit::
3594|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3595|_[ + ] More details:: / - / , ISP:
3596|_[ + ] Found:: UNIDENTIFIED
3597
3598 _[ - ]::--------------------------------------------------------------------------------------------------------------
3599|_[ + ] [ 77 / 100 ]-[05:25:55] [ - ]
3600|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/MediaCenter/Pages/default.aspx ]
3601|_[ + ] Exploit::
3602|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3603|_[ + ] More details:: / - / , ISP:
3604|_[ + ] Found:: UNIDENTIFIED
3605
3606 _[ - ]::--------------------------------------------------------------------------------------------------------------
3607|_[ + ] [ 78 / 100 ]-[05:25:59] [ - ]
3608|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/MediaCenter/pages/aboutopendata.aspx ]
3609|_[ + ] Exploit::
3610|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3611|_[ + ] More details:: / - / , ISP:
3612|_[ + ] Found:: UNIDENTIFIED
3613
3614 _[ - ]::--------------------------------------------------------------------------------------------------------------
3615|_[ + ] [ 79 / 100 ]-[05:26:03] [ - ]
3616|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/Employees/Pages/default.aspx ]
3617|_[ + ] Exploit::
3618|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3619|_[ + ] More details:: / - / , ISP:
3620|_[ + ] Found:: UNIDENTIFIED
3621
3622 _[ - ]::--------------------------------------------------------------------------------------------------------------
3623|_[ + ] [ 80 / 100 ]-[05:26:07] [ - ]
3624|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/SAPorts/Pages/default.aspx ]
3625|_[ + ] Exploit::
3626|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3627|_[ + ] More details:: / - / , ISP:
3628|_[ + ] Found:: UNIDENTIFIED
3629
3630 _[ - ]::--------------------------------------------------------------------------------------------------------------
3631|_[ + ] [ 81 / 100 ]-[05:26:11] [ - ]
3632|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/invoices.aspx ]
3633|_[ + ] Exploit::
3634|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3635|_[ + ] More details:: / - / , ISP:
3636|_[ + ] Found:: UNIDENTIFIED
3637
3638 _[ - ]::--------------------------------------------------------------------------------------------------------------
3639|_[ + ] [ 82 / 100 ]-[05:26:15] [ - ]
3640|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/authentication/pages/registernewuser.aspx ]
3641|_[ + ] Exploit::
3642|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3643|_[ + ] More details:: / - / , ISP:
3644|_[ + ] Found:: UNIDENTIFIED
3645
3646 _[ - ]::--------------------------------------------------------------------------------------------------------------
3647|_[ + ] [ 83 / 100 ]-[05:26:20] [ - ]
3648|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/Pages/Applicationandreducethecriteria.aspx ]
3649|_[ + ] Exploit::
3650|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3651|_[ + ] More details:: / - / , ISP:
3652|_[ + ] Found:: UNIDENTIFIED
3653
3654 _[ - ]::--------------------------------------------------------------------------------------------------------------
3655|_[ + ] [ 84 / 100 ]-[05:26:24] [ - ]
3656|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/ContactUs/Pages/default.aspx ]
3657|_[ + ] Exploit::
3658|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3659|_[ + ] More details:: / - / , ISP:
3660|_[ + ] Found:: UNIDENTIFIED
3661
3662 _[ - ]::--------------------------------------------------------------------------------------------------------------
3663|_[ + ] [ 85 / 100 ]-[05:26:28] [ - ]
3664|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/PortsProcedures/Pages/Procedures.aspx ]
3665|_[ + ] Exploit::
3666|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3667|_[ + ] More details:: / - / , ISP:
3668|_[ + ] Found:: UNIDENTIFIED
3669
3670 _[ - ]::--------------------------------------------------------------------------------------------------------------
3671|_[ + ] [ 86 / 100 ]-[05:26:32] [ - ]
3672|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/MediaCenter/pages/regulationofmarineagents.aspx ]
3673|_[ + ] Exploit::
3674|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3675|_[ + ] More details:: / - / , ISP:
3676|_[ + ] Found:: UNIDENTIFIED
3677
3678 _[ - ]::--------------------------------------------------------------------------------------------------------------
3679|_[ + ] [ 87 / 100 ]-[05:26:36] [ - ]
3680|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/Aboutus/Pages/survey.aspx ]
3681|_[ + ] Exploit::
3682|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3683|_[ + ] More details:: / - / , ISP:
3684|_[ + ] Found:: UNIDENTIFIED
3685
3686 _[ - ]::--------------------------------------------------------------------------------------------------------------
3687|_[ + ] [ 88 / 100 ]-[05:26:41] [ - ]
3688|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/pages/rent.aspx ]
3689|_[ + ] Exploit::
3690|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3691|_[ + ] More details:: / - / , ISP:
3692|_[ + ] Found:: UNIDENTIFIED
3693
3694 _[ - ]::--------------------------------------------------------------------------------------------------------------
3695|_[ + ] [ 89 / 100 ]-[05:26:45] [ - ]
3696|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/EServices/Pages/Vacancies.aspx ]
3697|_[ + ] Exploit::
3698|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3699|_[ + ] More details:: / - / , ISP:
3700|_[ + ] Found:: UNIDENTIFIED
3701
3702 _[ - ]::--------------------------------------------------------------------------------------------------------------
3703|_[ + ] [ 90 / 100 ]-[05:26:49] [ - ]
3704|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/authentication/pages/registernewuser.aspx ]
3705|_[ + ] Exploit::
3706|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3707|_[ + ] More details:: / - / , ISP:
3708|_[ + ] Found:: UNIDENTIFIED
3709
3710 _[ - ]::--------------------------------------------------------------------------------------------------------------
3711|_[ + ] [ 91 / 100 ]-[05:26:53] [ - ]
3712|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/pages/definitionofterms.aspx ]
3713|_[ + ] Exploit::
3714|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3715|_[ + ] More details:: / - / , ISP:
3716|_[ + ] Found:: UNIDENTIFIED
3717
3718 _[ - ]::--------------------------------------------------------------------------------------------------------------
3719|_[ + ] [ 92 / 100 ]-[05:26:57] [ - ]
3720|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/RulesRegulations/Pages/default.aspx ]
3721|_[ + ] Exploit::
3722|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3723|_[ + ] More details:: / - / , ISP:
3724|_[ + ] Found:: UNIDENTIFIED
3725
3726 _[ - ]::--------------------------------------------------------------------------------------------------------------
3727|_[ + ] [ 93 / 100 ]-[05:27:02] [ - ]
3728|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/authentication/pages/forgetpassword.aspx ]
3729|_[ + ] Exploit::
3730|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3731|_[ + ] More details:: / - / , ISP:
3732|_[ + ] Found:: UNIDENTIFIED
3733
3734 _[ - ]::--------------------------------------------------------------------------------------------------------------
3735|_[ + ] [ 94 / 100 ]-[05:27:06] [ - ]
3736|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/mediacenter/pages/releases.aspx ]
3737|_[ + ] Exploit::
3738|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3739|_[ + ] More details:: / - / , ISP:
3740|_[ + ] Found:: UNIDENTIFIED
3741
3742 _[ - ]::--------------------------------------------------------------------------------------------------------------
3743|_[ + ] [ 95 / 100 ]-[05:27:12] [ - ]
3744|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/EServices/Biddings/Pages/BiddingsListResult.aspx ]
3745|_[ + ] Exploit::
3746|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3747|_[ + ] More details:: / - / , ISP:
3748|_[ + ] Found:: UNIDENTIFIED
3749
3750 _[ - ]::--------------------------------------------------------------------------------------------------------------
3751|_[ + ] [ 96 / 100 ]-[05:27:18] [ - ]
3752|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/MediaCenter/NewsCenter/Pages/default.aspx ]
3753|_[ + ] Exploit::
3754|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3755|_[ + ] More details:: / - / , ISP:
3756|_[ + ] Found:: UNIDENTIFIED
3757
3758 _[ - ]::--------------------------------------------------------------------------------------------------------------
3759|_[ + ] [ 97 / 100 ]-[05:27:23] [ - ]
3760|_[ + ] Target:: [ http://mawani.shabakah.com.sa/ar-sa/SAPorts/Jbeilt/Pages/default.aspx ]
3761|_[ + ] Exploit::
3762|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3763|_[ + ] More details:: / - / , ISP:
3764|_[ + ] Found:: UNIDENTIFIED
3765
3766 _[ - ]::--------------------------------------------------------------------------------------------------------------
3767|_[ + ] [ 98 / 100 ]-[05:27:27] [ - ]
3768|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/SAPorts/Jbeilt/Pages/default.aspx ]
3769|_[ + ] Exploit::
3770|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3771|_[ + ] More details:: / - / , ISP:
3772|_[ + ] Found:: UNIDENTIFIED
3773
3774 _[ - ]::--------------------------------------------------------------------------------------------------------------
3775|_[ + ] [ 99 / 100 ]-[05:27:33] [ - ]
3776|_[ + ] Target:: [ http://mawani.shabakah.com.sa/en-us/EServices/Biddings/Pages/BidingsAnnouncement.aspx ]
3777|_[ + ] Exploit::
3778|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache X-Powered-By: ASP.NET, IP:212.102.11.2:80
3779|_[ + ] More details:: / - / , ISP:
3780|_[ + ] Found:: UNIDENTIFIED
3781
3782[ INFO ] [ Shutting down ]
3783[ INFO ] [ End of process INURLBR at [11-08-2019 05:27:33]
3784[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
3785[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/shabakah.com.sa/output/inurlbr-shabakah.com.sa ]
3786|_________________________________________________________________________________________
3787
3788\_________________________________________________________________________________________/
3789########################################################################################################################################
3790Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 03:50 EDT
3791Nmap scan report for ruh-firewall.shabakah.net.sa (212.102.11.2)
3792Host is up (0.52s latency).
3793Not shown: 476 filtered ports, 4 closed ports
3794Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
3795PORT STATE SERVICE
379680/tcp open http
3797443/tcp open https
37988008/tcp open http
3799########################################################################################################################################
3800Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 03:54 EDT
3801Nmap scan report for ruh-firewall.shabakah.net.sa (212.102.11.2)
3802Host is up (0.21s latency).
3803Not shown: 2 filtered ports
3804PORT STATE SERVICE
380553/udp open|filtered domain
380667/udp open|filtered dhcps
380768/udp open|filtered dhcpc
380869/udp open|filtered tftp
380988/udp open|filtered kerberos-sec
3810123/udp open|filtered ntp
3811139/udp open|filtered netbios-ssn
3812161/udp open|filtered snmp
3813162/udp open|filtered snmptrap
3814389/udp open|filtered ldap
3815500/udp open|filtered isakmp
3816520/udp open|filtered route
38172049/udp open|filtered nfs
3818########################################################################################################################################
3819Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 03:54 EDT
3820NSE: Loaded 162 scripts for scanning.
3821NSE: Script Pre-scanning.
3822Initiating NSE at 03:54
3823Completed NSE at 03:54, 0.00s elapsed
3824Initiating NSE at 03:54
3825Completed NSE at 03:54, 0.00s elapsed
3826Initiating Parallel DNS resolution of 1 host. at 03:54
3827Completed Parallel DNS resolution of 1 host. at 03:54, 0.02s elapsed
3828Initiating SYN Stealth Scan at 03:54
3829Scanning ruh-firewall.shabakah.net.sa (212.102.11.2) [1 port]
3830Completed SYN Stealth Scan at 03:54, 0.56s elapsed (1 total ports)
3831Initiating Service scan at 03:54
3832Initiating OS detection (try #1) against ruh-firewall.shabakah.net.sa (212.102.11.2)
3833Retrying OS detection (try #2) against ruh-firewall.shabakah.net.sa (212.102.11.2)
3834Initiating Traceroute at 03:54
3835Completed Traceroute at 03:54, 3.50s elapsed
3836Initiating Parallel DNS resolution of 18 hosts. at 03:54
3837Completed Parallel DNS resolution of 18 hosts. at 03:54, 0.79s elapsed
3838NSE: Script scanning 212.102.11.2.
3839Initiating NSE at 03:54
3840Completed NSE at 03:54, 0.01s elapsed
3841Initiating NSE at 03:54
3842Completed NSE at 03:54, 0.00s elapsed
3843Nmap scan report for ruh-firewall.shabakah.net.sa (212.102.11.2)
3844Host is up (0.10s latency).
3845
3846PORT STATE SERVICE VERSION
384780/tcp filtered http
3848Too many fingerprints match this host to give specific OS details
3849Network Distance: 20 hops
3850
3851TRACEROUTE (using proto 1/icmp)
3852HOP RTT ADDRESS
38531 209.72 ms 10.248.200.1
38542 210.29 ms 185.242.4.145
38553 209.82 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
38564 209.86 ms ix-xe-4-1-3-0.tcore2.tv2-tokyo.as6453.net (180.87.181.169)
38575 463.75 ms if-ae-2-2.tcore1.tv2-tokyo.as6453.net (180.87.180.1)
38586 211.78 ms if-et-21-2.hcore1.kv8-chiba.as6453.net (120.29.217.67)
38597 459.38 ms if-ae-5-2.tcore2.sv1-santa-clara.as6453.net (209.58.86.142)
38608 457.55 ms if-ae-38-2.tcore1.sqn-san-jose.as6453.net (63.243.205.74)
38619 457.74 ms if-ae-12-2.tcore1.nto-new-york.as6453.net (63.243.128.28)
386210 460.81 ms if-ae-7-2.tcore1.n0v-new-york.as6453.net (63.243.128.26)
386311 464.10 ms if-ae-2-2.tcore2.n0v-new-york.as6453.net (216.6.90.22)
386412 464.57 ms if-ae-4-2.tcore2.l78-london.as6453.net (80.231.131.157)
386513 464.17 ms if-ae-9-2.tcore2.wyn-marseille.as6453.net (80.231.200.13)
386614 515.74 ms 80.231.200.146
386715 512.59 ms 87.101.255.133
386816 ... 17
386918 526.91 ms 87.101.184.50
387019 523.89 ms ofw.shabakah.net.sa (212.102.0.66)
387120 523.47 ms ruh-firewall.shabakah.net.sa (212.102.11.2)
3872
3873NSE: Script Post-scanning.
3874Initiating NSE at 03:54
3875Completed NSE at 03:54, 0.00s elapsed
3876Initiating NSE at 03:54
3877Completed NSE at 03:54, 0.00s elapsed
3878Read data files from: /usr/bin/../share/nmap
3879########################################################################################################################################
3880
3881wig - WebApp Information Gatherer
3882
3883
3884Scanning http://212.102.11.2...
3885_____________________ SITE INFO ______________________
3886IP Title
3887212.102.11.2 403 Forbidden
3888
3889______________________ VERSION _______________________
3890Name Versions Type
3891Apache Platform
3892
3893____________________ INTERESTING _____________________
3894URL Note Type
3895/readme.html Readme file Interesting
3896/install.php Installation file Interesting
3897/test.php Test file Interesting
3898
3899______________________________________________________
3900Time: 68.5 sec Urls: 599 Fingerprints: 40401
3901#########################################################################################################################################
3902HTTP/1.1 403 Forbidden
3903Date: Sun, 11 Aug 2019 07:55:45 GMT
3904Server: Apache
3905Content-Type: text/html; charset=iso-8859-1
3906
3907HTTP/1.1 403 Forbidden
3908Date: Sun, 11 Aug 2019 07:55:46 GMT
3909Server: Apache
3910Content-Type: text/html; charset=iso-8859-1
3911########################################################################################################################################
3912Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 03:55 EDT
3913NSE: Loaded 162 scripts for scanning.
3914NSE: Script Pre-scanning.
3915Initiating NSE at 03:55
3916Completed NSE at 03:55, 0.00s elapsed
3917Initiating NSE at 03:55
3918Completed NSE at 03:55, 0.00s elapsed
3919Initiating Parallel DNS resolution of 1 host. at 03:55
3920Completed Parallel DNS resolution of 1 host. at 03:55, 0.03s elapsed
3921Initiating SYN Stealth Scan at 03:55
3922Scanning ruh-firewall.shabakah.net.sa (212.102.11.2) [1 port]
3923Completed SYN Stealth Scan at 03:55, 0.54s elapsed (1 total ports)
3924Initiating Service scan at 03:55
3925Initiating OS detection (try #1) against ruh-firewall.shabakah.net.sa (212.102.11.2)
3926Retrying OS detection (try #2) against ruh-firewall.shabakah.net.sa (212.102.11.2)
3927Initiating Traceroute at 03:55
3928Completed Traceroute at 03:55, 3.47s elapsed
3929Initiating Parallel DNS resolution of 18 hosts. at 03:55
3930Completed Parallel DNS resolution of 18 hosts. at 03:55, 0.45s elapsed
3931NSE: Script scanning 212.102.11.2.
3932Initiating NSE at 03:55
3933Completed NSE at 03:55, 0.01s elapsed
3934Initiating NSE at 03:55
3935Completed NSE at 03:55, 0.00s elapsed
3936Nmap scan report for ruh-firewall.shabakah.net.sa (212.102.11.2)
3937Host is up (0.087s latency).
3938
3939PORT STATE SERVICE VERSION
3940443/tcp filtered https
3941Too many fingerprints match this host to give specific OS details
3942Network Distance: 20 hops
3943
3944TRACEROUTE (using proto 1/icmp)
3945HOP RTT ADDRESS
39461 209.24 ms 10.248.200.1
39472 209.41 ms 185.242.4.145
39483 209.28 ms xe-1-0-2-0.bb1.tyo1.jp.m247.com (82.102.29.232)
39494 209.30 ms ix-xe-4-1-3-0.tcore2.tv2-tokyo.as6453.net (180.87.181.169)
39505 468.05 ms if-ae-2-2.tcore1.tv2-tokyo.as6453.net (180.87.180.1)
39516 209.92 ms if-et-21-2.hcore1.kv8-chiba.as6453.net (120.29.217.67)
39527 457.31 ms if-ae-5-2.tcore2.sv1-santa-clara.as6453.net (209.58.86.142)
39538 456.07 ms if-ae-38-2.tcore1.sqn-san-jose.as6453.net (63.243.205.74)
39549 454.75 ms if-ae-12-2.tcore1.nto-new-york.as6453.net (63.243.128.28)
395510 458.44 ms if-ae-7-2.tcore1.n0v-new-york.as6453.net (63.243.128.26)
395611 465.63 ms if-ae-2-2.tcore2.n0v-new-york.as6453.net (216.6.90.22)
395712 465.87 ms if-ae-4-2.tcore2.l78-london.as6453.net (80.231.131.157)
395813 457.97 ms if-ae-9-2.tcore2.wyn-marseille.as6453.net (80.231.200.13)
395914 516.88 ms 80.231.200.146
396015 511.20 ms 87.101.255.133
396116 ... 17
396218 524.23 ms 87.101.184.50
396319 523.19 ms ofw.shabakah.net.sa (212.102.0.66)
396420 525.89 ms ruh-firewall.shabakah.net.sa (212.102.11.2)
3965
3966NSE: Script Post-scanning.
3967Initiating NSE at 03:55
3968Completed NSE at 03:55, 0.00s elapsed
3969Initiating NSE at 03:55
3970Completed NSE at 03:55, 0.00s elapsed
3971Read data files from: /usr/bin/../share/nmap
3972########################################################################################################################################
3973Version: 1.11.13-static
3974OpenSSL 1.0.2-chacha (1.0.2g-dev)
3975
3976Connected to 212.102.11.2
3977
3978Testing SSL server 212.102.11.2 on port 443 using SNI name 212.102.11.2
3979
3980 TLS Fallback SCSV:
3981Server supports TLS Fallback SCSV
3982
3983 TLS renegotiation:
3984Secure session renegotiation supported
3985
3986 TLS Compression:
3987Compression disabled
3988
3989 Heartbleed:
3990TLS 1.2 not vulnerable to heartbleed
3991TLS 1.1 not vulnerable to heartbleed
3992TLS 1.0 not vulnerable to heartbleed
3993
3994 Supported Server Cipher(s):
3995Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3996Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3997Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
3998Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
3999Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
4000Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
4001Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
4002Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
4003Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
4004Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
4005Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
4006Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
4007Accepted TLSv1.2 256 bits AES256-GCM-SHA384
4008Accepted TLSv1.2 128 bits AES128-GCM-SHA256
4009Accepted TLSv1.2 256 bits AES256-SHA256
4010Accepted TLSv1.2 256 bits AES256-SHA
4011Accepted TLSv1.2 128 bits AES128-SHA256
4012Accepted TLSv1.2 128 bits AES128-SHA
4013Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
4014Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
4015Accepted TLSv1.2 112 bits DES-CBC3-SHA
4016Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
4017Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
4018Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
4019Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
4020Accepted TLSv1.1 256 bits AES256-SHA
4021Accepted TLSv1.1 128 bits AES128-SHA
4022Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
4023Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
4024Accepted TLSv1.1 112 bits DES-CBC3-SHA
4025Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
4026Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
4027Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
4028Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
4029Accepted TLSv1.0 256 bits AES256-SHA
4030Accepted TLSv1.0 128 bits AES128-SHA
4031Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
4032Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
4033Accepted TLSv1.0 112 bits DES-CBC3-SHA
4034
4035 SSL Certificate:
4036Signature Algorithm: sha256WithRSAEncryption
4037RSA Key Strength: 2048
4038
4039Subject: *.nhic.gov.sa
4040Altnames: DNS:*.nhic.gov.sa, DNS:nhic.gov.sa
4041Issuer: DigiCert SHA2 Secure Server CA
4042
4043Not valid before: Sep 25 00:00:00 2018 GMT
4044Not valid after: Oct 4 12:00:00 2019 GMT
4045########################################################################################################################################
4046Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 04:03 EDT
4047NSE: Loaded 45 scripts for scanning.
4048NSE: Script Pre-scanning.
4049Initiating NSE at 04:03
4050Completed NSE at 04:03, 0.00s elapsed
4051Initiating NSE at 04:03
4052Completed NSE at 04:03, 0.00s elapsed
4053Initiating Ping Scan at 04:03
4054Scanning 212.102.11.2 [4 ports]
4055Completed Ping Scan at 04:03, 0.56s elapsed (1 total hosts)
4056Initiating Parallel DNS resolution of 1 host. at 04:03
4057Completed Parallel DNS resolution of 1 host. at 04:03, 0.02s elapsed
4058Initiating SYN Stealth Scan at 04:03
4059Scanning ruh-firewall.shabakah.net.sa (212.102.11.2) [65535 ports]
4060Discovered open port 443/tcp on 212.102.11.2
4061Discovered open port 80/tcp on 212.102.11.2
4062SYN Stealth Scan Timing: About 2.78% done; ETC: 04:22 (0:18:03 remaining)
4063SYN Stealth Scan Timing: About 12.87% done; ETC: 04:11 (0:06:53 remaining)
4064SYN Stealth Scan Timing: About 27.50% done; ETC: 04:09 (0:04:00 remaining)
4065SYN Stealth Scan Timing: About 44.23% done; ETC: 04:08 (0:02:33 remaining)
4066SYN Stealth Scan Timing: About 63.24% done; ETC: 04:07 (0:01:28 remaining)
4067SYN Stealth Scan Timing: About 83.75% done; ETC: 04:07 (0:00:35 remaining)
4068Discovered open port 8008/tcp on 212.102.11.2
4069SYN Stealth Scan Timing: About 64.15% done; ETC: 04:09 (0:01:58 remaining)
4070SYN Stealth Scan Timing: About 73.58% done; ETC: 04:09 (0:01:27 remaining)
4071SYN Stealth Scan Timing: About 85.82% done; ETC: 04:09 (0:00:45 remaining)
4072Completed SYN Stealth Scan at 04:09, 320.48s elapsed (65535 total ports)
4073Initiating Service scan at 04:09
4074Scanning 3 services on ruh-firewall.shabakah.net.sa (212.102.11.2)
4075Completed Service scan at 04:11, 153.16s elapsed (3 services on 1 host)
4076Initiating OS detection (try #1) against ruh-firewall.shabakah.net.sa (212.102.11.2)
4077Retrying OS detection (try #2) against ruh-firewall.shabakah.net.sa (212.102.11.2)
4078Initiating Traceroute at 04:11
4079Completed Traceroute at 04:11, 0.22s elapsed
4080Initiating Parallel DNS resolution of 2 hosts. at 04:11
4081Completed Parallel DNS resolution of 2 hosts. at 04:11, 0.00s elapsed
4082NSE: Script scanning 212.102.11.2.
4083Initiating NSE at 04:11
4084Completed NSE at 04:11, 11.77s elapsed
4085Initiating NSE at 04:11
4086Completed NSE at 04:11, 0.00s elapsed
4087Nmap scan report for ruh-firewall.shabakah.net.sa (212.102.11.2)
4088Host is up (0.21s latency).
4089Not shown: 65528 filtered ports
4090PORT STATE SERVICE VERSION
409125/tcp closed smtp
409280/tcp open http Apache httpd
4093|_http-server-header: Apache
4094| vulscan: VulDB - https://vuldb.com:
4095| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
4096| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
4097| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
4098| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
4099| [134416] Apache Sanselan 0.97-incubator Loop denial of service
4100| [134415] Apache Sanselan 0.97-incubator Hang denial of service
4101| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
4102| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
4103| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4104| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4105| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
4106| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
4107| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
4108| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
4109| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
4110| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
4111| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
4112| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
4113| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
4114| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4115| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
4116| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
4117| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
4118| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
4119| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4120| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4121| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
4122| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
4123| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
4124| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
4125| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
4126| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
4127| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
4128| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
4129| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
4130| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
4131| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
4132| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
4133| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
4134| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
4135| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
4136| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
4137| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
4138| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4139| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4140| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
4141| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
4142| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
4143| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
4144| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4145| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
4146| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
4147| [131859] Apache Hadoop up to 2.9.1 privilege escalation
4148| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4149| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
4150| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
4151| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
4152| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
4153| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
4154| [130629] Apache Guacamole Cookie Flag weak encryption
4155| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
4156| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
4157| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
4158| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4159| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4160| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4161| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
4162| [130123] Apache Airflow up to 1.8.2 information disclosure
4163| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
4164| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4165| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4166| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
4167| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4168| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4169| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4170| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
4171| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4172| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
4173| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
4174| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
4175| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4176| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
4177| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
4178| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
4179| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
4180| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
4181| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4182| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
4183| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4184| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
4185| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
4186| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4187| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
4188| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4189| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
4190| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
4191| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
4192| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
4193| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
4194| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
4195| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4196| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
4197| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4198| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
4199| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
4200| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
4201| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
4202| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
4203| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
4204| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
4205| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
4206| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
4207| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
4208| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
4209| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4210| [127007] Apache Spark Request Code Execution
4211| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
4212| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
4213| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
4214| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
4215| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4216| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
4217| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
4218| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4219| [126346] Apache Tomcat Path privilege escalation
4220| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4221| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4222| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4223| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4224| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4225| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4226| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4227| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4228| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4229| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4230| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4231| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4232| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4233| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4234| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4235| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
4236| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
4237| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
4238| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
4239| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
4240| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4241| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4242| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4243| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4244| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4245| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4246| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4247| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4248| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4249| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4250| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4251| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4252| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4253| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4254| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4255| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4256| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4257| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4258| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
4259| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4260| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4261| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4262| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4263| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4264| [123197] Apache Sentry up to 2.0.0 privilege escalation
4265| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
4266| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
4267| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
4268| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4269| [122800] Apache Spark 1.3.0 REST API weak authentication
4270| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
4271| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
4272| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
4273| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
4274| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4275| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4276| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4277| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4278| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4279| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4280| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4281| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4282| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4283| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4284| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4285| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4286| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4287| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4288| [121354] Apache CouchDB HTTP API Code Execution
4289| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4290| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4291| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4292| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4293| [120168] Apache CXF weak authentication
4294| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4295| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4296| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4297| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4298| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4299| [119306] Apache MXNet Network Interface privilege escalation
4300| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4301| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4302| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4303| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4304| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4305| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4306| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4307| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4308| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4309| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4310| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4311| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4312| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4313| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4314| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4315| [117115] Apache Tika up to 1.17 tika-server command injection
4316| [116929] Apache Fineract getReportType Parameter privilege escalation
4317| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4318| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4319| [116926] Apache Fineract REST Hand Parameter privilege escalation
4320| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4321| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4322| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4323| [115883] Apache Hive up to 2.3.2 privilege escalation
4324| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4325| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4326| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4327| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4328| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4329| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4330| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4331| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4332| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4333| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4334| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4335| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4336| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4337| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4338| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4339| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4340| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4341| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4342| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4343| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4344| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4345| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4346| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4347| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4348| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4349| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4350| [113895] Apache Geode up to 1.3.x Code Execution
4351| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4352| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4353| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4354| [113747] Apache Tomcat Servlets privilege escalation
4355| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4356| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4357| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4358| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4359| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4360| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4361| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4362| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4363| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4364| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4365| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4366| [112885] Apache Allura up to 1.8.0 File information disclosure
4367| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4368| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4369| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4370| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4371| [112625] Apache POI up to 3.16 Loop denial of service
4372| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4373| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4374| [112339] Apache NiFi 1.5.0 Header privilege escalation
4375| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4376| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4377| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4378| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4379| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4380| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4381| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4382| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4383| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4384| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4385| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4386| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4387| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4388| [112114] Oracle 9.1 Apache Log4j privilege escalation
4389| [112113] Oracle 9.1 Apache Log4j privilege escalation
4390| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4391| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4392| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4393| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4394| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4395| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4396| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4397| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4398| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4399| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4400| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4401| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4402| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4403| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4404| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4405| [110701] Apache Fineract Query Parameter sql injection
4406| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4407| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4408| [110393] Apple macOS up to 10.13.2 apache information disclosure
4409| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4410| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4411| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4412| [110106] Apache CXF Fediz Spring cross site request forgery
4413| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4414| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4415| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4416| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4417| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4418| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4419| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4420| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4421| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4422| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4423| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4424| [108938] Apple macOS up to 10.13.1 apache denial of service
4425| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4426| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4427| [108935] Apple macOS up to 10.13.1 apache denial of service
4428| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4429| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4430| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4431| [108931] Apple macOS up to 10.13.1 apache denial of service
4432| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4433| [108929] Apple macOS up to 10.13.1 apache denial of service
4434| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4435| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4436| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4437| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4438| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4439| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4440| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4441| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
4442| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4443| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4444| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4445| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4446| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4447| [108782] Apache Xerces2 XML Service denial of service
4448| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4449| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4450| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4451| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4452| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4453| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4454| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4455| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4456| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4457| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4458| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4459| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4460| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4461| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4462| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4463| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4464| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4465| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4466| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4467| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4468| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4469| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4470| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4471| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4472| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4473| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
4474| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
4475| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4476| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
4477| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4478| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4479| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4480| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
4481| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
4482| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4483| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4484| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4485| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4486| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4487| [107639] Apache NiFi 1.4.0 XML External Entity
4488| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4489| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4490| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4491| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4492| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4493| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4494| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4495| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4496| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4497| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4498| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4499| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4500| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4501| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4502| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4503| [107084] Apache Struts up to 2.3.19 cross site scripting
4504| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4505| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4506| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4507| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4508| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4509| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4510| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4511| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4512| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4513| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4514| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4515| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4516| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4517| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4518| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4519| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4520| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4521| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4522| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4523| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4524| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4525| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4526| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4527| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4528| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4529| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4530| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4531| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4532| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4533| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4534| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4535| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4536| [105643] Apache Pony Mail up to 0.8b weak authentication
4537| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4538| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4539| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4540| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4541| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4542| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4543| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4544| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4545| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4546| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4547| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4548| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4549| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4550| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4551| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4552| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4553| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4554| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4555| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4556| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4557| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4558| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4559| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4560| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4561| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4562| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4563| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4564| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4565| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4566| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4567| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4568| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4569| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4570| [103690] Apache OpenMeetings 1.0.0 sql injection
4571| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4572| [103688] Apache OpenMeetings 1.0.0 weak encryption
4573| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4574| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4575| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4576| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4577| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4578| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4579| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4580| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4581| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4582| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4583| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4584| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4585| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4586| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4587| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4588| [103352] Apache Solr Node weak authentication
4589| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4590| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4591| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4592| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
4593| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4594| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4595| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4596| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4597| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4598| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4599| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4600| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4601| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4602| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4603| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4604| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4605| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4606| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4607| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4608| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
4609| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4610| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4611| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4612| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4613| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4614| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4615| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4616| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4617| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4618| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4619| [99937] Apache Batik up to 1.8 privilege escalation
4620| [99936] Apache FOP up to 2.1 privilege escalation
4621| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4622| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4623| [99930] Apache Traffic Server up to 6.2.0 denial of service
4624| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4625| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4626| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4627| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4628| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4629| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4630| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4631| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4632| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4633| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4634| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4635| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4636| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4637| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4638| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4639| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4640| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4641| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4642| [98605] Apple macOS up to 10.12.3 Apache denial of service
4643| [98604] Apple macOS up to 10.12.3 Apache denial of service
4644| [98603] Apple macOS up to 10.12.3 Apache denial of service
4645| [98602] Apple macOS up to 10.12.3 Apache denial of service
4646| [98601] Apple macOS up to 10.12.3 Apache denial of service
4647| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4648| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4649| [98199] Apache Camel Validation XML External Entity
4650| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4651| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4652| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4653| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4654| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4655| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4656| [97081] Apache Tomcat HTTPS Request denial of service
4657| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4658| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4659| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4660| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4661| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4662| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4663| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4664| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4665| [95311] Apache storm UI Daemon privilege escalation
4666| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4667| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4668| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4669| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4670| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4671| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4672| [94540] Apache Tika 1.9 tika-server File information disclosure
4673| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4674| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4675| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4676| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4677| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4678| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4679| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4680| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4681| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4682| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4683| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4684| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4685| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4686| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4687| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4688| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4689| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4690| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4691| [93532] Apache Commons Collections Library Java privilege escalation
4692| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4693| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4694| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4695| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4696| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4697| [93098] Apache Commons FileUpload privilege escalation
4698| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4699| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4700| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4701| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4702| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4703| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4704| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4705| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4706| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4707| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4708| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4709| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4710| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4711| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4712| [92549] Apache Tomcat on Red Hat privilege escalation
4713| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4714| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4715| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4716| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4717| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4718| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4719| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4720| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4721| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4722| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4723| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4724| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4725| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4726| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4727| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4728| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4729| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4730| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4731| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4732| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4733| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4734| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4735| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4736| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4737| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4738| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4739| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4740| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4741| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4742| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4743| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4744| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4745| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4746| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4747| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4748| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4749| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4750| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4751| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4752| [90263] Apache Archiva Header denial of service
4753| [90262] Apache Archiva Deserialize privilege escalation
4754| [90261] Apache Archiva XML DTD Connection privilege escalation
4755| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4756| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4757| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4758| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4759| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4760| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4761| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4762| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4763| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4764| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4765| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4766| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4767| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4768| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4769| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4770| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4771| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4772| [87765] Apache James Server 2.3.2 Command privilege escalation
4773| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4774| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4775| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4776| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4777| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4778| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4779| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4780| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4781| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4782| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4783| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4784| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4785| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4786| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4787| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4788| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4789| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4790| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
4791| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4792| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4793| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4794| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4795| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4796| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4797| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4798| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4799| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4800| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4801| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4802| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4803| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4804| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4805| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4806| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4807| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4808| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4809| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4810| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4811| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4812| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4813| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4814| [82076] Apache Ranger up to 0.5.1 privilege escalation
4815| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4816| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4817| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4818| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4819| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4820| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4821| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4822| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4823| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4824| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4825| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4826| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4827| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4828| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4829| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4830| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4831| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4832| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4833| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4834| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4835| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4836| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4837| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4838| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4839| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4840| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4841| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4842| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4843| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4844| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4845| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4846| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4847| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4848| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4849| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4850| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4851| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4852| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4853| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4854| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4855| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4856| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4857| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4858| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4859| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4860| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4861| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4862| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4863| [78989] Apache Ambari up to 2.1.1 Open Redirect
4864| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4865| [78987] Apache Ambari up to 2.0.x cross site scripting
4866| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4867| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4868| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4869| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4870| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4871| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4872| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4873| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4874| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4875| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4876| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4877| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4878| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4879| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4880| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4881| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4882| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4883| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4884| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4885| [76567] Apache Struts 2.3.20 unknown vulnerability
4886| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4887| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4888| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4889| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4890| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4891| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4892| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4893| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4894| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4895| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4896| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4897| [74793] Apache Tomcat File Upload denial of service
4898| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4899| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4900| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4901| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4902| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4903| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4904| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4905| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4906| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4907| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4908| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4909| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4910| [74468] Apache Batik up to 1.6 denial of service
4911| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4912| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4913| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4914| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4915| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4916| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4917| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4918| [73731] Apache XML Security unknown vulnerability
4919| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4920| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4921| [73593] Apache Traffic Server up to 5.1.0 denial of service
4922| [73511] Apache POI up to 3.10 Deadlock denial of service
4923| [73510] Apache Solr up to 4.3.0 cross site scripting
4924| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4925| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4926| [73173] Apache CloudStack Stack-Based unknown vulnerability
4927| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4928| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4929| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4930| [72890] Apache Qpid 0.30 unknown vulnerability
4931| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4932| [72878] Apache Cordova 3.5.0 cross site request forgery
4933| [72877] Apache Cordova 3.5.0 cross site request forgery
4934| [72876] Apache Cordova 3.5.0 cross site request forgery
4935| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4936| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4937| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4938| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4939| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4940| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4941| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4942| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4943| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4944| [71629] Apache Axis2/C spoofing
4945| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4946| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4947| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4948| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4949| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4950| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4951| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4952| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4953| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4954| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4955| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4956| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4957| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4958| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4959| [70809] Apache POI up to 3.11 Crash denial of service
4960| [70808] Apache POI up to 3.10 unknown vulnerability
4961| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4962| [70749] Apache Axis up to 1.4 getCN spoofing
4963| [70701] Apache Traffic Server up to 3.3.5 denial of service
4964| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4965| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4966| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4967| [70661] Apache Subversion up to 1.6.17 denial of service
4968| [70660] Apache Subversion up to 1.6.17 spoofing
4969| [70659] Apache Subversion up to 1.6.17 spoofing
4970| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4971| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4972| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4973| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4974| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4975| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4976| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4977| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4978| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4979| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4980| [69846] Apache HBase up to 0.94.8 information disclosure
4981| [69783] Apache CouchDB up to 1.2.0 memory corruption
4982| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4983| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
4984| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4985| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4986| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4987| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4988| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4989| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4990| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4991| [69431] Apache Archiva up to 1.3.6 cross site scripting
4992| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4993| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4994| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
4995| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4996| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4997| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4998| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4999| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
5000| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
5001| [66739] Apache Camel up to 2.12.2 unknown vulnerability
5002| [66738] Apache Camel up to 2.12.2 unknown vulnerability
5003| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
5004| [66695] Apache CouchDB up to 1.2.0 cross site scripting
5005| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
5006| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
5007| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
5008| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
5009| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
5010| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
5011| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
5012| [66356] Apache Wicket up to 6.8.0 information disclosure
5013| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
5014| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
5015| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5016| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
5017| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
5018| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5019| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5020| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
5021| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
5022| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
5023| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
5024| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
5025| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
5026| [65668] Apache Solr 4.0.0 Updater denial of service
5027| [65665] Apache Solr up to 4.3.0 denial of service
5028| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
5029| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
5030| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
5031| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
5032| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
5033| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
5034| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
5035| [65410] Apache Struts 2.3.15.3 cross site scripting
5036| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
5037| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
5038| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
5039| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
5040| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
5041| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
5042| [65340] Apache Shindig 2.5.0 information disclosure
5043| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
5044| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
5045| [10826] Apache Struts 2 File privilege escalation
5046| [65204] Apache Camel up to 2.10.1 unknown vulnerability
5047| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
5048| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
5049| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
5050| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
5051| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
5052| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
5053| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
5054| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
5055| [64722] Apache XML Security for C++ Heap-based memory corruption
5056| [64719] Apache XML Security for C++ Heap-based memory corruption
5057| [64718] Apache XML Security for C++ verify denial of service
5058| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
5059| [64716] Apache XML Security for C++ spoofing
5060| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
5061| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
5062| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
5063| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
5064| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
5065| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
5066| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
5067| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
5068| [64485] Apache Struts up to 2.2.3.0 privilege escalation
5069| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
5070| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
5071| [64467] Apache Geronimo 3.0 memory corruption
5072| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
5073| [64457] Apache Struts up to 2.2.3.0 cross site scripting
5074| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
5075| [9184] Apache Qpid up to 0.20 SSL misconfiguration
5076| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
5077| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
5078| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
5079| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
5080| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
5081| [8873] Apache Struts 2.3.14 privilege escalation
5082| [8872] Apache Struts 2.3.14 privilege escalation
5083| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
5084| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
5085| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
5086| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
5087| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
5088| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5089| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5090| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
5091| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
5092| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
5093| [64006] Apache ActiveMQ up to 5.7.0 denial of service
5094| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
5095| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
5096| [8427] Apache Tomcat Session Transaction weak authentication
5097| [63960] Apache Maven 3.0.4 Default Configuration spoofing
5098| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
5099| [63750] Apache qpid up to 0.20 checkAvailable denial of service
5100| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
5101| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
5102| [63747] Apache Rave up to 0.20 User Account information disclosure
5103| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
5104| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
5105| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
5106| [7687] Apache CXF up to 2.7.2 Token weak authentication
5107| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5108| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5109| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
5110| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
5111| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
5112| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
5113| [63090] Apache Tomcat up to 4.1.24 denial of service
5114| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
5115| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
5116| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
5117| [62833] Apache CXF -/2.6.0 spoofing
5118| [62832] Apache Axis2 up to 1.6.2 spoofing
5119| [62831] Apache Axis up to 1.4 Java Message Service spoofing
5120| [62830] Apache Commons-httpclient 3.0 Payments spoofing
5121| [62826] Apache Libcloud up to 0.11.0 spoofing
5122| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
5123| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
5124| [62661] Apache Axis2 unknown vulnerability
5125| [62658] Apache Axis2 unknown vulnerability
5126| [62467] Apache Qpid up to 0.17 denial of service
5127| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
5128| [6301] Apache HTTP Server mod_pagespeed cross site scripting
5129| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
5130| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
5131| [62035] Apache Struts up to 2.3.4 denial of service
5132| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
5133| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
5134| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
5135| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
5136| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
5137| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
5138| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
5139| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
5140| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
5141| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
5142| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
5143| [61229] Apache Sling up to 2.1.1 denial of service
5144| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
5145| [61094] Apache Roller up to 5.0 cross site scripting
5146| [61093] Apache Roller up to 5.0 cross site request forgery
5147| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
5148| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
5149| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
5150| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
5151| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
5152| [60708] Apache Qpid 0.12 unknown vulnerability
5153| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
5154| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
5155| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
5156| [4882] Apache Wicket up to 1.5.4 directory traversal
5157| [4881] Apache Wicket up to 1.4.19 cross site scripting
5158| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
5159| [60352] Apache Struts up to 2.2.3 memory corruption
5160| [60153] Apache Portable Runtime up to 1.4.3 denial of service
5161| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
5162| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
5163| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
5164| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
5165| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
5166| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
5167| [4571] Apache Struts up to 2.3.1.2 privilege escalation
5168| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
5169| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
5170| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
5171| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
5172| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
5173| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
5174| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5175| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
5176| [59888] Apache Tomcat up to 6.0.6 denial of service
5177| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
5178| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
5179| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
5180| [59850] Apache Geronimo up to 2.2.1 denial of service
5181| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
5182| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
5183| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
5184| [58413] Apache Tomcat up to 6.0.10 spoofing
5185| [58381] Apache Wicket up to 1.4.17 cross site scripting
5186| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
5187| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
5188| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
5189| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
5190| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5191| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
5192| [57568] Apache Archiva up to 1.3.4 cross site scripting
5193| [57567] Apache Archiva up to 1.3.4 cross site request forgery
5194| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
5195| [4355] Apache HTTP Server APR apr_fnmatch denial of service
5196| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
5197| [57425] Apache Struts up to 2.2.1.1 cross site scripting
5198| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
5199| [57025] Apache Tomcat up to 7.0.11 information disclosure
5200| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
5201| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
5202| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5203| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
5204| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
5205| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
5206| [56512] Apache Continuum up to 1.4.0 cross site scripting
5207| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
5208| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
5209| [4283] Apache Tomcat 5.x ServletContect privilege escalation
5210| [56441] Apache Tomcat up to 7.0.6 denial of service
5211| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
5212| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
5213| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
5214| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
5215| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
5216| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
5217| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
5218| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
5219| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
5220| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
5221| [54693] Apache Traffic Server DNS Cache unknown vulnerability
5222| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
5223| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
5224| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5225| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5226| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5227| [54012] Apache Tomcat up to 6.0.10 denial of service
5228| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5229| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5230| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5231| [52894] Apache Tomcat up to 6.0.7 information disclosure
5232| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5233| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5234| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5235| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5236| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5237| [52584] Apache CouchDB up to 0.10.1 information disclosure
5238| [51757] Apache HTTP Server 2.0.44 cross site scripting
5239| [51756] Apache HTTP Server 2.0.44 spoofing
5240| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5241| [51690] Apache Tomcat up to 6.0 directory traversal
5242| [51689] Apache Tomcat up to 6.0 information disclosure
5243| [51688] Apache Tomcat up to 6.0 directory traversal
5244| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5245| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5246| [50626] Apache Solr 1.0.0 cross site scripting
5247| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5248| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5249| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5250| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5251| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5252| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5253| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5254| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5255| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5256| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5257| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5258| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5259| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5260| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
5261| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5262| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5263| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5264| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
5265| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
5266| [47214] Apachefriends xampp 1.6.8 spoofing
5267| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
5268| [47162] Apachefriends XAMPP 1.4.4 weak authentication
5269| [47065] Apache Tomcat 4.1.23 cross site scripting
5270| [46834] Apache Tomcat up to 5.5.20 cross site scripting
5271| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
5272| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
5273| [86625] Apache Struts directory traversal
5274| [44461] Apache Tomcat up to 5.5.0 information disclosure
5275| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
5276| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
5277| [43663] Apache Tomcat up to 6.0.16 directory traversal
5278| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
5279| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
5280| [43516] Apache Tomcat up to 4.1.20 directory traversal
5281| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5282| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5283| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5284| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5285| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5286| [40924] Apache Tomcat up to 6.0.15 information disclosure
5287| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5288| [40922] Apache Tomcat up to 6.0 information disclosure
5289| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5290| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5291| [40656] Apache Tomcat 5.5.20 information disclosure
5292| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5293| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5294| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5295| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5296| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5297| [40234] Apache Tomcat up to 6.0.15 directory traversal
5298| [40221] Apache HTTP Server 2.2.6 information disclosure
5299| [40027] David Castro Apache Authcas 0.4 sql injection
5300| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
5301| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5302| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
5303| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5304| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5305| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5306| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5307| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5308| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5309| [38524] Apache Geronimo 2.0 unknown vulnerability
5310| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5311| [38331] Apache Tomcat 4.1.24 information disclosure
5312| [38330] Apache Tomcat 4.1.24 information disclosure
5313| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5314| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5315| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5316| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5317| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5318| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5319| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5320| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5321| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5322| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5323| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5324| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5325| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5326| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5327| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5328| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5329| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5330| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5331| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5332| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5333| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5334| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5335| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5336| [34252] Apache HTTP Server denial of service
5337| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5338| [33877] Apache Opentaps 0.9.3 cross site scripting
5339| [33876] Apache Open For Business Project unknown vulnerability
5340| [33875] Apache Open For Business Project cross site scripting
5341| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
5342| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5343| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
5344| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
5345| [31663] vbPortal Apache HTTP Server index.php directory traversal
5346| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
5347| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
5348| [30623] Apache James 2.2.0 SMTP Server denial of service
5349| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
5350|
5351| MITRE CVE - https://cve.mitre.org:
5352| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5353| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5354| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5355| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5356| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5357| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5358| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5359| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5360| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5361| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5362| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5363| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5364| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5365| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5366| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5367| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5368| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5369| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5370| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5371| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5372| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5373| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5374| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5375| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5376| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5377| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5378| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5379| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5380| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5381| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5382| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5383| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5384| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5385| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5386| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5387| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5388| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5389| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5390| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5391| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5392| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5393| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5394| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5395| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5396| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5397| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5398| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5399| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5400| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5401| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5402| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5403| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5404| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5405| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5406| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5407| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5408| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5409| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5410| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5411| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5412| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5413| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5414| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5415| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5416| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5417| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5418| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5419| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5420| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5421| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5422| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5423| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5424| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5425| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5426| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5427| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5428| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5429| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5430| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5431| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5432| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5433| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5434| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5435| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5436| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5437| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5438| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5439| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5440| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5441| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5442| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5443| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5444| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5445| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5446| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5447| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5448| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5449| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5450| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5451| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5452| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5453| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5454| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5455| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5456| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5457| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5458| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5459| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5460| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5461| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5462| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5463| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5464| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5465| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5466| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5467| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5468| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5469| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5470| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5471| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5472| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5473| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5474| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5475| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5476| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5477| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5478| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5479| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5480| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5481| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5482| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5483| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5484| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5485| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5486| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5487| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5488| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5489| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5490| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5491| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5492| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5493| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5494| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5495| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5496| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5497| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5498| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5499| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5500| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5501| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5502| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5503| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5504| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5505| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5506| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5507| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5508| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5509| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5510| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5511| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5512| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5513| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5514| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5515| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5516| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5517| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5518| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5519| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5520| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5521| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5522| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5523| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5524| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5525| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5526| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5527| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5528| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5529| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5530| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5531| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5532| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5533| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5534| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5535| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5536| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5537| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5538| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5539| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5540| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5541| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5542| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5543| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5544| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5545| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5546| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5547| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5548| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5549| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5550| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5551| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5552| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5553| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5554| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5555| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5556| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5557| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5558| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5559| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5560| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5561| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5562| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5563| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5564| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5565| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5566| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5567| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5568| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5569| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5570| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5571| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5572| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5573| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5574| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5575| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5576| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5577| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5578| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5579| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5580| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5581| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5582| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5583| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5584| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5585| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5586| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5587| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5588| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5589| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5590| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5591| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5592| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5593| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5594| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5595| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5596| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5597| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5598| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5599| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5600| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5601| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5602| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5603| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5604| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5605| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5606| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5607| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5608| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5609| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5610| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5611| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5612| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5613| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5614| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5615| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5616| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5617| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5618| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5619| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5620| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5621| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5622| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5623| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5624| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5625| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5626| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5627| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5628| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5629| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5630| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5631| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5632| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5633| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5634| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5635| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5636| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5637| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5638| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5639| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5640| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5641| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5642| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5643| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5644| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5645| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5646| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5647| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5648| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5649| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5650| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5651| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5652| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5653| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5654| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5655| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5656| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5657| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5658| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5659| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5660| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5661| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5662| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5663| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5664| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5665| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5666| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5667| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5668| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5669| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5670| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5671| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5672| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5673| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5674| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5675| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5676| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5677| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5678| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5679| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5680| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5681| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5682| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5683| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5684| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5685| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5686| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5687| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5688| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5689| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5690| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5691| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5692| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5693| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5694| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5695| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5696| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5697| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5698| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5699| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5700| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5701| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5702| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5703| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5704| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5705| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5706| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5707| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5708| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5709| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5710| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5711| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5712| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5713| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5714| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5715| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5716| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5717| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5718| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5719| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5720| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5721| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5722| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5723| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5724| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5725| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5726| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5727| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5728| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5729| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5730| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5731| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5732| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5733| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5734| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5735| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5736| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5737| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5738| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5739| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5740| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5741| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5742| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5743| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5744| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5745| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5746| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5747| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5748| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5749| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5750| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5751| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5752| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5753| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5754| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5755| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5756| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5757| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5758| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5759| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5760| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5761| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5762| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5763| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5764| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5765| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5766| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5767| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5768| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5769| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5770| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5771| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5772| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5773| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5774| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5775| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5776| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5777| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5778| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5779| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5780| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5781| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5782| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5783| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5784| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5785| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5786| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5787| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5788| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5789| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5790| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5791| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5792| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5793| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5794| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5795| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5796| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5797| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5798| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5799| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5800| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5801| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5802| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5803| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5804| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5805| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5806| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5807| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5808| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5809| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5810| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5811| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5812| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5813| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5814| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5815| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5816| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5817| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5818| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5819| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5820| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5821| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5822| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5823| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5824| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5825| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5826| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5827| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5828| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5829| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5830| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5831| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5832| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5833| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5834| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5835| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5836| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5837| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5838| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5839| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5840| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5841| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5842| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5843| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5844| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5845| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5846| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5847| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5848| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5849| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5850| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5851| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5852| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5853| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5854| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5855| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5856| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5857| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5858| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5859| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5860| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5861| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5862| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5863| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5864| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5865| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5866| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5867| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5868| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5869| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5870| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5871| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5872| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5873| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5874| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5875| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5876| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5877| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5878| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5879| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5880| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5881| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5882| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5883| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5884| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5885| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5886| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5887| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5888| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5889| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5890| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5891| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5892| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5893| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5894| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5895| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5896| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5897| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5898| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5899| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5900| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5901| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5902| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5903| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5904| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5905| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5906| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5907| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5908| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5909| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5910| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5911| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5912| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5913| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5914| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5915| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5916| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5917| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5918| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5919| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5920| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5921| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5922| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5923| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5924| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5925| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5926| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5927| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5928| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5929| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5930| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5931| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5932| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5933| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5934| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5935| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5936| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5937| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5938| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5939| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5940| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5941| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5942| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5943| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5944| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5945| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5946| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5947| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5948| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5949| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5950| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5951| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5952| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5953| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5954| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5955| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5956| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5957| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5958| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5959| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5960| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5961|
5962| SecurityFocus - https://www.securityfocus.com/bid/:
5963| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5964| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5965| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5966| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5967| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5968| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5969| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5970| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5971| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5972| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5973| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5974| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5975| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5976| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5977| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5978| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5979| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5980| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5981| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5982| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5983| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5984| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5985| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5986| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5987| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5988| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5989| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5990| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5991| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5992| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5993| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5994| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5995| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5996| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5997| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5998| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5999| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
6000| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
6001| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
6002| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
6003| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
6004| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
6005| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
6006| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
6007| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
6008| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
6009| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
6010| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
6011| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
6012| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
6013| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
6014| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
6015| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
6016| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
6017| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
6018| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
6019| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
6020| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
6021| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
6022| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
6023| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
6024| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
6025| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
6026| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
6027| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
6028| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
6029| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
6030| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
6031| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
6032| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
6033| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
6034| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
6035| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
6036| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
6037| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
6038| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
6039| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
6040| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
6041| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
6042| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
6043| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
6044| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
6045| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
6046| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
6047| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
6048| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
6049| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
6050| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
6051| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
6052| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
6053| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
6054| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
6055| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
6056| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
6057| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
6058| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
6059| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
6060| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
6061| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
6062| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
6063| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
6064| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
6065| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
6066| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
6067| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
6068| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
6069| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
6070| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
6071| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
6072| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
6073| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
6074| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
6075| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
6076| [100447] Apache2Triad Multiple Security Vulnerabilities
6077| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
6078| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
6079| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
6080| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
6081| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
6082| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
6083| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
6084| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
6085| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
6086| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
6087| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
6088| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
6089| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
6090| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
6091| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
6092| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
6093| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
6094| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
6095| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
6096| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
6097| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
6098| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
6099| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
6100| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
6101| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
6102| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
6103| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
6104| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
6105| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
6106| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
6107| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
6108| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
6109| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
6110| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
6111| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
6112| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
6113| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
6114| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
6115| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
6116| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
6117| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
6118| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
6119| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
6120| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
6121| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
6122| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
6123| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
6124| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
6125| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
6126| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
6127| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
6128| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
6129| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
6130| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
6131| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
6132| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
6133| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
6134| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
6135| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
6136| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
6137| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
6138| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
6139| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
6140| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
6141| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
6142| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
6143| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
6144| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
6145| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
6146| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
6147| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
6148| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
6149| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
6150| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
6151| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
6152| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
6153| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
6154| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
6155| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
6156| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
6157| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
6158| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
6159| [95675] Apache Struts Remote Code Execution Vulnerability
6160| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
6161| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
6162| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
6163| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
6164| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
6165| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
6166| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
6167| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
6168| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
6169| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
6170| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
6171| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
6172| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
6173| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
6174| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
6175| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
6176| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
6177| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
6178| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
6179| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
6180| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
6181| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
6182| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
6183| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
6184| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
6185| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
6186| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
6187| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
6188| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
6189| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
6190| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
6191| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
6192| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
6193| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
6194| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
6195| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
6196| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
6197| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
6198| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
6199| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
6200| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
6201| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
6202| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
6203| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
6204| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
6205| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
6206| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
6207| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
6208| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
6209| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
6210| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
6211| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
6212| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
6213| [91736] Apache XML-RPC Multiple Security Vulnerabilities
6214| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
6215| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
6216| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
6217| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
6218| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
6219| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
6220| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
6221| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
6222| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
6223| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
6224| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
6225| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
6226| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
6227| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
6228| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
6229| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
6230| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
6231| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6232| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6233| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6234| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6235| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6236| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6237| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6238| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6239| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6240| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6241| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6242| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6243| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6244| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6245| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6246| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6247| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6248| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6249| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6250| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6251| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6252| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6253| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6254| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6255| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6256| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6257| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6258| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6259| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6260| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6261| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6262| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6263| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6264| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6265| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6266| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6267| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6268| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6269| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6270| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6271| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
6272| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
6273| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
6274| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
6275| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
6276| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
6277| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
6278| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
6279| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
6280| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
6281| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
6282| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
6283| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
6284| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
6285| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
6286| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
6287| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6288| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6289| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6290| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6291| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6292| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6293| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6294| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6295| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6296| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6297| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6298| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6299| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6300| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6301| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6302| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6303| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6304| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6305| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6306| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6307| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6308| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6309| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6310| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6311| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6312| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6313| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6314| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6315| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6316| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6317| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6318| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6319| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6320| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6321| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6322| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6323| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6324| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6325| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6326| [76933] Apache James Server Unspecified Command Execution Vulnerability
6327| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6328| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6329| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6330| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6331| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6332| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6333| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6334| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6335| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6336| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6337| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6338| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6339| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6340| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6341| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6342| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6343| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6344| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6345| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6346| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6347| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6348| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6349| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6350| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6351| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6352| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6353| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6354| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6355| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6356| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6357| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6358| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6359| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6360| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6361| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6362| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6363| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6364| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6365| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6366| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6367| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6368| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6369| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6370| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6371| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6372| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6373| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6374| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6375| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6376| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6377| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6378| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6379| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6380| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6381| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6382| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6383| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6384| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6385| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6386| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6387| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6388| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6389| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6390| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6391| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6392| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6393| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6394| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6395| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6396| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6397| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6398| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6399| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6400| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6401| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6402| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6403| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6404| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6405| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6406| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6407| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6408| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6409| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6410| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6411| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6412| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6413| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6414| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6415| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6416| [68229] Apache Harmony PRNG Entropy Weakness
6417| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6418| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6419| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6420| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6421| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6422| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6423| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6424| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6425| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6426| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6427| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6428| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6429| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6430| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6431| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6432| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6433| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6434| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6435| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6436| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6437| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6438| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6439| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6440| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6441| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6442| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6443| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6444| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6445| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6446| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6447| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6448| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6449| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6450| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6451| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6452| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6453| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6454| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6455| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6456| [64780] Apache CloudStack Unauthorized Access Vulnerability
6457| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6458| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6459| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6460| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6461| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6462| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6463| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6464| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6465| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6466| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6467| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6468| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6469| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6470| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6471| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6472| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6473| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6474| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6475| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6476| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6477| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6478| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6479| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6480| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6481| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6482| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6483| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6484| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6485| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6486| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6487| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6488| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6489| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6490| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6491| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6492| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6493| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6494| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6495| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6496| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6497| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6498| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6499| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6500| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6501| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6502| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6503| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6504| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6505| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6506| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6507| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6508| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6509| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6510| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6511| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6512| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6513| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6514| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6515| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6516| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6517| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6518| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6519| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6520| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6521| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6522| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6523| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6524| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6525| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6526| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6527| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6528| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6529| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6530| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6531| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6532| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6533| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6534| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6535| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6536| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6537| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6538| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6539| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6540| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6541| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6542| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6543| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6544| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6545| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6546| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6547| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6548| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6549| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6550| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6551| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6552| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6553| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6554| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6555| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6556| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6557| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6558| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6559| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6560| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6561| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6562| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6563| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6564| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6565| [54798] Apache Libcloud Man In The Middle Vulnerability
6566| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6567| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6568| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6569| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6570| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6571| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6572| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6573| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6574| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6575| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6576| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6577| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6578| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6579| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6580| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6581| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6582| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6583| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6584| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6585| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6586| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6587| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6588| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6589| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6590| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6591| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6592| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6593| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6594| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6595| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6596| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6597| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6598| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6599| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6600| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6601| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6602| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6603| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6604| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6605| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6606| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6607| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6608| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6609| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6610| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6611| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6612| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6613| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6614| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6615| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6616| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6617| [49290] Apache Wicket Cross Site Scripting Vulnerability
6618| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6619| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6620| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6621| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6622| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6623| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6624| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6625| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6626| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6627| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6628| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6629| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6630| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6631| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6632| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6633| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6634| [46953] Apache MPM-ITK Module Security Weakness
6635| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6636| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6637| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6638| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6639| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6640| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6641| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6642| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6643| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6644| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6645| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6646| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6647| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6648| [44616] Apache Shiro Directory Traversal Vulnerability
6649| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6650| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6651| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6652| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6653| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6654| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6655| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6656| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6657| [42492] Apache CXF XML DTD Processing Security Vulnerability
6658| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6659| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6660| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6661| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6662| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6663| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6664| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6665| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6666| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6667| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6668| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6669| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6670| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6671| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6672| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6673| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6674| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6675| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6676| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6677| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6678| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6679| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6680| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6681| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6682| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6683| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6684| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6685| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6686| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6687| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6688| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6689| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6690| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6691| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6692| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6693| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6694| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6695| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6696| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6697| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6698| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6699| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6700| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6701| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6702| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6703| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6704| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6705| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6706| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6707| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6708| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6709| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6710| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6711| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6712| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6713| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6714| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6715| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6716| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6717| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6718| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6719| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6720| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6721| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6722| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6723| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6724| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6725| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6726| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6727| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6728| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6729| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6730| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6731| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6732| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6733| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6734| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6735| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6736| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6737| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6738| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6739| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6740| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6741| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6742| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6743| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6744| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6745| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6746| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6747| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6748| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6749| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6750| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6751| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6752| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6753| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6754| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6755| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6756| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6757| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6758| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6759| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6760| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6761| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6762| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6763| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6764| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6765| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6766| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6767| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6768| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6769| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6770| [20527] Apache Mod_TCL Remote Format String Vulnerability
6771| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6772| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6773| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6774| [19106] Apache Tomcat Information Disclosure Vulnerability
6775| [18138] Apache James SMTP Denial Of Service Vulnerability
6776| [17342] Apache Struts Multiple Remote Vulnerabilities
6777| [17095] Apache Log4Net Denial Of Service Vulnerability
6778| [16916] Apache mod_python FileSession Code Execution Vulnerability
6779| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6780| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6781| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6782| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6783| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6784| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6785| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6786| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6787| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6788| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6789| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6790| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6791| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6792| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6793| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6794| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6795| [14106] Apache HTTP Request Smuggling Vulnerability
6796| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6797| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6798| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6799| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6800| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6801| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6802| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6803| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6804| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6805| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6806| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6807| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6808| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6809| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6810| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6811| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6812| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6813| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6814| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6815| [11094] Apache mod_ssl Denial Of Service Vulnerability
6816| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6817| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6818| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6819| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6820| [10478] ClueCentral Apache Suexec Patch Security Weakness
6821| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6822| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6823| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6824| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6825| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6826| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6827| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6828| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6829| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6830| [9733] Apache Cygwin Directory Traversal Vulnerability
6831| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6832| [9590] Apache-SSL Client Certificate Forging Vulnerability
6833| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6834| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6835| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6836| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6837| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6838| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6839| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6840| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6841| [8898] Red Hat Apache Directory Index Default Configuration Error
6842| [8883] Apache Cocoon Directory Traversal Vulnerability
6843| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6844| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6845| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6846| [8707] Apache htpasswd Password Entropy Weakness
6847| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6848| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6849| [8226] Apache HTTP Server Multiple Vulnerabilities
6850| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6851| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6852| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6853| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6854| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6855| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6856| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6857| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6858| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6859| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6860| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6861| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6862| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6863| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6864| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6865| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6866| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6867| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6868| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6869| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6870| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6871| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6872| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6873| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6874| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6875| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6876| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6877| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6878| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6879| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6880| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6881| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6882| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6883| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6884| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6885| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6886| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6887| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6888| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6889| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6890| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6891| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6892| [5485] Apache 2.0 Path Disclosure Vulnerability
6893| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6894| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6895| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6896| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6897| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6898| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6899| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6900| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6901| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6902| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6903| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6904| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6905| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6906| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6907| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6908| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6909| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6910| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6911| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6912| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6913| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6914| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6915| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6916| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6917| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6918| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6919| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6920| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6921| [3596] Apache Split-Logfile File Append Vulnerability
6922| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6923| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6924| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6925| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6926| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6927| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6928| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6929| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6930| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6931| [3169] Apache Server Address Disclosure Vulnerability
6932| [3009] Apache Possible Directory Index Disclosure Vulnerability
6933| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6934| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6935| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6936| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6937| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6938| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6939| [2216] Apache Web Server DoS Vulnerability
6940| [2182] Apache /tmp File Race Vulnerability
6941| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6942| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6943| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6944| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6945| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6946| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6947| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6948| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6949| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6950| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6951| [1457] Apache::ASP source.asp Example Script Vulnerability
6952| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6953| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6954|
6955| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6956| [86258] Apache CloudStack text fields cross-site scripting
6957| [85983] Apache Subversion mod_dav_svn module denial of service
6958| [85875] Apache OFBiz UEL code execution
6959| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6960| [85871] Apache HTTP Server mod_session_dbd unspecified
6961| [85756] Apache Struts OGNL expression command execution
6962| [85755] Apache Struts DefaultActionMapper class open redirect
6963| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6964| [85574] Apache HTTP Server mod_dav denial of service
6965| [85573] Apache Struts Showcase App OGNL code execution
6966| [85496] Apache CXF denial of service
6967| [85423] Apache Geronimo RMI classloader code execution
6968| [85326] Apache Santuario XML Security for C++ buffer overflow
6969| [85323] Apache Santuario XML Security for Java spoofing
6970| [85319] Apache Qpid Python client SSL spoofing
6971| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6972| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6973| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6974| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6975| [84952] Apache Tomcat CVE-2012-3544 denial of service
6976| [84763] Apache Struts CVE-2013-2135 security bypass
6977| [84762] Apache Struts CVE-2013-2134 security bypass
6978| [84719] Apache Subversion CVE-2013-2088 command execution
6979| [84718] Apache Subversion CVE-2013-2112 denial of service
6980| [84717] Apache Subversion CVE-2013-1968 denial of service
6981| [84577] Apache Tomcat security bypass
6982| [84576] Apache Tomcat symlink
6983| [84543] Apache Struts CVE-2013-2115 security bypass
6984| [84542] Apache Struts CVE-2013-1966 security bypass
6985| [84154] Apache Tomcat session hijacking
6986| [84144] Apache Tomcat denial of service
6987| [84143] Apache Tomcat information disclosure
6988| [84111] Apache HTTP Server command execution
6989| [84043] Apache Virtual Computing Lab cross-site scripting
6990| [84042] Apache Virtual Computing Lab cross-site scripting
6991| [83782] Apache CloudStack information disclosure
6992| [83781] Apache CloudStack security bypass
6993| [83720] Apache ActiveMQ cross-site scripting
6994| [83719] Apache ActiveMQ denial of service
6995| [83718] Apache ActiveMQ denial of service
6996| [83263] Apache Subversion denial of service
6997| [83262] Apache Subversion denial of service
6998| [83261] Apache Subversion denial of service
6999| [83259] Apache Subversion denial of service
7000| [83035] Apache mod_ruid2 security bypass
7001| [82852] Apache Qpid federation_tag security bypass
7002| [82851] Apache Qpid qpid::framing::Buffer denial of service
7003| [82758] Apache Rave User RPC API information disclosure
7004| [82663] Apache Subversion svn_fs_file_length() denial of service
7005| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
7006| [82641] Apache Qpid AMQP denial of service
7007| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
7008| [82618] Apache Commons FileUpload symlink
7009| [82360] Apache HTTP Server manager interface cross-site scripting
7010| [82359] Apache HTTP Server hostnames cross-site scripting
7011| [82338] Apache Tomcat log/logdir information disclosure
7012| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
7013| [82268] Apache OpenJPA deserialization command execution
7014| [81981] Apache CXF UsernameTokens security bypass
7015| [81980] Apache CXF WS-Security security bypass
7016| [81398] Apache OFBiz cross-site scripting
7017| [81240] Apache CouchDB directory traversal
7018| [81226] Apache CouchDB JSONP code execution
7019| [81225] Apache CouchDB Futon user interface cross-site scripting
7020| [81211] Apache Axis2/C SSL spoofing
7021| [81167] Apache CloudStack DeployVM information disclosure
7022| [81166] Apache CloudStack AddHost API information disclosure
7023| [81165] Apache CloudStack createSSHKeyPair API information disclosure
7024| [80518] Apache Tomcat cross-site request forgery security bypass
7025| [80517] Apache Tomcat FormAuthenticator security bypass
7026| [80516] Apache Tomcat NIO denial of service
7027| [80408] Apache Tomcat replay-countermeasure security bypass
7028| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
7029| [80317] Apache Tomcat slowloris denial of service
7030| [79984] Apache Commons HttpClient SSL spoofing
7031| [79983] Apache CXF SSL spoofing
7032| [79830] Apache Axis2/Java SSL spoofing
7033| [79829] Apache Axis SSL spoofing
7034| [79809] Apache Tomcat DIGEST security bypass
7035| [79806] Apache Tomcat parseHeaders() denial of service
7036| [79540] Apache OFBiz unspecified
7037| [79487] Apache Axis2 SAML security bypass
7038| [79212] Apache Cloudstack code execution
7039| [78734] Apache CXF SOAP Action security bypass
7040| [78730] Apache Qpid broker denial of service
7041| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
7042| [78563] Apache mod_pagespeed module unspecified cross-site scripting
7043| [78562] Apache mod_pagespeed module security bypass
7044| [78454] Apache Axis2 security bypass
7045| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
7046| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
7047| [78321] Apache Wicket unspecified cross-site scripting
7048| [78183] Apache Struts parameters denial of service
7049| [78182] Apache Struts cross-site request forgery
7050| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
7051| [77987] mod_rpaf module for Apache denial of service
7052| [77958] Apache Struts skill name code execution
7053| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
7054| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
7055| [77568] Apache Qpid broker security bypass
7056| [77421] Apache Libcloud spoofing
7057| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
7058| [77046] Oracle Solaris Apache HTTP Server information disclosure
7059| [76837] Apache Hadoop information disclosure
7060| [76802] Apache Sling CopyFrom denial of service
7061| [76692] Apache Hadoop symlink
7062| [76535] Apache Roller console cross-site request forgery
7063| [76534] Apache Roller weblog cross-site scripting
7064| [76152] Apache CXF elements security bypass
7065| [76151] Apache CXF child policies security bypass
7066| [75983] MapServer for Windows Apache file include
7067| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
7068| [75558] Apache POI denial of service
7069| [75545] PHP apache_request_headers() buffer overflow
7070| [75302] Apache Qpid SASL security bypass
7071| [75211] Debian GNU/Linux apache 2 cross-site scripting
7072| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
7073| [74871] Apache OFBiz FlexibleStringExpander code execution
7074| [74870] Apache OFBiz multiple cross-site scripting
7075| [74750] Apache Hadoop unspecified spoofing
7076| [74319] Apache Struts XSLTResult.java file upload
7077| [74313] Apache Traffic Server header buffer overflow
7078| [74276] Apache Wicket directory traversal
7079| [74273] Apache Wicket unspecified cross-site scripting
7080| [74181] Apache HTTP Server mod_fcgid module denial of service
7081| [73690] Apache Struts OGNL code execution
7082| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
7083| [73100] Apache MyFaces in directory traversal
7084| [73096] Apache APR hash denial of service
7085| [73052] Apache Struts name cross-site scripting
7086| [73030] Apache CXF UsernameToken security bypass
7087| [72888] Apache Struts lastName cross-site scripting
7088| [72758] Apache HTTP Server httpOnly information disclosure
7089| [72757] Apache HTTP Server MPM denial of service
7090| [72585] Apache Struts ParameterInterceptor security bypass
7091| [72438] Apache Tomcat Digest security bypass
7092| [72437] Apache Tomcat Digest security bypass
7093| [72436] Apache Tomcat DIGEST security bypass
7094| [72425] Apache Tomcat parameter denial of service
7095| [72422] Apache Tomcat request object information disclosure
7096| [72377] Apache HTTP Server scoreboard security bypass
7097| [72345] Apache HTTP Server HTTP request denial of service
7098| [72229] Apache Struts ExceptionDelegator command execution
7099| [72089] Apache Struts ParameterInterceptor directory traversal
7100| [72088] Apache Struts CookieInterceptor command execution
7101| [72047] Apache Geronimo hash denial of service
7102| [72016] Apache Tomcat hash denial of service
7103| [71711] Apache Struts OGNL expression code execution
7104| [71654] Apache Struts interfaces security bypass
7105| [71620] Apache ActiveMQ failover denial of service
7106| [71617] Apache HTTP Server mod_proxy module information disclosure
7107| [71508] Apache MyFaces EL security bypass
7108| [71445] Apache HTTP Server mod_proxy security bypass
7109| [71203] Apache Tomcat servlets privilege escalation
7110| [71181] Apache HTTP Server ap_pregsub() denial of service
7111| [71093] Apache HTTP Server ap_pregsub() buffer overflow
7112| [70336] Apache HTTP Server mod_proxy information disclosure
7113| [69804] Apache HTTP Server mod_proxy_ajp denial of service
7114| [69472] Apache Tomcat AJP security bypass
7115| [69396] Apache HTTP Server ByteRange filter denial of service
7116| [69394] Apache Wicket multi window support cross-site scripting
7117| [69176] Apache Tomcat XML information disclosure
7118| [69161] Apache Tomcat jsvc information disclosure
7119| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
7120| [68541] Apache Tomcat sendfile information disclosure
7121| [68420] Apache XML Security denial of service
7122| [68238] Apache Tomcat JMX information disclosure
7123| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
7124| [67804] Apache Subversion control rules information disclosure
7125| [67803] Apache Subversion control rules denial of service
7126| [67802] Apache Subversion baselined denial of service
7127| [67672] Apache Archiva multiple cross-site scripting
7128| [67671] Apache Archiva multiple cross-site request forgery
7129| [67564] Apache APR apr_fnmatch() denial of service
7130| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
7131| [67515] Apache Tomcat annotations security bypass
7132| [67480] Apache Struts s:submit information disclosure
7133| [67414] Apache APR apr_fnmatch() denial of service
7134| [67356] Apache Struts javatemplates cross-site scripting
7135| [67354] Apache Struts Xwork cross-site scripting
7136| [66676] Apache Tomcat HTTP BIO information disclosure
7137| [66675] Apache Tomcat web.xml security bypass
7138| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
7139| [66241] Apache HttpComponents information disclosure
7140| [66154] Apache Tomcat ServletSecurity security bypass
7141| [65971] Apache Tomcat ServletSecurity security bypass
7142| [65876] Apache Subversion mod_dav_svn denial of service
7143| [65343] Apache Continuum unspecified cross-site scripting
7144| [65162] Apache Tomcat NIO connector denial of service
7145| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
7146| [65160] Apache Tomcat HTML Manager interface cross-site scripting
7147| [65159] Apache Tomcat ServletContect security bypass
7148| [65050] Apache CouchDB web-based administration UI cross-site scripting
7149| [64773] Oracle HTTP Server Apache Plugin unauthorized access
7150| [64473] Apache Subversion blame -g denial of service
7151| [64472] Apache Subversion walk() denial of service
7152| [64407] Apache Axis2 CVE-2010-0219 code execution
7153| [63926] Apache Archiva password privilege escalation
7154| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
7155| [63493] Apache Archiva credentials cross-site request forgery
7156| [63477] Apache Tomcat HttpOnly session hijacking
7157| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
7158| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
7159| [62959] Apache Shiro filters security bypass
7160| [62790] Apache Perl cgi module denial of service
7161| [62576] Apache Qpid exchange denial of service
7162| [62575] Apache Qpid AMQP denial of service
7163| [62354] Apache Qpid SSL denial of service
7164| [62235] Apache APR-util apr_brigade_split_line() denial of service
7165| [62181] Apache XML-RPC SAX Parser information disclosure
7166| [61721] Apache Traffic Server cache poisoning
7167| [61202] Apache Derby BUILTIN authentication functionality information disclosure
7168| [61186] Apache CouchDB Futon cross-site request forgery
7169| [61169] Apache CXF DTD denial of service
7170| [61070] Apache Jackrabbit search.jsp SQL injection
7171| [61006] Apache SLMS Quoting cross-site request forgery
7172| [60962] Apache Tomcat time cross-site scripting
7173| [60883] Apache mod_proxy_http information disclosure
7174| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
7175| [60264] Apache Tomcat Transfer-Encoding denial of service
7176| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
7177| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
7178| [59413] Apache mod_proxy_http timeout information disclosure
7179| [59058] Apache MyFaces unencrypted view state cross-site scripting
7180| [58827] Apache Axis2 xsd file include
7181| [58790] Apache Axis2 modules cross-site scripting
7182| [58299] Apache ActiveMQ queueBrowse cross-site scripting
7183| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
7184| [58056] Apache ActiveMQ .jsp source code disclosure
7185| [58055] Apache Tomcat realm name information disclosure
7186| [58046] Apache HTTP Server mod_auth_shadow security bypass
7187| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
7188| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
7189| [57429] Apache CouchDB algorithms information disclosure
7190| [57398] Apache ActiveMQ Web console cross-site request forgery
7191| [57397] Apache ActiveMQ createDestination.action cross-site scripting
7192| [56653] Apache HTTP Server DNS spoofing
7193| [56652] Apache HTTP Server DNS cross-site scripting
7194| [56625] Apache HTTP Server request header information disclosure
7195| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
7196| [56623] Apache HTTP Server mod_proxy_ajp denial of service
7197| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
7198| [55857] Apache Tomcat WAR files directory traversal
7199| [55856] Apache Tomcat autoDeploy attribute security bypass
7200| [55855] Apache Tomcat WAR directory traversal
7201| [55210] Intuit component for Joomla! Apache information disclosure
7202| [54533] Apache Tomcat 404 error page cross-site scripting
7203| [54182] Apache Tomcat admin default password
7204| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
7205| [53666] Apache HTTP Server Solaris pollset support denial of service
7206| [53650] Apache HTTP Server HTTP basic-auth module security bypass
7207| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
7208| [53041] mod_proxy_ftp module for Apache denial of service
7209| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
7210| [51953] Apache Tomcat Path Disclosure
7211| [51952] Apache Tomcat Path Traversal
7212| [51951] Apache stronghold-status Information Disclosure
7213| [51950] Apache stronghold-info Information Disclosure
7214| [51949] Apache PHP Source Code Disclosure
7215| [51948] Apache Multiviews Attack
7216| [51946] Apache JServ Environment Status Information Disclosure
7217| [51945] Apache error_log Information Disclosure
7218| [51944] Apache Default Installation Page Pattern Found
7219| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
7220| [51942] Apache AXIS XML External Entity File Retrieval
7221| [51941] Apache AXIS Sample Servlet Information Leak
7222| [51940] Apache access_log Information Disclosure
7223| [51626] Apache mod_deflate denial of service
7224| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
7225| [51365] Apache Tomcat RequestDispatcher security bypass
7226| [51273] Apache HTTP Server Incomplete Request denial of service
7227| [51195] Apache Tomcat XML information disclosure
7228| [50994] Apache APR-util xml/apr_xml.c denial of service
7229| [50993] Apache APR-util apr_brigade_vprintf denial of service
7230| [50964] Apache APR-util apr_strmatch_precompile() denial of service
7231| [50930] Apache Tomcat j_security_check information disclosure
7232| [50928] Apache Tomcat AJP denial of service
7233| [50884] Apache HTTP Server XML ENTITY denial of service
7234| [50808] Apache HTTP Server AllowOverride privilege escalation
7235| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7236| [50059] Apache mod_proxy_ajp information disclosure
7237| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7238| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7239| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7240| [49921] Apache ActiveMQ Web interface cross-site scripting
7241| [49898] Apache Geronimo Services/Repository directory traversal
7242| [49725] Apache Tomcat mod_jk module information disclosure
7243| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7244| [49712] Apache Struts unspecified cross-site scripting
7245| [49213] Apache Tomcat cal2.jsp cross-site scripting
7246| [48934] Apache Tomcat POST doRead method information disclosure
7247| [48211] Apache Tomcat header HTTP request smuggling
7248| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7249| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7250| [47709] Apache Roller "
7251| [47104] Novell Netware ApacheAdmin console security bypass
7252| [47086] Apache HTTP Server OS fingerprinting unspecified
7253| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7254| [45791] Apache Tomcat RemoteFilterValve security bypass
7255| [44435] Oracle WebLogic Apache Connector buffer overflow
7256| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7257| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7258| [44156] Apache Tomcat RequestDispatcher directory traversal
7259| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7260| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7261| [42987] Apache HTTP Server mod_proxy module denial of service
7262| [42915] Apache Tomcat JSP files path disclosure
7263| [42914] Apache Tomcat MS-DOS path disclosure
7264| [42892] Apache Tomcat unspecified unauthorized access
7265| [42816] Apache Tomcat Host Manager cross-site scripting
7266| [42303] Apache 403 error cross-site scripting
7267| [41618] Apache-SSL ExpandCert() authentication bypass
7268| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7269| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7270| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7271| [40562] Apache Geronimo init information disclosure
7272| [40478] Novell Web Manager webadmin-apache.conf security bypass
7273| [40411] Apache Tomcat exception handling information disclosure
7274| [40409] Apache Tomcat native (APR based) connector weak security
7275| [40403] Apache Tomcat quotes and %5C cookie information disclosure
7276| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
7277| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
7278| [39867] Apache HTTP Server mod_negotiation cross-site scripting
7279| [39804] Apache Tomcat SingleSignOn information disclosure
7280| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
7281| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
7282| [39608] Apache HTTP Server balancer manager cross-site request forgery
7283| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
7284| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
7285| [39472] Apache HTTP Server mod_status cross-site scripting
7286| [39201] Apache Tomcat JULI logging weak security
7287| [39158] Apache HTTP Server Windows SMB shares information disclosure
7288| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7289| [38951] Apache::AuthCAS Perl module cookie SQL injection
7290| [38800] Apache HTTP Server 413 error page cross-site scripting
7291| [38211] Apache Geronimo SQLLoginModule authentication bypass
7292| [37243] Apache Tomcat WebDAV directory traversal
7293| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7294| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7295| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7296| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7297| [36782] Apache Geronimo MEJB unauthorized access
7298| [36586] Apache HTTP Server UTF-7 cross-site scripting
7299| [36468] Apache Geronimo LoginModule security bypass
7300| [36467] Apache Tomcat functions.jsp cross-site scripting
7301| [36402] Apache Tomcat calendar cross-site request forgery
7302| [36354] Apache HTTP Server mod_proxy module denial of service
7303| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7304| [36336] Apache Derby lock table privilege escalation
7305| [36335] Apache Derby schema privilege escalation
7306| [36006] Apache Tomcat "
7307| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7308| [35999] Apache Tomcat \"
7309| [35795] Apache Tomcat CookieExample cross-site scripting
7310| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7311| [35384] Apache HTTP Server mod_cache module denial of service
7312| [35097] Apache HTTP Server mod_status module cross-site scripting
7313| [35095] Apache HTTP Server Prefork MPM module denial of service
7314| [34984] Apache HTTP Server recall_headers information disclosure
7315| [34966] Apache HTTP Server MPM content spoofing
7316| [34965] Apache HTTP Server MPM information disclosure
7317| [34963] Apache HTTP Server MPM multiple denial of service
7318| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7319| [34869] Apache Tomcat JSP example Web application cross-site scripting
7320| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7321| [34496] Apache Tomcat JK Connector security bypass
7322| [34377] Apache Tomcat hello.jsp cross-site scripting
7323| [34212] Apache Tomcat SSL configuration security bypass
7324| [34210] Apache Tomcat Accept-Language cross-site scripting
7325| [34209] Apache Tomcat calendar application cross-site scripting
7326| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7327| [34167] Apache Axis WSDL file path disclosure
7328| [34068] Apache Tomcat AJP connector information disclosure
7329| [33584] Apache HTTP Server suEXEC privilege escalation
7330| [32988] Apache Tomcat proxy module directory traversal
7331| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7332| [32708] Debian Apache tty privilege escalation
7333| [32441] ApacheStats extract() PHP call unspecified
7334| [32128] Apache Tomcat default account
7335| [31680] Apache Tomcat RequestParamExample cross-site scripting
7336| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7337| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7338| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7339| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7340| [29550] Apache mod_tcl set_var() format string
7341| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7342| [28357] Apache HTTP Server mod_alias script source information disclosure
7343| [28063] Apache mod_rewrite off-by-one buffer overflow
7344| [27902] Apache Tomcat URL information disclosure
7345| [26786] Apache James SMTP server denial of service
7346| [25680] libapache2 /tmp/svn file upload
7347| [25614] Apache Struts lookupMap cross-site scripting
7348| [25613] Apache Struts ActionForm denial of service
7349| [25612] Apache Struts isCancelled() security bypass
7350| [24965] Apache mod_python FileSession command execution
7351| [24716] Apache James spooler memory leak denial of service
7352| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7353| [24158] Apache Geronimo jsp-examples cross-site scripting
7354| [24030] Apache auth_ldap module multiple format strings
7355| [24008] Apache mod_ssl custom error message denial of service
7356| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7357| [23612] Apache mod_imap referer field cross-site scripting
7358| [23173] Apache Struts error message cross-site scripting
7359| [22942] Apache Tomcat directory listing denial of service
7360| [22858] Apache Multi-Processing Module code allows denial of service
7361| [22602] RHSA-2005:582 updates for Apache httpd not installed
7362| [22520] Apache mod-auth-shadow "
7363| [22466] ApacheTop symlink
7364| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7365| [22006] Apache HTTP Server byte-range filter denial of service
7366| [21567] Apache mod_ssl off-by-one buffer overflow
7367| [21195] Apache HTTP Server header HTTP request smuggling
7368| [20383] Apache HTTP Server htdigest buffer overflow
7369| [19681] Apache Tomcat AJP12 request denial of service
7370| [18993] Apache HTTP server check_forensic symlink attack
7371| [18790] Apache Tomcat Manager cross-site scripting
7372| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7373| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7374| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7375| [17961] Apache Web server ServerTokens has not been set
7376| [17930] Apache HTTP Server HTTP GET request denial of service
7377| [17785] Apache mod_include module buffer overflow
7378| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7379| [17473] Apache HTTP Server Satisfy directive allows access to resources
7380| [17413] Apache htpasswd buffer overflow
7381| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7382| [17382] Apache HTTP Server IPv6 apr_util denial of service
7383| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7384| [17273] Apache HTTP Server speculative mode denial of service
7385| [17200] Apache HTTP Server mod_ssl denial of service
7386| [16890] Apache HTTP Server server-info request has been detected
7387| [16889] Apache HTTP Server server-status request has been detected
7388| [16705] Apache mod_ssl format string attack
7389| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7390| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7391| [16230] Apache HTTP Server PHP denial of service
7392| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7393| [15958] Apache HTTP Server authentication modules memory corruption
7394| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7395| [15540] Apache HTTP Server socket starvation denial of service
7396| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7397| [15422] Apache HTTP Server mod_access information disclosure
7398| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7399| [15293] Apache for Cygwin "
7400| [15065] Apache-SSL has a default password
7401| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7402| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7403| [14751] Apache Mod_python output filter information disclosure
7404| [14125] Apache HTTP Server mod_userdir module information disclosure
7405| [14075] Apache HTTP Server mod_php file descriptor leak
7406| [13703] Apache HTTP Server account
7407| [13689] Apache HTTP Server configuration allows symlinks
7408| [13688] Apache HTTP Server configuration allows SSI
7409| [13687] Apache HTTP Server Server: header value
7410| [13685] Apache HTTP Server ServerTokens value
7411| [13684] Apache HTTP Server ServerSignature value
7412| [13672] Apache HTTP Server config allows directory autoindexing
7413| [13671] Apache HTTP Server default content
7414| [13670] Apache HTTP Server config file directive references outside content root
7415| [13668] Apache HTTP Server httpd not running in chroot environment
7416| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7417| [13664] Apache HTTP Server config file contains ScriptAlias entry
7418| [13663] Apache HTTP Server CGI support modules loaded
7419| [13661] Apache HTTP Server config file contains AddHandler entry
7420| [13660] Apache HTTP Server 500 error page not CGI script
7421| [13659] Apache HTTP Server 413 error page not CGI script
7422| [13658] Apache HTTP Server 403 error page not CGI script
7423| [13657] Apache HTTP Server 401 error page not CGI script
7424| [13552] Apache HTTP Server mod_cgid module information disclosure
7425| [13550] Apache GET request directory traversal
7426| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7427| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7428| [13429] Apache Tomcat non-HTTP request denial of service
7429| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7430| [13295] Apache weak password encryption
7431| [13254] Apache Tomcat .jsp cross-site scripting
7432| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7433| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7434| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7435| [12662] Apache HTTP Server rotatelogs denial of service
7436| [12554] Apache Tomcat stores password in plain text
7437| [12553] Apache HTTP Server redirects and subrequests denial of service
7438| [12552] Apache HTTP Server FTP proxy server denial of service
7439| [12551] Apache HTTP Server prefork MPM denial of service
7440| [12550] Apache HTTP Server weaker than expected encryption
7441| [12549] Apache HTTP Server type-map file denial of service
7442| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7443| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7444| [12091] Apache HTTP Server apr_password_validate denial of service
7445| [12090] Apache HTTP Server apr_psprintf code execution
7446| [11804] Apache HTTP Server mod_access_referer denial of service
7447| [11750] Apache HTTP Server could leak sensitive file descriptors
7448| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7449| [11703] Apache long slash path allows directory listing
7450| [11695] Apache HTTP Server LF (Line Feed) denial of service
7451| [11694] Apache HTTP Server filestat.c denial of service
7452| [11438] Apache HTTP Server MIME message boundaries information disclosure
7453| [11412] Apache HTTP Server error log terminal escape sequence injection
7454| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7455| [11195] Apache Tomcat web.xml could be used to read files
7456| [11194] Apache Tomcat URL appended with a null character could list directories
7457| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7458| [11126] Apache HTTP Server illegal character file disclosure
7459| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7460| [11124] Apache HTTP Server DOS device name denial of service
7461| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7462| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7463| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7464| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7465| [10499] Apache HTTP Server WebDAV HTTP POST view source
7466| [10457] Apache HTTP Server mod_ssl "
7467| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7468| [10414] Apache HTTP Server htdigest multiple buffer overflows
7469| [10413] Apache HTTP Server htdigest temporary file race condition
7470| [10412] Apache HTTP Server htpasswd temporary file race condition
7471| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7472| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7473| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7474| [10280] Apache HTTP Server shared memory scorecard overwrite
7475| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7476| [10241] Apache HTTP Server Host: header cross-site scripting
7477| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7478| [10208] Apache HTTP Server mod_dav denial of service
7479| [10206] HP VVOS Apache mod_ssl denial of service
7480| [10200] Apache HTTP Server stderr denial of service
7481| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7482| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7483| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7484| [10098] Slapper worm targets OpenSSL/Apache systems
7485| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7486| [9875] Apache HTTP Server .var file request could disclose installation path
7487| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7488| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7489| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7490| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7491| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7492| [9396] Apache Tomcat null character to threads denial of service
7493| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7494| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7495| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7496| [8932] Apache Tomcat example class information disclosure
7497| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7498| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7499| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7500| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7501| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7502| [8400] Apache HTTP Server mod_frontpage buffer overflows
7503| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7504| [8308] Apache "
7505| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7506| [8119] Apache and PHP OPTIONS request reveals "
7507| [8054] Apache is running on the system
7508| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7509| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7510| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7511| [7836] Apache HTTP Server log directory denial of service
7512| [7815] Apache for Windows "
7513| [7810] Apache HTTP request could result in unexpected behavior
7514| [7599] Apache Tomcat reveals installation path
7515| [7494] Apache "
7516| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7517| [7363] Apache Web Server hidden HTTP requests
7518| [7249] Apache mod_proxy denial of service
7519| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7520| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7521| [7059] Apache "
7522| [7057] Apache "
7523| [7056] Apache "
7524| [7055] Apache "
7525| [7054] Apache "
7526| [6997] Apache Jakarta Tomcat error message may reveal information
7527| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7528| [6970] Apache crafted HTTP request could reveal the internal IP address
7529| [6921] Apache long slash path allows directory listing
7530| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7531| [6527] Apache Web Server for Windows and OS2 denial of service
7532| [6316] Apache Jakarta Tomcat may reveal JSP source code
7533| [6305] Apache Jakarta Tomcat directory traversal
7534| [5926] Linux Apache symbolic link
7535| [5659] Apache Web server discloses files when used with php script
7536| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7537| [5204] Apache WebDAV directory listings
7538| [5197] Apache Web server reveals CGI script source code
7539| [5160] Apache Jakarta Tomcat default installation
7540| [5099] Trustix Secure Linux installs Apache with world writable access
7541| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7542| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7543| [4931] Apache source.asp example file allows users to write to files
7544| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7545| [4205] Apache Jakarta Tomcat delivers file contents
7546| [2084] Apache on Debian by default serves the /usr/doc directory
7547| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7548| [697] Apache HTTP server beck exploit
7549| [331] Apache cookies buffer overflow
7550|
7551| Exploit-DB - https://www.exploit-db.com:
7552| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7553| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7554| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7555| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7556| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7557| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7558| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7559| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7560| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7561| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7562| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7563| [29859] Apache Roller OGNL Injection
7564| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7565| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7566| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7567| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7568| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7569| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7570| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7571| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7572| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7573| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7574| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7575| [27096] Apache Geronimo 1.0 Error Page XSS
7576| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7577| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7578| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7579| [25986] Plesk Apache Zeroday Remote Exploit
7580| [25980] Apache Struts includeParams Remote Code Execution
7581| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7582| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7583| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7584| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7585| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7586| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7587| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7588| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7589| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7590| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7591| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7592| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7593| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7594| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7595| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7596| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7597| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7598| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7599| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7600| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7601| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7602| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7603| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7604| [21719] Apache 2.0 Path Disclosure Vulnerability
7605| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7606| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7607| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7608| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7609| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7610| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7611| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7612| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7613| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7614| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7615| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7616| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7617| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7618| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7619| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7620| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7621| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7622| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7623| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7624| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7625| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7626| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7627| [20558] Apache 1.2 Web Server DoS Vulnerability
7628| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7629| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7630| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7631| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7632| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7633| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7634| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7635| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7636| [19231] PHP apache_request_headers Function Buffer Overflow
7637| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7638| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7639| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7640| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7641| [18442] Apache httpOnly Cookie Disclosure
7642| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7643| [18221] Apache HTTP Server Denial of Service
7644| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7645| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7646| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7647| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7648| [16782] Apache Win32 Chunked Encoding
7649| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7650| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7651| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7652| [15319] Apache 2.2 (Windows) Local Denial of Service
7653| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7654| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7655| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7656| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7657| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7658| [12330] Apache OFBiz - Multiple XSS
7659| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7660| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7661| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7662| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7663| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7664| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7665| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7666| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7667| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7668| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7669| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7670| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7671| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7672| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7673| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7674| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7675| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7676| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7677| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7678| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7679| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7680| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7681| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7682| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7683| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7684| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7685| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7686| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7687| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7688| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7689| [466] htpasswd Apache 1.3.31 - Local Exploit
7690| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7691| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7692| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7693| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7694| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7695| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7696| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7697| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7698| [9] Apache HTTP Server 2.x Memory Leak Exploit
7699|
7700| OpenVAS (Nessus) - http://www.openvas.org:
7701| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7702| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7703| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7704| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7705| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7706| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7707| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7708| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7709| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7710| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7711| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7712| [900571] Apache APR-Utils Version Detection
7713| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7714| [900496] Apache Tiles Multiple XSS Vulnerability
7715| [900493] Apache Tiles Version Detection
7716| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7717| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7718| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7719| [870175] RedHat Update for apache RHSA-2008:0004-01
7720| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7721| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7722| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7723| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7724| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7725| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7726| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7727| [855821] Solaris Update for Apache 1.3 122912-19
7728| [855812] Solaris Update for Apache 1.3 122911-19
7729| [855737] Solaris Update for Apache 1.3 122911-17
7730| [855731] Solaris Update for Apache 1.3 122912-17
7731| [855695] Solaris Update for Apache 1.3 122911-16
7732| [855645] Solaris Update for Apache 1.3 122912-16
7733| [855587] Solaris Update for kernel update and Apache 108529-29
7734| [855566] Solaris Update for Apache 116973-07
7735| [855531] Solaris Update for Apache 116974-07
7736| [855524] Solaris Update for Apache 2 120544-14
7737| [855494] Solaris Update for Apache 1.3 122911-15
7738| [855478] Solaris Update for Apache Security 114145-11
7739| [855472] Solaris Update for Apache Security 113146-12
7740| [855179] Solaris Update for Apache 1.3 122912-15
7741| [855147] Solaris Update for kernel update and Apache 108528-29
7742| [855077] Solaris Update for Apache 2 120543-14
7743| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7744| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7745| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7746| [841209] Ubuntu Update for apache2 USN-1627-1
7747| [840900] Ubuntu Update for apache2 USN-1368-1
7748| [840798] Ubuntu Update for apache2 USN-1259-1
7749| [840734] Ubuntu Update for apache2 USN-1199-1
7750| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7751| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7752| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7753| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7754| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7755| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7756| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7757| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7758| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7759| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7760| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7761| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7762| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7763| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7764| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7765| [835188] HP-UX Update for Apache HPSBUX02308
7766| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7767| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7768| [835172] HP-UX Update for Apache HPSBUX02365
7769| [835168] HP-UX Update for Apache HPSBUX02313
7770| [835148] HP-UX Update for Apache HPSBUX01064
7771| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7772| [835131] HP-UX Update for Apache HPSBUX00256
7773| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7774| [835104] HP-UX Update for Apache HPSBUX00224
7775| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7776| [835101] HP-UX Update for Apache HPSBUX01232
7777| [835080] HP-UX Update for Apache HPSBUX02273
7778| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7779| [835044] HP-UX Update for Apache HPSBUX01019
7780| [835040] HP-UX Update for Apache PHP HPSBUX00207
7781| [835025] HP-UX Update for Apache HPSBUX00197
7782| [835023] HP-UX Update for Apache HPSBUX01022
7783| [835022] HP-UX Update for Apache HPSBUX02292
7784| [835005] HP-UX Update for Apache HPSBUX02262
7785| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7786| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7787| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7788| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7789| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7790| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7791| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7792| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7793| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7794| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7795| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7796| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7797| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7798| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7799| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7800| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7801| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7802| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7803| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7804| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7805| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7806| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7807| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7808| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7809| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7810| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7811| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7812| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7813| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7814| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7815| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7816| [801942] Apache Archiva Multiple Vulnerabilities
7817| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7818| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7819| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7820| [801284] Apache Derby Information Disclosure Vulnerability
7821| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7822| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7823| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7824| [800680] Apache APR Version Detection
7825| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7826| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7827| [800677] Apache Roller Version Detection
7828| [800279] Apache mod_jk Module Version Detection
7829| [800278] Apache Struts Cross Site Scripting Vulnerability
7830| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7831| [800276] Apache Struts Version Detection
7832| [800271] Apache Struts Directory Traversal Vulnerability
7833| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7834| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7835| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7836| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7837| [103074] Apache Continuum Cross Site Scripting Vulnerability
7838| [103073] Apache Continuum Detection
7839| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7840| [101023] Apache Open For Business Weak Password security check
7841| [101020] Apache Open For Business HTML injection vulnerability
7842| [101019] Apache Open For Business service detection
7843| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7844| [100923] Apache Archiva Detection
7845| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7846| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7847| [100813] Apache Axis2 Detection
7848| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7849| [100795] Apache Derby Detection
7850| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7851| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7852| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7853| [100514] Apache Multiple Security Vulnerabilities
7854| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7855| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7856| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7857| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7858| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7859| [72612] FreeBSD Ports: apache22
7860| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7861| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7862| [71512] FreeBSD Ports: apache
7863| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7864| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7865| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7866| [70737] FreeBSD Ports: apache
7867| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7868| [70600] FreeBSD Ports: apache
7869| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7870| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7871| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7872| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7873| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7874| [67868] FreeBSD Ports: apache
7875| [66816] FreeBSD Ports: apache
7876| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7877| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7878| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7879| [66081] SLES11: Security update for Apache 2
7880| [66074] SLES10: Security update for Apache 2
7881| [66070] SLES9: Security update for Apache 2
7882| [65998] SLES10: Security update for apache2-mod_python
7883| [65893] SLES10: Security update for Apache 2
7884| [65888] SLES10: Security update for Apache 2
7885| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7886| [65510] SLES9: Security update for Apache 2
7887| [65472] SLES9: Security update for Apache
7888| [65467] SLES9: Security update for Apache
7889| [65450] SLES9: Security update for apache2
7890| [65390] SLES9: Security update for Apache2
7891| [65363] SLES9: Security update for Apache2
7892| [65309] SLES9: Security update for Apache and mod_ssl
7893| [65296] SLES9: Security update for webdav apache module
7894| [65283] SLES9: Security update for Apache2
7895| [65249] SLES9: Security update for Apache 2
7896| [65230] SLES9: Security update for Apache 2
7897| [65228] SLES9: Security update for Apache 2
7898| [65212] SLES9: Security update for apache2-mod_python
7899| [65209] SLES9: Security update for apache2-worker
7900| [65207] SLES9: Security update for Apache 2
7901| [65168] SLES9: Security update for apache2-mod_python
7902| [65142] SLES9: Security update for Apache2
7903| [65136] SLES9: Security update for Apache 2
7904| [65132] SLES9: Security update for apache
7905| [65131] SLES9: Security update for Apache 2 oes/CORE
7906| [65113] SLES9: Security update for apache2
7907| [65072] SLES9: Security update for apache and mod_ssl
7908| [65017] SLES9: Security update for Apache 2
7909| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7910| [64783] FreeBSD Ports: apache
7911| [64774] Ubuntu USN-802-2 (apache2)
7912| [64653] Ubuntu USN-813-2 (apache2)
7913| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7914| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7915| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7916| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7917| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7918| [64443] Ubuntu USN-802-1 (apache2)
7919| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7920| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7921| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7922| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7923| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7924| [64201] Ubuntu USN-787-1 (apache2)
7925| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7926| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7927| [63565] FreeBSD Ports: apache
7928| [63562] Ubuntu USN-731-1 (apache2)
7929| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7930| [61185] FreeBSD Ports: apache
7931| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7932| [60387] Slackware Advisory SSA:2008-045-02 apache
7933| [58826] FreeBSD Ports: apache-tomcat
7934| [58825] FreeBSD Ports: apache-tomcat
7935| [58804] FreeBSD Ports: apache
7936| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7937| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7938| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7939| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7940| [57335] Debian Security Advisory DSA 1167-1 (apache)
7941| [57201] Debian Security Advisory DSA 1131-1 (apache)
7942| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7943| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7944| [57145] FreeBSD Ports: apache
7945| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7946| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7947| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7948| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7949| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7950| [56067] FreeBSD Ports: apache
7951| [55803] Slackware Advisory SSA:2005-310-04 apache
7952| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7953| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7954| [55355] FreeBSD Ports: apache
7955| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7956| [55261] Debian Security Advisory DSA 805-1 (apache2)
7957| [55259] Debian Security Advisory DSA 803-1 (apache)
7958| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7959| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7960| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7961| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7962| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7963| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7964| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7965| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7966| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7967| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7968| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7969| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7970| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7971| [54439] FreeBSD Ports: apache
7972| [53931] Slackware Advisory SSA:2004-133-01 apache
7973| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7974| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7975| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7976| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7977| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7978| [53848] Debian Security Advisory DSA 131-1 (apache)
7979| [53784] Debian Security Advisory DSA 021-1 (apache)
7980| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7981| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7982| [53735] Debian Security Advisory DSA 187-1 (apache)
7983| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7984| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7985| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7986| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7987| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7988| [53282] Debian Security Advisory DSA 594-1 (apache)
7989| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7990| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7991| [53215] Debian Security Advisory DSA 525-1 (apache)
7992| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7993| [52529] FreeBSD Ports: apache+ssl
7994| [52501] FreeBSD Ports: apache
7995| [52461] FreeBSD Ports: apache
7996| [52390] FreeBSD Ports: apache
7997| [52389] FreeBSD Ports: apache
7998| [52388] FreeBSD Ports: apache
7999| [52383] FreeBSD Ports: apache
8000| [52339] FreeBSD Ports: apache+mod_ssl
8001| [52331] FreeBSD Ports: apache
8002| [52329] FreeBSD Ports: ru-apache+mod_ssl
8003| [52314] FreeBSD Ports: apache
8004| [52310] FreeBSD Ports: apache
8005| [15588] Detect Apache HTTPS
8006| [15555] Apache mod_proxy content-length buffer overflow
8007| [15554] Apache mod_include priviledge escalation
8008| [14771] Apache <= 1.3.33 htpasswd local overflow
8009| [14177] Apache mod_access rule bypass
8010| [13644] Apache mod_rootme Backdoor
8011| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
8012| [12280] Apache Connection Blocking Denial of Service
8013| [12239] Apache Error Log Escape Sequence Injection
8014| [12123] Apache Tomcat source.jsp malformed request information disclosure
8015| [12085] Apache Tomcat servlet/JSP container default files
8016| [11438] Apache Tomcat Directory Listing and File disclosure
8017| [11204] Apache Tomcat Default Accounts
8018| [11092] Apache 2.0.39 Win32 directory traversal
8019| [11046] Apache Tomcat TroubleShooter Servlet Installed
8020| [11042] Apache Tomcat DOS Device Name XSS
8021| [11041] Apache Tomcat /servlet Cross Site Scripting
8022| [10938] Apache Remote Command Execution via .bat files
8023| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
8024| [10773] MacOS X Finder reveals contents of Apache Web files
8025| [10766] Apache UserDir Sensitive Information Disclosure
8026| [10756] MacOS X Finder reveals contents of Apache Web directories
8027| [10752] Apache Auth Module SQL Insertion Attack
8028| [10704] Apache Directory Listing
8029| [10678] Apache /server-info accessible
8030| [10677] Apache /server-status accessible
8031| [10440] Check for Apache Multiple / vulnerability
8032|
8033| SecurityTracker - https://www.securitytracker.com:
8034| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
8035| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
8036| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
8037| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
8038| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8039| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8040| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8041| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
8042| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
8043| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
8044| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8045| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
8046| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
8047| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
8048| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
8049| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
8050| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
8051| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
8052| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
8053| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
8054| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
8055| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
8056| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
8057| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8058| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
8059| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8060| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8061| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
8062| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
8063| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
8064| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
8065| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
8066| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
8067| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
8068| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
8069| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
8070| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
8071| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
8072| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
8073| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
8074| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
8075| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
8076| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
8077| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
8078| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
8079| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
8080| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8081| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
8082| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
8083| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
8084| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
8085| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
8086| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
8087| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
8088| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
8089| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
8090| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
8091| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
8092| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
8093| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
8094| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
8095| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
8096| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
8097| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
8098| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
8099| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
8100| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
8101| [1024096] Apache mod_proxy_http May Return Results for a Different Request
8102| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
8103| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
8104| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
8105| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
8106| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
8107| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
8108| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
8109| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
8110| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
8111| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
8112| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
8113| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
8114| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
8115| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8116| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
8117| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
8118| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
8119| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
8120| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
8121| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8122| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
8123| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
8124| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
8125| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
8126| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
8127| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
8128| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
8129| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
8130| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
8131| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
8132| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
8133| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
8134| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
8135| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
8136| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
8137| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
8138| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
8139| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
8140| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
8141| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
8142| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
8143| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
8144| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
8145| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
8146| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
8147| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
8148| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
8149| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
8150| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
8151| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
8152| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
8153| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
8154| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
8155| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
8156| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
8157| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
8158| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
8159| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
8160| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
8161| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
8162| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
8163| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
8164| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
8165| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
8166| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
8167| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
8168| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
8169| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
8170| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
8171| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
8172| [1008920] Apache mod_digest May Validate Replayed Client Responses
8173| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
8174| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
8175| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
8176| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
8177| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
8178| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
8179| [1008030] Apache mod_rewrite Contains a Buffer Overflow
8180| [1008029] Apache mod_alias Contains a Buffer Overflow
8181| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
8182| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
8183| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
8184| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
8185| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
8186| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
8187| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
8188| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
8189| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
8190| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
8191| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
8192| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
8193| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
8194| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
8195| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
8196| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
8197| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
8198| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
8199| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
8200| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
8201| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
8202| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
8203| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
8204| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
8205| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
8206| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
8207| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
8208| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
8209| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
8210| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
8211| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
8212| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
8213| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
8214| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
8215| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
8216| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
8217| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
8218| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
8219| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8220| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8221| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
8222| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
8223| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
8224| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
8225| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
8226| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
8227| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
8228| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
8229| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
8230| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
8231| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8232| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8233| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8234| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8235| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8236| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8237|
8238| OSVDB - http://www.osvdb.org:
8239| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8240| [96077] Apache CloudStack Global Settings Multiple Field XSS
8241| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8242| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8243| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8244| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8245| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8246| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8247| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8248| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8249| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8250| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8251| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8252| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8253| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8254| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8255| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8256| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8257| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8258| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8259| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8260| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8261| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8262| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8263| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8264| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8265| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8266| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8267| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8268| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8269| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8270| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8271| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
8272| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
8273| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
8274| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
8275| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
8276| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
8277| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
8278| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
8279| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
8280| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
8281| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
8282| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
8283| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
8284| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
8285| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
8286| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
8287| [94279] Apache Qpid CA Certificate Validation Bypass
8288| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8289| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8290| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8291| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8292| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8293| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8294| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8295| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8296| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8297| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8298| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8299| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8300| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8301| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8302| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8303| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8304| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8305| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8306| [93541] Apache Solr json.wrf Callback XSS
8307| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8308| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8309| [93520] Apache CloudStack Default SSL Key Weakness
8310| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8311| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8312| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8313| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8314| [93515] Apache HBase table.jsp name Parameter XSS
8315| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8316| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8317| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8318| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8319| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8320| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8321| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8322| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8323| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8324| [93252] Apache Tomcat FORM Authenticator Session Fixation
8325| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8326| [93171] Apache Sling HtmlResponse Error Message XSS
8327| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8328| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8329| [93168] Apache Click ErrorReport.java id Parameter XSS
8330| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8331| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8332| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8333| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8334| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8335| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8336| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8337| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8338| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8339| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8340| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8341| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8342| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8343| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8344| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8345| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8346| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8347| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8348| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8349| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8350| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8351| [93144] Apache Solr Admin Command Execution CSRF
8352| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8353| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8354| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8355| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8356| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8357| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8358| [92748] Apache CloudStack VM Console Access Restriction Bypass
8359| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8360| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8361| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8362| [92706] Apache ActiveMQ Debug Log Rendering XSS
8363| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8364| [92270] Apache Tomcat Unspecified CSRF
8365| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8366| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8367| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8368| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8369| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8370| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8371| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8372| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8373| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8374| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8375| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8376| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8377| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8378| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8379| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8380| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8381| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8382| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8383| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8384| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8385| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8386| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8387| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8388| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8389| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8390| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8391| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8392| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8393| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8394| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8395| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8396| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8397| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8398| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8399| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8400| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8401| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8402| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8403| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8404| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8405| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8406| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8407| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8408| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8409| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8410| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8411| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8412| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8413| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8414| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8415| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8416| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8417| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8418| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8419| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8420| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8421| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8422| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8423| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8424| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8425| [86901] Apache Tomcat Error Message Path Disclosure
8426| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8427| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8428| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8429| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8430| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8431| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8432| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8433| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8434| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8435| [85430] Apache mod_pagespeed Module Unspecified XSS
8436| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8437| [85249] Apache Wicket Unspecified XSS
8438| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8439| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8440| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8441| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8442| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8443| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8444| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8445| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8446| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8447| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8448| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8449| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8450| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8451| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8452| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8453| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8454| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8455| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8456| [83339] Apache Roller Blogger Roll Unspecified XSS
8457| [83270] Apache Roller Unspecified Admin Action CSRF
8458| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8459| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8460| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8461| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8462| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8463| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8464| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8465| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8466| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8467| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8468| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8469| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8470| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8471| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8472| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8473| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8474| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8475| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8476| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8477| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8478| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8479| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8480| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8481| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8482| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8483| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8484| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8485| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8486| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8487| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8488| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8489| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8490| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8491| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8492| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8493| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8494| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8495| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8496| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8497| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8498| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8499| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8500| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8501| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8502| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8503| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8504| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8505| [77593] Apache Struts Conversion Error OGNL Expression Injection
8506| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8507| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8508| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8509| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8510| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8511| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8512| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8513| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8514| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8515| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8516| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8517| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8518| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8519| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8520| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8521| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8522| [74725] Apache Wicket Multi Window Support Unspecified XSS
8523| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8524| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8525| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8526| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8527| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8528| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8529| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8530| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8531| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8532| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8533| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8534| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8535| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8536| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8537| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8538| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8539| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8540| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8541| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8542| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8543| [73154] Apache Archiva Multiple Unspecified CSRF
8544| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8545| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8546| [72238] Apache Struts Action / Method Names <
8547| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8548| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8549| [71557] Apache Tomcat HTML Manager Multiple XSS
8550| [71075] Apache Archiva User Management Page XSS
8551| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8552| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8553| [70924] Apache Continuum Multiple Admin Function CSRF
8554| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8555| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8556| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8557| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8558| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8559| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8560| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8561| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8562| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8563| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8564| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8565| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8566| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8567| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8568| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8569| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8570| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8571| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8572| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8573| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8574| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8575| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8576| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8577| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8578| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8579| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8580| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8581| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8582| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8583| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8584| [65054] Apache ActiveMQ Jetty Error Handler XSS
8585| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8586| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8587| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8588| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8589| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8590| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8591| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8592| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8593| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8594| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8595| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8596| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8597| [63895] Apache HTTP Server mod_headers Unspecified Issue
8598| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8599| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8600| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8601| [63140] Apache Thrift Service Malformed Data Remote DoS
8602| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8603| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8604| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8605| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8606| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8607| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8608| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8609| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8610| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8611| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8612| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8613| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8614| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8615| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8616| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8617| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8618| [60678] Apache Roller Comment Email Notification Manipulation DoS
8619| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8620| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8621| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8622| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8623| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8624| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8625| [60232] PHP on Apache php.exe Direct Request Remote DoS
8626| [60176] Apache Tomcat Windows Installer Admin Default Password
8627| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8628| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8629| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8630| [59944] Apache Hadoop jobhistory.jsp XSS
8631| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8632| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8633| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8634| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8635| [59019] Apache mod_python Cookie Salting Weakness
8636| [59018] Apache Harmony Error Message Handling Overflow
8637| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8638| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8639| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8640| [59010] Apache Solr get-file.jsp XSS
8641| [59009] Apache Solr action.jsp XSS
8642| [59008] Apache Solr analysis.jsp XSS
8643| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8644| [59006] Apache Beehive select / checkbox Tag XSS
8645| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8646| [59004] Apache Beehive Error Message XSS
8647| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8648| [59002] Apache Jetspeed default-page.psml URI XSS
8649| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8650| [59000] Apache CXF Unsigned Message Policy Bypass
8651| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8652| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8653| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8654| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8655| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8656| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8657| [58993] Apache Hadoop browseBlock.jsp XSS
8658| [58991] Apache Hadoop browseDirectory.jsp XSS
8659| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8660| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8661| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8662| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8663| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8664| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8665| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8666| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8667| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8668| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8669| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8670| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8671| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8672| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8673| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8674| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8675| [58974] Apache Sling /apps Script User Session Management Access Weakness
8676| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8677| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8678| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8679| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8680| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8681| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8682| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8683| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8684| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8685| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8686| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8687| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8688| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8689| [58805] Apache Derby Unauthenticated Database / Admin Access
8690| [58804] Apache Wicket Header Contribution Unspecified Issue
8691| [58803] Apache Wicket Session Fixation
8692| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8693| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8694| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8695| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8696| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8697| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8698| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8699| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8700| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8701| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8702| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8703| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8704| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8705| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8706| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8707| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8708| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8709| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8710| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8711| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8712| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8713| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8714| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8715| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8716| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8717| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8718| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8719| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8720| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8721| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8722| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8723| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8724| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8725| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8726| [58755] Apache Harmony DRLVM Non-public Class Member Access
8727| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8728| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8729| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8730| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8731| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8732| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8733| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8734| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8735| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8736| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8737| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8738| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8739| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8740| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8741| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8742| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8743| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8744| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8745| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8746| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8747| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8748| [58724] Apache Roller Logout Functionality Failure Session Persistence
8749| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8750| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8751| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8752| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8753| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8754| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8755| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8756| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8757| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8758| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8759| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8760| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8761| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8762| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8763| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8764| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8765| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8766| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8767| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8768| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8769| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8770| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8771| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8772| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8773| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8774| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8775| [58687] Apache Axis Invalid wsdl Request XSS
8776| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8777| [58685] Apache Velocity Template Designer Privileged Code Execution
8778| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8779| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8780| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8781| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8782| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8783| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8784| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8785| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8786| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8787| [58667] Apache Roller Database Cleartext Passwords Disclosure
8788| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8789| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8790| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8791| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8792| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8793| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8794| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8795| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8796| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8797| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8798| [56984] Apache Xerces2 Java Malformed XML Input DoS
8799| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8800| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8801| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8802| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8803| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8804| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8805| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8806| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8807| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8808| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8809| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8810| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8811| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8812| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8813| [55056] Apache Tomcat Cross-application TLD File Manipulation
8814| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8815| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8816| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8817| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8818| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8819| [54589] Apache Jserv Nonexistent JSP Request XSS
8820| [54122] Apache Struts s:a / s:url Tag href Element XSS
8821| [54093] Apache ActiveMQ Web Console JMS Message XSS
8822| [53932] Apache Geronimo Multiple Admin Function CSRF
8823| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8824| [53930] Apache Geronimo /console/portal/ URI XSS
8825| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8826| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8827| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8828| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8829| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8830| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8831| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8832| [53380] Apache Struts Unspecified XSS
8833| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8834| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8835| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8836| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8837| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8838| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8839| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8840| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8841| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8842| [51151] Apache Roller Search Function q Parameter XSS
8843| [50482] PHP with Apache php_value Order Unspecified Issue
8844| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8845| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8846| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8847| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8848| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8849| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8850| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8851| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8852| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8853| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8854| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8855| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8856| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8857| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8858| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8859| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8860| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8861| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8862| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8863| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8864| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8865| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8866| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8867| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8868| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8869| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8870| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8871| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8872| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8873| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8874| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8875| [43452] Apache Tomcat HTTP Request Smuggling
8876| [43309] Apache Geronimo LoginModule Login Method Bypass
8877| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8878| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8879| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8880| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8881| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8882| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8883| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8884| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8885| [42091] Apache Maven Site Plugin Installation Permission Weakness
8886| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8887| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8888| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8889| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8890| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8891| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8892| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8893| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8894| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8895| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8896| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8897| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8898| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8899| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8900| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8901| [40262] Apache HTTP Server mod_status refresh XSS
8902| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8903| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8904| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8905| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8906| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8907| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8908| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8909| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8910| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8911| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8912| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8913| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8914| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8915| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8916| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8917| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8918| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8919| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8920| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8921| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8922| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8923| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8924| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8925| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8926| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8927| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8928| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8929| [36079] Apache Tomcat Manager Uploaded Filename XSS
8930| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8931| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8932| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8933| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8934| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8935| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8936| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8937| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8938| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8939| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8940| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8941| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8942| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8943| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8944| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8945| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8946| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8947| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8948| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8949| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8950| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8951| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8952| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8953| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8954| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8955| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8956| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8957| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8958| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8959| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8960| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8961| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8962| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8963| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8964| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8965| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8966| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8967| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8968| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8969| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8970| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8971| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8972| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8973| [24365] Apache Struts Multiple Function Error Message XSS
8974| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8975| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8976| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8977| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8978| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8979| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8980| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8981| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8982| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8983| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8984| [22459] Apache Geronimo Error Page XSS
8985| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8986| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8987| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8988| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8989| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8990| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8991| [21021] Apache Struts Error Message XSS
8992| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8993| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8994| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8995| [20439] Apache Tomcat Directory Listing Saturation DoS
8996| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8997| [20285] Apache HTTP Server Log File Control Character Injection
8998| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8999| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
9000| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
9001| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
9002| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
9003| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
9004| [19821] Apache Tomcat Malformed Post Request Information Disclosure
9005| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
9006| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
9007| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
9008| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
9009| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
9010| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
9011| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
9012| [18233] Apache HTTP Server htdigest user Variable Overfow
9013| [17738] Apache HTTP Server HTTP Request Smuggling
9014| [16586] Apache HTTP Server Win32 GET Overflow DoS
9015| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
9016| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
9017| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
9018| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
9019| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
9020| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
9021| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
9022| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
9023| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
9024| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
9025| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
9026| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
9027| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
9028| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
9029| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
9030| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
9031| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
9032| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
9033| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
9034| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
9035| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
9036| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
9037| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
9038| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
9039| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
9040| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
9041| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
9042| [13304] Apache Tomcat realPath.jsp Path Disclosure
9043| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
9044| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
9045| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
9046| [12848] Apache HTTP Server htdigest realm Variable Overflow
9047| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
9048| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
9049| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
9050| [12557] Apache HTTP Server prefork MPM accept Error DoS
9051| [12233] Apache Tomcat MS-DOS Device Name Request DoS
9052| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
9053| [12231] Apache Tomcat web.xml Arbitrary File Access
9054| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
9055| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
9056| [12178] Apache Jakarta Lucene results.jsp XSS
9057| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
9058| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
9059| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
9060| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
9061| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
9062| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
9063| [10471] Apache Xerces-C++ XML Parser DoS
9064| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
9065| [10068] Apache HTTP Server htpasswd Local Overflow
9066| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
9067| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
9068| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
9069| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
9070| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
9071| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
9072| [9717] Apache HTTP Server mod_cookies Cookie Overflow
9073| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
9074| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
9075| [9714] Apache Authentication Module Threaded MPM DoS
9076| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
9077| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
9078| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
9079| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
9080| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
9081| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
9082| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
9083| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
9084| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
9085| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
9086| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
9087| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
9088| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
9089| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
9090| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
9091| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
9092| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
9093| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
9094| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
9095| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
9096| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
9097| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
9098| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
9099| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
9100| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
9101| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
9102| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
9103| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
9104| [9208] Apache Tomcat .jsp Encoded Newline XSS
9105| [9204] Apache Tomcat ROOT Application XSS
9106| [9203] Apache Tomcat examples Application XSS
9107| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
9108| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
9109| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
9110| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
9111| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
9112| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
9113| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
9114| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
9115| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
9116| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
9117| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
9118| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
9119| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
9120| [7611] Apache HTTP Server mod_alias Local Overflow
9121| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
9122| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
9123| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
9124| [6882] Apache mod_python Malformed Query String Variant DoS
9125| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
9126| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
9127| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
9128| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
9129| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
9130| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
9131| [5526] Apache Tomcat Long .JSP URI Path Disclosure
9132| [5278] Apache Tomcat web.xml Restriction Bypass
9133| [5051] Apache Tomcat Null Character DoS
9134| [4973] Apache Tomcat servlet Mapping XSS
9135| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
9136| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
9137| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
9138| [4568] mod_survey For Apache ENV Tags SQL Injection
9139| [4553] Apache HTTP Server ApacheBench Overflow DoS
9140| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
9141| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
9142| [4383] Apache HTTP Server Socket Race Condition DoS
9143| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
9144| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
9145| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
9146| [4231] Apache Cocoon Error Page Server Path Disclosure
9147| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
9148| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
9149| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
9150| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
9151| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
9152| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
9153| [3322] mod_php for Apache HTTP Server Process Hijack
9154| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
9155| [2885] Apache mod_python Malformed Query String DoS
9156| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
9157| [2733] Apache HTTP Server mod_rewrite Local Overflow
9158| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
9159| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
9160| [2149] Apache::Gallery Privilege Escalation
9161| [2107] Apache HTTP Server mod_ssl Host: Header XSS
9162| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
9163| [1833] Apache HTTP Server Multiple Slash GET Request DoS
9164| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
9165| [872] Apache Tomcat Multiple Default Accounts
9166| [862] Apache HTTP Server SSI Error Page XSS
9167| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
9168| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
9169| [845] Apache Tomcat MSDOS Device XSS
9170| [844] Apache Tomcat Java Servlet Error Page XSS
9171| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
9172| [838] Apache HTTP Server Chunked Encoding Remote Overflow
9173| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
9174| [775] Apache mod_python Module Importing Privilege Function Execution
9175| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
9176| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
9177| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
9178| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
9179| [637] Apache HTTP Server UserDir Directive Username Enumeration
9180| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
9181| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
9182| [562] Apache HTTP Server mod_info /server-info Information Disclosure
9183| [561] Apache Web Servers mod_status /server-status Information Disclosure
9184| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
9185| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
9186| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
9187| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
9188| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
9189| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
9190| [376] Apache Tomcat contextAdmin Arbitrary File Access
9191| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
9192| [222] Apache HTTP Server test-cgi Arbitrary File Access
9193| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
9194| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
9195|_
9196113/tcp closed ident
9197139/tcp closed netbios-ssn
9198443/tcp open ssl/http Apache httpd (ASP.NET)
9199|_http-server-header: Apache
9200| vulscan: VulDB - https://vuldb.com:
9201| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9202| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9203| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9204| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9205| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9206| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9207| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9208| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9209| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9210| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9211| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9212| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9213| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9214| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9215| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9216| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9217| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9218| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
9219| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9220| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9221| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
9222| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
9223| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
9224| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
9225| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9226| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9227| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
9228| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
9229| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
9230| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
9231| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9232| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
9233| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
9234| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
9235| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
9236| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
9237| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
9238| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
9239| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
9240| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9241| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9242| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9243| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9244| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9245| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9246| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9247| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9248| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9249| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9250| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9251| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9252| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9253| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9254| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9255| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9256| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9257| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9258| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9259| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9260| [130629] Apache Guacamole Cookie Flag weak encryption
9261| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9262| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9263| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9264| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9265| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9266| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9267| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9268| [130123] Apache Airflow up to 1.8.2 information disclosure
9269| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9270| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9271| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9272| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9273| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9274| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9275| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9276| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9277| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9278| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9279| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9280| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9281| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9282| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9283| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9284| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9285| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9286| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9287| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9288| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9289| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9290| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9291| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9292| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9293| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9294| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9295| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9296| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9297| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9298| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9299| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9300| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9301| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9302| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9303| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9304| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9305| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9306| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9307| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9308| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9309| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9310| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9311| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9312| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9313| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9314| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9315| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9316| [127007] Apache Spark Request Code Execution
9317| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9318| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9319| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9320| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9321| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9322| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9323| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9324| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9325| [126346] Apache Tomcat Path privilege escalation
9326| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9327| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9328| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9329| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9330| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9331| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9332| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9333| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9334| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9335| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9336| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9337| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9338| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9339| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9340| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9341| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9342| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9343| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9344| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9345| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9346| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9347| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9348| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9349| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9350| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9351| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9352| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9353| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9354| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9355| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9356| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9357| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9358| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9359| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9360| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9361| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9362| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9363| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9364| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9365| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9366| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9367| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9368| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9369| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9370| [123197] Apache Sentry up to 2.0.0 privilege escalation
9371| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9372| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9373| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9374| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9375| [122800] Apache Spark 1.3.0 REST API weak authentication
9376| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9377| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9378| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9379| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9380| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9381| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9382| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9383| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9384| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9385| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9386| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9387| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9388| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9389| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9390| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9391| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9392| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9393| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9394| [121354] Apache CouchDB HTTP API Code Execution
9395| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9396| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9397| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9398| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9399| [120168] Apache CXF weak authentication
9400| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9401| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9402| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9403| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9404| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9405| [119306] Apache MXNet Network Interface privilege escalation
9406| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9407| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9408| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9409| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9410| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9411| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9412| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9413| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9414| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9415| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9416| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9417| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9418| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9419| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9420| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9421| [117115] Apache Tika up to 1.17 tika-server command injection
9422| [116929] Apache Fineract getReportType Parameter privilege escalation
9423| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9424| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9425| [116926] Apache Fineract REST Hand Parameter privilege escalation
9426| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9427| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9428| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9429| [115883] Apache Hive up to 2.3.2 privilege escalation
9430| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9431| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9432| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9433| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9434| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9435| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9436| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9437| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9438| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9439| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9440| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9441| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9442| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9443| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9444| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9445| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9446| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9447| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9448| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9449| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9450| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9451| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9452| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9453| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9454| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9455| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9456| [113895] Apache Geode up to 1.3.x Code Execution
9457| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9458| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9459| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9460| [113747] Apache Tomcat Servlets privilege escalation
9461| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9462| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9463| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9464| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9465| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9466| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9467| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9468| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9469| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9470| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9471| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9472| [112885] Apache Allura up to 1.8.0 File information disclosure
9473| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9474| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9475| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9476| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9477| [112625] Apache POI up to 3.16 Loop denial of service
9478| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9479| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9480| [112339] Apache NiFi 1.5.0 Header privilege escalation
9481| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9482| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9483| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9484| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9485| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9486| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9487| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9488| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9489| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9490| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9491| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9492| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9493| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9494| [112114] Oracle 9.1 Apache Log4j privilege escalation
9495| [112113] Oracle 9.1 Apache Log4j privilege escalation
9496| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9497| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9498| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9499| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9500| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9501| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9502| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9503| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9504| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9505| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9506| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9507| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9508| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9509| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9510| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9511| [110701] Apache Fineract Query Parameter sql injection
9512| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9513| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9514| [110393] Apple macOS up to 10.13.2 apache information disclosure
9515| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9516| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9517| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
9518| [110106] Apache CXF Fediz Spring cross site request forgery
9519| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
9520| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
9521| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
9522| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
9523| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
9524| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
9525| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
9526| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
9527| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
9528| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
9529| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
9530| [108938] Apple macOS up to 10.13.1 apache denial of service
9531| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
9532| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
9533| [108935] Apple macOS up to 10.13.1 apache denial of service
9534| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
9535| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
9536| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
9537| [108931] Apple macOS up to 10.13.1 apache denial of service
9538| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
9539| [108929] Apple macOS up to 10.13.1 apache denial of service
9540| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
9541| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
9542| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
9543| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
9544| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
9545| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
9546| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
9547| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
9548| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
9549| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
9550| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
9551| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
9552| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
9553| [108782] Apache Xerces2 XML Service denial of service
9554| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
9555| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
9556| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
9557| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
9558| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
9559| [108629] Apache OFBiz up to 10.04.01 privilege escalation
9560| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
9561| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
9562| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
9563| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
9564| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
9565| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
9566| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
9567| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
9568| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
9569| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
9570| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
9571| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
9572| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
9573| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
9574| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9575| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
9576| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
9577| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9578| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
9579| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
9580| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
9581| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
9582| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
9583| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
9584| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
9585| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
9586| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
9587| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
9588| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
9589| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
9590| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
9591| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
9592| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
9593| [107639] Apache NiFi 1.4.0 XML External Entity
9594| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9595| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9596| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9597| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9598| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9599| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9600| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9601| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9602| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9603| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9604| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9605| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9606| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9607| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9608| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9609| [107084] Apache Struts up to 2.3.19 cross site scripting
9610| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9611| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9612| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9613| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9614| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9615| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9616| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9617| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9618| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9619| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9620| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9621| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9622| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9623| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9624| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9625| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9626| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9627| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9628| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9629| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9630| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9631| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9632| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9633| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9634| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9635| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9636| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9637| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9638| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9639| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9640| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9641| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9642| [105643] Apache Pony Mail up to 0.8b weak authentication
9643| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9644| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9645| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9646| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9647| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9648| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9649| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9650| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9651| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9652| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9653| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9654| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9655| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9656| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9657| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9658| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9659| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9660| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9661| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9662| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9663| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9664| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9665| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9666| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9667| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9668| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9669| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9670| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9671| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9672| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9673| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9674| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9675| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9676| [103690] Apache OpenMeetings 1.0.0 sql injection
9677| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9678| [103688] Apache OpenMeetings 1.0.0 weak encryption
9679| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9680| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9681| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9682| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9683| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9684| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9685| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9686| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9687| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9688| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9689| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9690| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9691| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9692| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9693| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9694| [103352] Apache Solr Node weak authentication
9695| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9696| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9697| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9698| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
9699| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9700| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9701| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9702| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9703| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9704| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9705| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9706| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9707| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9708| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9709| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9710| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9711| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9712| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9713| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9714| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
9715| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9716| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9717| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9718| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9719| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9720| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9721| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9722| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9723| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9724| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9725| [99937] Apache Batik up to 1.8 privilege escalation
9726| [99936] Apache FOP up to 2.1 privilege escalation
9727| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9728| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9729| [99930] Apache Traffic Server up to 6.2.0 denial of service
9730| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9731| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9732| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9733| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9734| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9735| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9736| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9737| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9738| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9739| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9740| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9741| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9742| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9743| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9744| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9745| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9746| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9747| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9748| [98605] Apple macOS up to 10.12.3 Apache denial of service
9749| [98604] Apple macOS up to 10.12.3 Apache denial of service
9750| [98603] Apple macOS up to 10.12.3 Apache denial of service
9751| [98602] Apple macOS up to 10.12.3 Apache denial of service
9752| [98601] Apple macOS up to 10.12.3 Apache denial of service
9753| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9754| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9755| [98199] Apache Camel Validation XML External Entity
9756| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9757| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9758| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9759| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9760| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9761| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9762| [97081] Apache Tomcat HTTPS Request denial of service
9763| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9764| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9765| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9766| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9767| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9768| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9769| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9770| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9771| [95311] Apache storm UI Daemon privilege escalation
9772| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9773| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9774| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9775| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9776| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9777| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9778| [94540] Apache Tika 1.9 tika-server File information disclosure
9779| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9780| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9781| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9782| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9783| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9784| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9785| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9786| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9787| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9788| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9789| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9790| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9791| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9792| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9793| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9794| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9795| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9796| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9797| [93532] Apache Commons Collections Library Java privilege escalation
9798| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9799| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9800| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9801| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9802| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9803| [93098] Apache Commons FileUpload privilege escalation
9804| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9805| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9806| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9807| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9808| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9809| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9810| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9811| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9812| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9813| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9814| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9815| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9816| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9817| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9818| [92549] Apache Tomcat on Red Hat privilege escalation
9819| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9820| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9821| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9822| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9823| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9824| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9825| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9826| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9827| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9828| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9829| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9830| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9831| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9832| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9833| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9834| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9835| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9836| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9837| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9838| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9839| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9840| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9841| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9842| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9843| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9844| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9845| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9846| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9847| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9848| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9849| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9850| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9851| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9852| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9853| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9854| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9855| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9856| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9857| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9858| [90263] Apache Archiva Header denial of service
9859| [90262] Apache Archiva Deserialize privilege escalation
9860| [90261] Apache Archiva XML DTD Connection privilege escalation
9861| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9862| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9863| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9864| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9865| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9866| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9867| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9868| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9869| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9870| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9871| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9872| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9873| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9874| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9875| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9876| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9877| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9878| [87765] Apache James Server 2.3.2 Command privilege escalation
9879| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9880| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9881| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9882| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9883| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9884| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9885| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9886| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9887| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9888| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9889| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9890| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9891| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9892| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9893| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9894| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9895| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9896| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
9897| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9898| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9899| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9900| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9901| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9902| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9903| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9904| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9905| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9906| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9907| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9908| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9909| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9910| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9911| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9912| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9913| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9914| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9915| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9916| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9917| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9918| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9919| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9920| [82076] Apache Ranger up to 0.5.1 privilege escalation
9921| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9922| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9923| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9924| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9925| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9926| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9927| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9928| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9929| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9930| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9931| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9932| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9933| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9934| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9935| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9936| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9937| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9938| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9939| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9940| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9941| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9942| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9943| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9944| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9945| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9946| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9947| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9948| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9949| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9950| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9951| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9952| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9953| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9954| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9955| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9956| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9957| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9958| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9959| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9960| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9961| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9962| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9963| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9964| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9965| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9966| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9967| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9968| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9969| [78989] Apache Ambari up to 2.1.1 Open Redirect
9970| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9971| [78987] Apache Ambari up to 2.0.x cross site scripting
9972| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9973| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9974| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9975| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9976| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9977| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9978| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9979| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9980| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9981| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9982| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9983| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9984| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9985| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9986| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9987| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9988| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9989| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9990| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9991| [76567] Apache Struts 2.3.20 unknown vulnerability
9992| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9993| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9994| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9995| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9996| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9997| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9998| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9999| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
10000| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
10001| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
10002| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
10003| [74793] Apache Tomcat File Upload denial of service
10004| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
10005| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
10006| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
10007| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
10008| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
10009| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
10010| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
10011| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
10012| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
10013| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
10014| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
10015| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
10016| [74468] Apache Batik up to 1.6 denial of service
10017| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
10018| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
10019| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
10020| [74174] Apache WSS4J up to 2.0.0 privilege escalation
10021| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
10022| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
10023| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
10024| [73731] Apache XML Security unknown vulnerability
10025| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
10026| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
10027| [73593] Apache Traffic Server up to 5.1.0 denial of service
10028| [73511] Apache POI up to 3.10 Deadlock denial of service
10029| [73510] Apache Solr up to 4.3.0 cross site scripting
10030| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
10031| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
10032| [73173] Apache CloudStack Stack-Based unknown vulnerability
10033| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
10034| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
10035| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
10036| [72890] Apache Qpid 0.30 unknown vulnerability
10037| [72887] Apache Hive 0.13.0 File Permission privilege escalation
10038| [72878] Apache Cordova 3.5.0 cross site request forgery
10039| [72877] Apache Cordova 3.5.0 cross site request forgery
10040| [72876] Apache Cordova 3.5.0 cross site request forgery
10041| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
10042| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
10043| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
10044| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
10045| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10046| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10047| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
10048| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
10049| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
10050| [71629] Apache Axis2/C spoofing
10051| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
10052| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
10053| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
10054| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
10055| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
10056| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10057| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10058| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10059| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10060| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10061| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10062| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10063| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10064| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10065| [70809] Apache POI up to 3.11 Crash denial of service
10066| [70808] Apache POI up to 3.10 unknown vulnerability
10067| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10068| [70749] Apache Axis up to 1.4 getCN spoofing
10069| [70701] Apache Traffic Server up to 3.3.5 denial of service
10070| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10071| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10072| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10073| [70661] Apache Subversion up to 1.6.17 denial of service
10074| [70660] Apache Subversion up to 1.6.17 spoofing
10075| [70659] Apache Subversion up to 1.6.17 spoofing
10076| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10077| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10078| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10079| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10080| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10081| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10082| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10083| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10084| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10085| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10086| [69846] Apache HBase up to 0.94.8 information disclosure
10087| [69783] Apache CouchDB up to 1.2.0 memory corruption
10088| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10089| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
10090| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10091| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10092| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10093| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10094| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10095| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10096| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10097| [69431] Apache Archiva up to 1.3.6 cross site scripting
10098| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10099| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10100| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
10101| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10102| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10103| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10104| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10105| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10106| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10107| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10108| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10109| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10110| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10111| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10112| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10113| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10114| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10115| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10116| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10117| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10118| [66356] Apache Wicket up to 6.8.0 information disclosure
10119| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10120| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10121| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10122| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10123| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10124| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10125| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10126| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10127| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10128| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10129| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10130| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10131| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10132| [65668] Apache Solr 4.0.0 Updater denial of service
10133| [65665] Apache Solr up to 4.3.0 denial of service
10134| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10135| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10136| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10137| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10138| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10139| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10140| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10141| [65410] Apache Struts 2.3.15.3 cross site scripting
10142| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10143| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10144| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10145| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10146| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10147| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10148| [65340] Apache Shindig 2.5.0 information disclosure
10149| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10150| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10151| [10826] Apache Struts 2 File privilege escalation
10152| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10153| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10154| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10155| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10156| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
10157| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10158| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10159| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10160| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10161| [64722] Apache XML Security for C++ Heap-based memory corruption
10162| [64719] Apache XML Security for C++ Heap-based memory corruption
10163| [64718] Apache XML Security for C++ verify denial of service
10164| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10165| [64716] Apache XML Security for C++ spoofing
10166| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10167| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10168| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10169| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10170| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10171| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10172| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10173| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10174| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10175| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10176| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10177| [64467] Apache Geronimo 3.0 memory corruption
10178| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10179| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10180| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10181| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10182| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10183| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10184| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10185| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10186| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10187| [8873] Apache Struts 2.3.14 privilege escalation
10188| [8872] Apache Struts 2.3.14 privilege escalation
10189| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10190| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10191| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10192| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10193| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10194| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10195| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10196| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10197| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10198| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10199| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10200| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10201| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10202| [8427] Apache Tomcat Session Transaction weak authentication
10203| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10204| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10205| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10206| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10207| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10208| [63747] Apache Rave up to 0.20 User Account information disclosure
10209| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10210| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10211| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10212| [7687] Apache CXF up to 2.7.2 Token weak authentication
10213| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10214| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10215| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10216| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10217| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10218| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10219| [63090] Apache Tomcat up to 4.1.24 denial of service
10220| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10221| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10222| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10223| [62833] Apache CXF -/2.6.0 spoofing
10224| [62832] Apache Axis2 up to 1.6.2 spoofing
10225| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10226| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10227| [62826] Apache Libcloud up to 0.11.0 spoofing
10228| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10229| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10230| [62661] Apache Axis2 unknown vulnerability
10231| [62658] Apache Axis2 unknown vulnerability
10232| [62467] Apache Qpid up to 0.17 denial of service
10233| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10234| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10235| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10236| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10237| [62035] Apache Struts up to 2.3.4 denial of service
10238| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
10239| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10240| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10241| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10242| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10243| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10244| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10245| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10246| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10247| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10248| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10249| [61229] Apache Sling up to 2.1.1 denial of service
10250| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10251| [61094] Apache Roller up to 5.0 cross site scripting
10252| [61093] Apache Roller up to 5.0 cross site request forgery
10253| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10254| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10255| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
10256| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10257| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10258| [60708] Apache Qpid 0.12 unknown vulnerability
10259| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10260| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10261| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10262| [4882] Apache Wicket up to 1.5.4 directory traversal
10263| [4881] Apache Wicket up to 1.4.19 cross site scripting
10264| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10265| [60352] Apache Struts up to 2.2.3 memory corruption
10266| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10267| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10268| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10269| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10270| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10271| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10272| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10273| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10274| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10275| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10276| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10277| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10278| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10279| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10280| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10281| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10282| [59888] Apache Tomcat up to 6.0.6 denial of service
10283| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10284| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10285| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
10286| [59850] Apache Geronimo up to 2.2.1 denial of service
10287| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10288| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10289| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10290| [58413] Apache Tomcat up to 6.0.10 spoofing
10291| [58381] Apache Wicket up to 1.4.17 cross site scripting
10292| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10293| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10294| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10295| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10296| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10297| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10298| [57568] Apache Archiva up to 1.3.4 cross site scripting
10299| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10300| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10301| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10302| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10303| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10304| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10305| [57025] Apache Tomcat up to 7.0.11 information disclosure
10306| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10307| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10308| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10309| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10310| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10311| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10312| [56512] Apache Continuum up to 1.4.0 cross site scripting
10313| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
10314| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
10315| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10316| [56441] Apache Tomcat up to 7.0.6 denial of service
10317| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10318| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10319| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10320| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10321| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10322| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10323| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10324| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10325| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10326| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10327| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10328| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10329| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10330| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10331| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10332| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10333| [54012] Apache Tomcat up to 6.0.10 denial of service
10334| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10335| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10336| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10337| [52894] Apache Tomcat up to 6.0.7 information disclosure
10338| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10339| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10340| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10341| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10342| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10343| [52584] Apache CouchDB up to 0.10.1 information disclosure
10344| [51757] Apache HTTP Server 2.0.44 cross site scripting
10345| [51756] Apache HTTP Server 2.0.44 spoofing
10346| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10347| [51690] Apache Tomcat up to 6.0 directory traversal
10348| [51689] Apache Tomcat up to 6.0 information disclosure
10349| [51688] Apache Tomcat up to 6.0 directory traversal
10350| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10351| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10352| [50626] Apache Solr 1.0.0 cross site scripting
10353| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10354| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10355| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10356| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10357| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10358| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10359| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10360| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10361| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10362| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10363| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10364| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10365| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10366| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
10367| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10368| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10369| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10370| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10371| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10372| [47214] Apachefriends xampp 1.6.8 spoofing
10373| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10374| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10375| [47065] Apache Tomcat 4.1.23 cross site scripting
10376| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10377| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10378| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10379| [86625] Apache Struts directory traversal
10380| [44461] Apache Tomcat up to 5.5.0 information disclosure
10381| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10382| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10383| [43663] Apache Tomcat up to 6.0.16 directory traversal
10384| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10385| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10386| [43516] Apache Tomcat up to 4.1.20 directory traversal
10387| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10388| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10389| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10390| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10391| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10392| [40924] Apache Tomcat up to 6.0.15 information disclosure
10393| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10394| [40922] Apache Tomcat up to 6.0 information disclosure
10395| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10396| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10397| [40656] Apache Tomcat 5.5.20 information disclosure
10398| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10399| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10400| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10401| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10402| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10403| [40234] Apache Tomcat up to 6.0.15 directory traversal
10404| [40221] Apache HTTP Server 2.2.6 information disclosure
10405| [40027] David Castro Apache Authcas 0.4 sql injection
10406| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
10407| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10408| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
10409| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10410| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10411| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10412| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10413| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10414| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10415| [38524] Apache Geronimo 2.0 unknown vulnerability
10416| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10417| [38331] Apache Tomcat 4.1.24 information disclosure
10418| [38330] Apache Tomcat 4.1.24 information disclosure
10419| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10420| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10421| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10422| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10423| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10424| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10425| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10426| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10427| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10428| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10429| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10430| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10431| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10432| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10433| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10434| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10435| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10436| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10437| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10438| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10439| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10440| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10441| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10442| [34252] Apache HTTP Server denial of service
10443| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10444| [33877] Apache Opentaps 0.9.3 cross site scripting
10445| [33876] Apache Open For Business Project unknown vulnerability
10446| [33875] Apache Open For Business Project cross site scripting
10447| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
10448| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10449| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
10450| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
10451| [31663] vbPortal Apache HTTP Server index.php directory traversal
10452| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
10453| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
10454| [30623] Apache James 2.2.0 SMTP Server denial of service
10455| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
10456|
10457| MITRE CVE - https://cve.mitre.org:
10458| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10459| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10460| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10461| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10462| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10463| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10464| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10465| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10466| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10467| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10468| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10469| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10470| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10471| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10472| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10473| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10474| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10475| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10476| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10477| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10478| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10479| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10480| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10481| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10482| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10483| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10484| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10485| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10486| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10487| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10488| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10489| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10490| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10491| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10492| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10493| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10494| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10495| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10496| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10497| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10498| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10499| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10500| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10501| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10502| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10503| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10504| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10505| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10506| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10507| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10508| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10509| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10510| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10511| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10512| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10513| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10514| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10515| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10516| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10517| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10518| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10519| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10520| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10521| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10522| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10523| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10524| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10525| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10526| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10527| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10528| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10529| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
10530| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
10531| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
10532| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
10533| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
10534| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
10535| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
10536| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
10537| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
10538| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
10539| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10540| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
10541| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
10542| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
10543| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
10544| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
10545| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
10546| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
10547| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
10548| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
10549| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
10550| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
10551| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
10552| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
10553| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
10554| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
10555| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
10556| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
10557| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
10558| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
10559| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
10560| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
10561| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
10562| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
10563| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
10564| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
10565| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
10566| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
10567| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
10568| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
10569| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
10570| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
10571| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
10572| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
10573| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
10574| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
10575| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
10576| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
10577| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
10578| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
10579| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
10580| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
10581| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
10582| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10583| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10584| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
10585| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
10586| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
10587| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
10588| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
10589| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
10590| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
10591| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
10592| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
10593| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
10594| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
10595| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
10596| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
10597| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
10598| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
10599| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
10600| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10601| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10602| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10603| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10604| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10605| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10606| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10607| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10608| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10609| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10610| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10611| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10612| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10613| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10614| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10615| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10616| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10617| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10618| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10619| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10620| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10621| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10622| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10623| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10624| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10625| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10626| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10627| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10628| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10629| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10630| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10631| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10632| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10633| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10634| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10635| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10636| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10637| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10638| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10639| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10640| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10641| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10642| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10643| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10644| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10645| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10646| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10647| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10648| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10649| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10650| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10651| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10652| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10653| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10654| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10655| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10656| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10657| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10658| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10659| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10660| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10661| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10662| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10663| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10664| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10665| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10666| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10667| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10668| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10669| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10670| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10671| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10672| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10673| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10674| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10675| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10676| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10677| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10678| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10679| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10680| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10681| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10682| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10683| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10684| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10685| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10686| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10687| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10688| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10689| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10690| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10691| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10692| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10693| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10694| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10695| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10696| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10697| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10698| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10699| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10700| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10701| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10702| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10703| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10704| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10705| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10706| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10707| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10708| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10709| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10710| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10711| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10712| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10713| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10714| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10715| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10716| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10717| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10718| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10719| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10720| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10721| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10722| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10723| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10724| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10725| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10726| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10727| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10728| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10729| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10730| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10731| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10732| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10733| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10734| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10735| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10736| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10737| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10738| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10739| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10740| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10741| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10742| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10743| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10744| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10745| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10746| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10747| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10748| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10749| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10750| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10751| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10752| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10753| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10754| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10755| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10756| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10757| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10758| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10759| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10760| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10761| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10762| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10763| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10764| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10765| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10766| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10767| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10768| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10769| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10770| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10771| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10772| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10773| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10774| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10775| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10776| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10777| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10778| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10779| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10780| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10781| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10782| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10783| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10784| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10785| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10786| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10787| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10788| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10789| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10790| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10791| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10792| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10793| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10794| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10795| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10796| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10797| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10798| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10799| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10800| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10801| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10802| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10803| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10804| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10805| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10806| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10807| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10808| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10809| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10810| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10811| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10812| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10813| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10814| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10815| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10816| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10817| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10818| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10819| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10820| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10821| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10822| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10823| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10824| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10825| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10826| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10827| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10828| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10829| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10830| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10831| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10832| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10833| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10834| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10835| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10836| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10837| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10838| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10839| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10840| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10841| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10842| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10843| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10844| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10845| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10846| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10847| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10848| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10849| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10850| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10851| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10852| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10853| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10854| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10855| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10856| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10857| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10858| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10859| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10860| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10861| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10862| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10863| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10864| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10865| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10866| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10867| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10868| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10869| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10870| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10871| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10872| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10873| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10874| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10875| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10876| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10877| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10878| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10879| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10880| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10881| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10882| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10883| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10884| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10885| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10886| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10887| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10888| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10889| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10890| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10891| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10892| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10893| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10894| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10895| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10896| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10897| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10898| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10899| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10900| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10901| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10902| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10903| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10904| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10905| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10906| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10907| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10908| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10909| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10910| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10911| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10912| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10913| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10914| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10915| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10916| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10917| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10918| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10919| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10920| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10921| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10922| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10923| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10924| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10925| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10926| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10927| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10928| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10929| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10930| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10931| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10932| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10933| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10934| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10935| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10936| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10937| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10938| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10939| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10940| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10941| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10942| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10943| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10944| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10945| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10946| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10947| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10948| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10949| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10950| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10951| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10952| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10953| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10954| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10955| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10956| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10957| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10958| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10959| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10960| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10961| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10962| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10963| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10964| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10965| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10966| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10967| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10968| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10969| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10970| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10971| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10972| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10973| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10974| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10975| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10976| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10977| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10978| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10979| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10980| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10981| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10982| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10983| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10984| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10985| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10986| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10987| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10988| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10989| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10990| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10991| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10992| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10993| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10994| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10995| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10996| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10997| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10998| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10999| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
11000| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
11001| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
11002| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
11003| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
11004| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
11005| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
11006| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
11007| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
11008| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
11009| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
11010| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
11011| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
11012| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
11013| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
11014| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
11015| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
11016| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
11017| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
11018| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
11019| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
11020| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
11021| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
11022| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
11023| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
11024| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
11025| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
11026| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
11027| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
11028| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
11029| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
11030| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
11031| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
11032| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
11033| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
11034| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
11035| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
11036| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
11037| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
11038| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
11039| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
11040| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
11041| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
11042| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
11043| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
11044| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
11045| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
11046| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
11047| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
11048| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
11049| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
11050| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
11051| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
11052| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
11053| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
11054| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11055| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
11056| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11057| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11058| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11059| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11060| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11061| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11062| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11063| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11064| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11065| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11066| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11067|
11068| SecurityFocus - https://www.securityfocus.com/bid/:
11069| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11070| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11071| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11072| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11073| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11074| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11075| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11076| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11077| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11078| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11079| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11080| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11081| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11082| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11083| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11084| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11085| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11086| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11087| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11088| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11089| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11090| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11091| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11092| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11093| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11094| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11095| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11096| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11097| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11098| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11099| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11100| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11101| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11102| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11103| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11104| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11105| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11106| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11107| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11108| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11109| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11110| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11111| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11112| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11113| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11114| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11115| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11116| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11117| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11118| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11119| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11120| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11121| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11122| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11123| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11124| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11125| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11126| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11127| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11128| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
11129| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11130| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11131| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11132| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11133| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11134| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11135| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11136| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11137| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11138| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11139| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11140| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11141| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11142| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11143| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11144| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11145| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11146| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11147| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11148| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11149| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11150| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11151| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11152| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
11153| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11154| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11155| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11156| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11157| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11158| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11159| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11160| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11161| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11162| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11163| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11164| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11165| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11166| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11167| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11168| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11169| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11170| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11171| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11172| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11173| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11174| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11175| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11176| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11177| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11178| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11179| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11180| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11181| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11182| [100447] Apache2Triad Multiple Security Vulnerabilities
11183| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11184| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11185| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11186| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11187| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11188| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11189| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11190| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11191| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11192| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11193| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11194| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11195| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11196| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11197| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11198| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11199| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11200| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11201| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11202| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11203| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11204| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11205| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11206| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11207| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11208| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11209| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11210| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11211| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11212| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11213| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11214| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11215| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11216| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11217| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11218| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11219| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11220| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11221| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11222| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11223| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11224| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11225| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11226| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11227| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11228| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11229| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11230| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11231| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11232| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11233| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11234| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11235| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11236| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11237| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11238| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11239| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11240| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11241| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11242| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11243| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11244| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11245| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11246| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11247| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11248| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11249| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11250| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11251| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11252| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11253| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11254| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11255| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11256| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11257| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11258| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11259| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11260| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11261| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11262| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11263| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11264| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11265| [95675] Apache Struts Remote Code Execution Vulnerability
11266| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11267| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11268| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11269| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11270| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11271| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11272| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11273| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11274| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11275| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11276| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11277| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11278| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11279| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11280| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11281| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11282| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11283| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11284| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11285| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11286| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11287| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11288| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11289| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11290| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11291| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11292| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11293| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11294| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11295| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11296| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11297| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11298| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11299| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11300| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11301| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11302| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11303| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11304| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11305| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11306| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11307| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11308| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11309| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11310| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11311| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11312| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11313| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11314| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11315| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11316| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11317| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11318| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11319| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11320| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11321| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11322| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11323| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11324| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11325| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11326| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11327| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11328| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11329| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11330| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11331| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11332| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11333| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11334| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11335| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11336| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11337| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11338| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11339| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11340| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11341| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11342| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11343| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11344| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11345| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11346| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11347| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11348| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11349| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11350| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11351| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11352| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11353| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11354| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11355| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11356| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11357| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11358| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11359| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11360| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11361| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11362| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11363| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11364| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11365| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11366| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11367| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11368| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11369| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11370| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11371| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11372| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11373| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11374| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11375| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11376| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11377| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11378| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11379| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11380| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11381| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11382| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11383| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11384| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11385| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11386| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11387| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11388| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11389| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11390| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11391| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11392| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11393| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11394| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11395| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11396| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11397| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11398| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11399| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11400| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11401| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11402| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11403| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11404| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11405| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11406| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11407| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11408| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11409| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11410| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11411| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11412| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11413| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11414| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11415| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11416| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11417| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11418| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11419| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11420| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11421| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11422| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11423| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11424| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11425| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11426| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11427| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11428| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11429| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11430| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11431| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11432| [76933] Apache James Server Unspecified Command Execution Vulnerability
11433| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11434| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11435| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11436| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11437| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11438| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11439| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11440| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11441| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11442| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11443| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11444| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11445| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11446| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11447| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11448| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11449| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11450| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11451| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11452| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11453| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11454| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11455| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11456| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11457| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11458| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11459| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11460| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11461| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11462| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11463| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11464| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11465| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11466| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11467| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11468| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11469| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11470| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11471| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11472| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11473| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11474| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11475| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11476| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11477| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11478| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11479| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11480| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11481| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11482| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11483| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11484| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11485| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11486| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11487| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11488| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11489| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11490| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11491| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11492| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11493| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11494| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11495| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11496| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11497| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11498| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11499| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11500| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11501| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11502| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11503| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11504| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11505| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11506| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11507| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11508| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11509| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11510| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11511| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11512| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11513| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11514| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11515| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11516| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11517| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11518| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11519| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11520| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11521| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11522| [68229] Apache Harmony PRNG Entropy Weakness
11523| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11524| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11525| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11526| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11527| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11528| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11529| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
11530| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
11531| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
11532| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
11533| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
11534| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
11535| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
11536| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
11537| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
11538| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
11539| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
11540| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
11541| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
11542| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
11543| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
11544| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
11545| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
11546| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
11547| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
11548| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
11549| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
11550| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
11551| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
11552| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
11553| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
11554| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
11555| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
11556| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
11557| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
11558| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
11559| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
11560| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
11561| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
11562| [64780] Apache CloudStack Unauthorized Access Vulnerability
11563| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
11564| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
11565| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
11566| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
11567| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
11568| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
11569| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
11570| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
11571| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
11572| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
11573| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
11574| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11575| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
11576| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
11577| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
11578| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
11579| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
11580| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
11581| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
11582| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
11583| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
11584| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
11585| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
11586| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
11587| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
11588| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
11589| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
11590| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
11591| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
11592| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
11593| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
11594| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
11595| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
11596| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
11597| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
11598| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
11599| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
11600| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11601| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11602| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11603| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11604| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11605| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11606| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11607| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11608| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11609| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11610| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11611| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11612| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11613| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11614| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11615| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11616| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11617| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11618| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11619| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11620| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11621| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11622| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11623| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11624| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11625| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11626| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11627| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11628| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11629| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11630| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11631| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11632| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11633| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11634| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11635| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11636| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11637| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11638| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11639| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11640| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11641| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11642| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11643| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11644| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11645| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11646| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11647| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11648| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11649| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11650| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11651| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11652| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11653| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11654| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11655| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11656| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11657| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11658| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11659| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11660| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11661| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11662| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11663| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11664| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11665| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11666| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11667| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11668| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11669| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11670| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11671| [54798] Apache Libcloud Man In The Middle Vulnerability
11672| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11673| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11674| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11675| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11676| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11677| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11678| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11679| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11680| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11681| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11682| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11683| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11684| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11685| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11686| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11687| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11688| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11689| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11690| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11691| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11692| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11693| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11694| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11695| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11696| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11697| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11698| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11699| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11700| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11701| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11702| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11703| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11704| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11705| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11706| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11707| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11708| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11709| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11710| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11711| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11712| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11713| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11714| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11715| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11716| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11717| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11718| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11719| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11720| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11721| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11722| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11723| [49290] Apache Wicket Cross Site Scripting Vulnerability
11724| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11725| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11726| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11727| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11728| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11729| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11730| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11731| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11732| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11733| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11734| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11735| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11736| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11737| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11738| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11739| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11740| [46953] Apache MPM-ITK Module Security Weakness
11741| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11742| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11743| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11744| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11745| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11746| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11747| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11748| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11749| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11750| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11751| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11752| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11753| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11754| [44616] Apache Shiro Directory Traversal Vulnerability
11755| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11756| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11757| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11758| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11759| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11760| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11761| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11762| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11763| [42492] Apache CXF XML DTD Processing Security Vulnerability
11764| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11765| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11766| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11767| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11768| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11769| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11770| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11771| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11772| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11773| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11774| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11775| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11776| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11777| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11778| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11779| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11780| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11781| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11782| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11783| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11784| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11785| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11786| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11787| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11788| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11789| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11790| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11791| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11792| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11793| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11794| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11795| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11796| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11797| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11798| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11799| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11800| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11801| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11802| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11803| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11804| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11805| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11806| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11807| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11808| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11809| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11810| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11811| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11812| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11813| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11814| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11815| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11816| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11817| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11818| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11819| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11820| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11821| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11822| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11823| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11824| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11825| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11826| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11827| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11828| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11829| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11830| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11831| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11832| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11833| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11834| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11835| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11836| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11837| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11838| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11839| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11840| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11841| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11842| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11843| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11844| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11845| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11846| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11847| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11848| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11849| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11850| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11851| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11852| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11853| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11854| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11855| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11856| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11857| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11858| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11859| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11860| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11861| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11862| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11863| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11864| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11865| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11866| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11867| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11868| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11869| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11870| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11871| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11872| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11873| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11874| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11875| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11876| [20527] Apache Mod_TCL Remote Format String Vulnerability
11877| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11878| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11879| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11880| [19106] Apache Tomcat Information Disclosure Vulnerability
11881| [18138] Apache James SMTP Denial Of Service Vulnerability
11882| [17342] Apache Struts Multiple Remote Vulnerabilities
11883| [17095] Apache Log4Net Denial Of Service Vulnerability
11884| [16916] Apache mod_python FileSession Code Execution Vulnerability
11885| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11886| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11887| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11888| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11889| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11890| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11891| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11892| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11893| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11894| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11895| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11896| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11897| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11898| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11899| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11900| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11901| [14106] Apache HTTP Request Smuggling Vulnerability
11902| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11903| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11904| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11905| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11906| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11907| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11908| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11909| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11910| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11911| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11912| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11913| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11914| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11915| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11916| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11917| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11918| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11919| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11920| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11921| [11094] Apache mod_ssl Denial Of Service Vulnerability
11922| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11923| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11924| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11925| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11926| [10478] ClueCentral Apache Suexec Patch Security Weakness
11927| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11928| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11929| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11930| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11931| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11932| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11933| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11934| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11935| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11936| [9733] Apache Cygwin Directory Traversal Vulnerability
11937| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11938| [9590] Apache-SSL Client Certificate Forging Vulnerability
11939| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11940| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11941| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11942| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11943| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11944| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11945| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11946| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11947| [8898] Red Hat Apache Directory Index Default Configuration Error
11948| [8883] Apache Cocoon Directory Traversal Vulnerability
11949| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11950| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11951| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11952| [8707] Apache htpasswd Password Entropy Weakness
11953| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11954| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11955| [8226] Apache HTTP Server Multiple Vulnerabilities
11956| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11957| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11958| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11959| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11960| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11961| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11962| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11963| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11964| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11965| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11966| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11967| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11968| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11969| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11970| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11971| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11972| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11973| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11974| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11975| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11976| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11977| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11978| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11979| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11980| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11981| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11982| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11983| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11984| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11985| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11986| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11987| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11988| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11989| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11990| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11991| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11992| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11993| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11994| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11995| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11996| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11997| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11998| [5485] Apache 2.0 Path Disclosure Vulnerability
11999| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12000| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
12001| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
12002| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
12003| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
12004| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
12005| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
12006| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
12007| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
12008| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
12009| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
12010| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
12011| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
12012| [4437] Apache Error Message Cross-Site Scripting Vulnerability
12013| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
12014| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
12015| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
12016| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
12017| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
12018| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
12019| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
12020| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
12021| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
12022| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
12023| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
12024| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
12025| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
12026| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
12027| [3596] Apache Split-Logfile File Append Vulnerability
12028| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
12029| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
12030| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
12031| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
12032| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
12033| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
12034| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
12035| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
12036| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
12037| [3169] Apache Server Address Disclosure Vulnerability
12038| [3009] Apache Possible Directory Index Disclosure Vulnerability
12039| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
12040| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
12041| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
12042| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
12043| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
12044| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
12045| [2216] Apache Web Server DoS Vulnerability
12046| [2182] Apache /tmp File Race Vulnerability
12047| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
12048| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
12049| [1821] Apache mod_cookies Buffer Overflow Vulnerability
12050| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
12051| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
12052| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
12053| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
12054| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
12055| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12056| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12057| [1457] Apache::ASP source.asp Example Script Vulnerability
12058| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12059| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12060|
12061| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12062| [86258] Apache CloudStack text fields cross-site scripting
12063| [85983] Apache Subversion mod_dav_svn module denial of service
12064| [85875] Apache OFBiz UEL code execution
12065| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12066| [85871] Apache HTTP Server mod_session_dbd unspecified
12067| [85756] Apache Struts OGNL expression command execution
12068| [85755] Apache Struts DefaultActionMapper class open redirect
12069| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12070| [85574] Apache HTTP Server mod_dav denial of service
12071| [85573] Apache Struts Showcase App OGNL code execution
12072| [85496] Apache CXF denial of service
12073| [85423] Apache Geronimo RMI classloader code execution
12074| [85326] Apache Santuario XML Security for C++ buffer overflow
12075| [85323] Apache Santuario XML Security for Java spoofing
12076| [85319] Apache Qpid Python client SSL spoofing
12077| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12078| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12079| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12080| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12081| [84952] Apache Tomcat CVE-2012-3544 denial of service
12082| [84763] Apache Struts CVE-2013-2135 security bypass
12083| [84762] Apache Struts CVE-2013-2134 security bypass
12084| [84719] Apache Subversion CVE-2013-2088 command execution
12085| [84718] Apache Subversion CVE-2013-2112 denial of service
12086| [84717] Apache Subversion CVE-2013-1968 denial of service
12087| [84577] Apache Tomcat security bypass
12088| [84576] Apache Tomcat symlink
12089| [84543] Apache Struts CVE-2013-2115 security bypass
12090| [84542] Apache Struts CVE-2013-1966 security bypass
12091| [84154] Apache Tomcat session hijacking
12092| [84144] Apache Tomcat denial of service
12093| [84143] Apache Tomcat information disclosure
12094| [84111] Apache HTTP Server command execution
12095| [84043] Apache Virtual Computing Lab cross-site scripting
12096| [84042] Apache Virtual Computing Lab cross-site scripting
12097| [83782] Apache CloudStack information disclosure
12098| [83781] Apache CloudStack security bypass
12099| [83720] Apache ActiveMQ cross-site scripting
12100| [83719] Apache ActiveMQ denial of service
12101| [83718] Apache ActiveMQ denial of service
12102| [83263] Apache Subversion denial of service
12103| [83262] Apache Subversion denial of service
12104| [83261] Apache Subversion denial of service
12105| [83259] Apache Subversion denial of service
12106| [83035] Apache mod_ruid2 security bypass
12107| [82852] Apache Qpid federation_tag security bypass
12108| [82851] Apache Qpid qpid::framing::Buffer denial of service
12109| [82758] Apache Rave User RPC API information disclosure
12110| [82663] Apache Subversion svn_fs_file_length() denial of service
12111| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12112| [82641] Apache Qpid AMQP denial of service
12113| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
12114| [82618] Apache Commons FileUpload symlink
12115| [82360] Apache HTTP Server manager interface cross-site scripting
12116| [82359] Apache HTTP Server hostnames cross-site scripting
12117| [82338] Apache Tomcat log/logdir information disclosure
12118| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12119| [82268] Apache OpenJPA deserialization command execution
12120| [81981] Apache CXF UsernameTokens security bypass
12121| [81980] Apache CXF WS-Security security bypass
12122| [81398] Apache OFBiz cross-site scripting
12123| [81240] Apache CouchDB directory traversal
12124| [81226] Apache CouchDB JSONP code execution
12125| [81225] Apache CouchDB Futon user interface cross-site scripting
12126| [81211] Apache Axis2/C SSL spoofing
12127| [81167] Apache CloudStack DeployVM information disclosure
12128| [81166] Apache CloudStack AddHost API information disclosure
12129| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12130| [80518] Apache Tomcat cross-site request forgery security bypass
12131| [80517] Apache Tomcat FormAuthenticator security bypass
12132| [80516] Apache Tomcat NIO denial of service
12133| [80408] Apache Tomcat replay-countermeasure security bypass
12134| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12135| [80317] Apache Tomcat slowloris denial of service
12136| [79984] Apache Commons HttpClient SSL spoofing
12137| [79983] Apache CXF SSL spoofing
12138| [79830] Apache Axis2/Java SSL spoofing
12139| [79829] Apache Axis SSL spoofing
12140| [79809] Apache Tomcat DIGEST security bypass
12141| [79806] Apache Tomcat parseHeaders() denial of service
12142| [79540] Apache OFBiz unspecified
12143| [79487] Apache Axis2 SAML security bypass
12144| [79212] Apache Cloudstack code execution
12145| [78734] Apache CXF SOAP Action security bypass
12146| [78730] Apache Qpid broker denial of service
12147| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12148| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12149| [78562] Apache mod_pagespeed module security bypass
12150| [78454] Apache Axis2 security bypass
12151| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12152| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12153| [78321] Apache Wicket unspecified cross-site scripting
12154| [78183] Apache Struts parameters denial of service
12155| [78182] Apache Struts cross-site request forgery
12156| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12157| [77987] mod_rpaf module for Apache denial of service
12158| [77958] Apache Struts skill name code execution
12159| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12160| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12161| [77568] Apache Qpid broker security bypass
12162| [77421] Apache Libcloud spoofing
12163| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12164| [77046] Oracle Solaris Apache HTTP Server information disclosure
12165| [76837] Apache Hadoop information disclosure
12166| [76802] Apache Sling CopyFrom denial of service
12167| [76692] Apache Hadoop symlink
12168| [76535] Apache Roller console cross-site request forgery
12169| [76534] Apache Roller weblog cross-site scripting
12170| [76152] Apache CXF elements security bypass
12171| [76151] Apache CXF child policies security bypass
12172| [75983] MapServer for Windows Apache file include
12173| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12174| [75558] Apache POI denial of service
12175| [75545] PHP apache_request_headers() buffer overflow
12176| [75302] Apache Qpid SASL security bypass
12177| [75211] Debian GNU/Linux apache 2 cross-site scripting
12178| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12179| [74871] Apache OFBiz FlexibleStringExpander code execution
12180| [74870] Apache OFBiz multiple cross-site scripting
12181| [74750] Apache Hadoop unspecified spoofing
12182| [74319] Apache Struts XSLTResult.java file upload
12183| [74313] Apache Traffic Server header buffer overflow
12184| [74276] Apache Wicket directory traversal
12185| [74273] Apache Wicket unspecified cross-site scripting
12186| [74181] Apache HTTP Server mod_fcgid module denial of service
12187| [73690] Apache Struts OGNL code execution
12188| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12189| [73100] Apache MyFaces in directory traversal
12190| [73096] Apache APR hash denial of service
12191| [73052] Apache Struts name cross-site scripting
12192| [73030] Apache CXF UsernameToken security bypass
12193| [72888] Apache Struts lastName cross-site scripting
12194| [72758] Apache HTTP Server httpOnly information disclosure
12195| [72757] Apache HTTP Server MPM denial of service
12196| [72585] Apache Struts ParameterInterceptor security bypass
12197| [72438] Apache Tomcat Digest security bypass
12198| [72437] Apache Tomcat Digest security bypass
12199| [72436] Apache Tomcat DIGEST security bypass
12200| [72425] Apache Tomcat parameter denial of service
12201| [72422] Apache Tomcat request object information disclosure
12202| [72377] Apache HTTP Server scoreboard security bypass
12203| [72345] Apache HTTP Server HTTP request denial of service
12204| [72229] Apache Struts ExceptionDelegator command execution
12205| [72089] Apache Struts ParameterInterceptor directory traversal
12206| [72088] Apache Struts CookieInterceptor command execution
12207| [72047] Apache Geronimo hash denial of service
12208| [72016] Apache Tomcat hash denial of service
12209| [71711] Apache Struts OGNL expression code execution
12210| [71654] Apache Struts interfaces security bypass
12211| [71620] Apache ActiveMQ failover denial of service
12212| [71617] Apache HTTP Server mod_proxy module information disclosure
12213| [71508] Apache MyFaces EL security bypass
12214| [71445] Apache HTTP Server mod_proxy security bypass
12215| [71203] Apache Tomcat servlets privilege escalation
12216| [71181] Apache HTTP Server ap_pregsub() denial of service
12217| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12218| [70336] Apache HTTP Server mod_proxy information disclosure
12219| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12220| [69472] Apache Tomcat AJP security bypass
12221| [69396] Apache HTTP Server ByteRange filter denial of service
12222| [69394] Apache Wicket multi window support cross-site scripting
12223| [69176] Apache Tomcat XML information disclosure
12224| [69161] Apache Tomcat jsvc information disclosure
12225| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12226| [68541] Apache Tomcat sendfile information disclosure
12227| [68420] Apache XML Security denial of service
12228| [68238] Apache Tomcat JMX information disclosure
12229| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12230| [67804] Apache Subversion control rules information disclosure
12231| [67803] Apache Subversion control rules denial of service
12232| [67802] Apache Subversion baselined denial of service
12233| [67672] Apache Archiva multiple cross-site scripting
12234| [67671] Apache Archiva multiple cross-site request forgery
12235| [67564] Apache APR apr_fnmatch() denial of service
12236| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12237| [67515] Apache Tomcat annotations security bypass
12238| [67480] Apache Struts s:submit information disclosure
12239| [67414] Apache APR apr_fnmatch() denial of service
12240| [67356] Apache Struts javatemplates cross-site scripting
12241| [67354] Apache Struts Xwork cross-site scripting
12242| [66676] Apache Tomcat HTTP BIO information disclosure
12243| [66675] Apache Tomcat web.xml security bypass
12244| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12245| [66241] Apache HttpComponents information disclosure
12246| [66154] Apache Tomcat ServletSecurity security bypass
12247| [65971] Apache Tomcat ServletSecurity security bypass
12248| [65876] Apache Subversion mod_dav_svn denial of service
12249| [65343] Apache Continuum unspecified cross-site scripting
12250| [65162] Apache Tomcat NIO connector denial of service
12251| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12252| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12253| [65159] Apache Tomcat ServletContect security bypass
12254| [65050] Apache CouchDB web-based administration UI cross-site scripting
12255| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12256| [64473] Apache Subversion blame -g denial of service
12257| [64472] Apache Subversion walk() denial of service
12258| [64407] Apache Axis2 CVE-2010-0219 code execution
12259| [63926] Apache Archiva password privilege escalation
12260| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12261| [63493] Apache Archiva credentials cross-site request forgery
12262| [63477] Apache Tomcat HttpOnly session hijacking
12263| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12264| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12265| [62959] Apache Shiro filters security bypass
12266| [62790] Apache Perl cgi module denial of service
12267| [62576] Apache Qpid exchange denial of service
12268| [62575] Apache Qpid AMQP denial of service
12269| [62354] Apache Qpid SSL denial of service
12270| [62235] Apache APR-util apr_brigade_split_line() denial of service
12271| [62181] Apache XML-RPC SAX Parser information disclosure
12272| [61721] Apache Traffic Server cache poisoning
12273| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12274| [61186] Apache CouchDB Futon cross-site request forgery
12275| [61169] Apache CXF DTD denial of service
12276| [61070] Apache Jackrabbit search.jsp SQL injection
12277| [61006] Apache SLMS Quoting cross-site request forgery
12278| [60962] Apache Tomcat time cross-site scripting
12279| [60883] Apache mod_proxy_http information disclosure
12280| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12281| [60264] Apache Tomcat Transfer-Encoding denial of service
12282| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12283| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12284| [59413] Apache mod_proxy_http timeout information disclosure
12285| [59058] Apache MyFaces unencrypted view state cross-site scripting
12286| [58827] Apache Axis2 xsd file include
12287| [58790] Apache Axis2 modules cross-site scripting
12288| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12289| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12290| [58056] Apache ActiveMQ .jsp source code disclosure
12291| [58055] Apache Tomcat realm name information disclosure
12292| [58046] Apache HTTP Server mod_auth_shadow security bypass
12293| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12294| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12295| [57429] Apache CouchDB algorithms information disclosure
12296| [57398] Apache ActiveMQ Web console cross-site request forgery
12297| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12298| [56653] Apache HTTP Server DNS spoofing
12299| [56652] Apache HTTP Server DNS cross-site scripting
12300| [56625] Apache HTTP Server request header information disclosure
12301| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12302| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12303| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12304| [55857] Apache Tomcat WAR files directory traversal
12305| [55856] Apache Tomcat autoDeploy attribute security bypass
12306| [55855] Apache Tomcat WAR directory traversal
12307| [55210] Intuit component for Joomla! Apache information disclosure
12308| [54533] Apache Tomcat 404 error page cross-site scripting
12309| [54182] Apache Tomcat admin default password
12310| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12311| [53666] Apache HTTP Server Solaris pollset support denial of service
12312| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12313| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12314| [53041] mod_proxy_ftp module for Apache denial of service
12315| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12316| [51953] Apache Tomcat Path Disclosure
12317| [51952] Apache Tomcat Path Traversal
12318| [51951] Apache stronghold-status Information Disclosure
12319| [51950] Apache stronghold-info Information Disclosure
12320| [51949] Apache PHP Source Code Disclosure
12321| [51948] Apache Multiviews Attack
12322| [51946] Apache JServ Environment Status Information Disclosure
12323| [51945] Apache error_log Information Disclosure
12324| [51944] Apache Default Installation Page Pattern Found
12325| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12326| [51942] Apache AXIS XML External Entity File Retrieval
12327| [51941] Apache AXIS Sample Servlet Information Leak
12328| [51940] Apache access_log Information Disclosure
12329| [51626] Apache mod_deflate denial of service
12330| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12331| [51365] Apache Tomcat RequestDispatcher security bypass
12332| [51273] Apache HTTP Server Incomplete Request denial of service
12333| [51195] Apache Tomcat XML information disclosure
12334| [50994] Apache APR-util xml/apr_xml.c denial of service
12335| [50993] Apache APR-util apr_brigade_vprintf denial of service
12336| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12337| [50930] Apache Tomcat j_security_check information disclosure
12338| [50928] Apache Tomcat AJP denial of service
12339| [50884] Apache HTTP Server XML ENTITY denial of service
12340| [50808] Apache HTTP Server AllowOverride privilege escalation
12341| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12342| [50059] Apache mod_proxy_ajp information disclosure
12343| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12344| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12345| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12346| [49921] Apache ActiveMQ Web interface cross-site scripting
12347| [49898] Apache Geronimo Services/Repository directory traversal
12348| [49725] Apache Tomcat mod_jk module information disclosure
12349| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12350| [49712] Apache Struts unspecified cross-site scripting
12351| [49213] Apache Tomcat cal2.jsp cross-site scripting
12352| [48934] Apache Tomcat POST doRead method information disclosure
12353| [48211] Apache Tomcat header HTTP request smuggling
12354| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12355| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12356| [47709] Apache Roller "
12357| [47104] Novell Netware ApacheAdmin console security bypass
12358| [47086] Apache HTTP Server OS fingerprinting unspecified
12359| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12360| [45791] Apache Tomcat RemoteFilterValve security bypass
12361| [44435] Oracle WebLogic Apache Connector buffer overflow
12362| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12363| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12364| [44156] Apache Tomcat RequestDispatcher directory traversal
12365| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12366| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12367| [42987] Apache HTTP Server mod_proxy module denial of service
12368| [42915] Apache Tomcat JSP files path disclosure
12369| [42914] Apache Tomcat MS-DOS path disclosure
12370| [42892] Apache Tomcat unspecified unauthorized access
12371| [42816] Apache Tomcat Host Manager cross-site scripting
12372| [42303] Apache 403 error cross-site scripting
12373| [41618] Apache-SSL ExpandCert() authentication bypass
12374| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12375| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12376| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12377| [40562] Apache Geronimo init information disclosure
12378| [40478] Novell Web Manager webadmin-apache.conf security bypass
12379| [40411] Apache Tomcat exception handling information disclosure
12380| [40409] Apache Tomcat native (APR based) connector weak security
12381| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12382| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12383| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12384| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12385| [39804] Apache Tomcat SingleSignOn information disclosure
12386| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12387| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12388| [39608] Apache HTTP Server balancer manager cross-site request forgery
12389| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12390| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12391| [39472] Apache HTTP Server mod_status cross-site scripting
12392| [39201] Apache Tomcat JULI logging weak security
12393| [39158] Apache HTTP Server Windows SMB shares information disclosure
12394| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12395| [38951] Apache::AuthCAS Perl module cookie SQL injection
12396| [38800] Apache HTTP Server 413 error page cross-site scripting
12397| [38211] Apache Geronimo SQLLoginModule authentication bypass
12398| [37243] Apache Tomcat WebDAV directory traversal
12399| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12400| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12401| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12402| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12403| [36782] Apache Geronimo MEJB unauthorized access
12404| [36586] Apache HTTP Server UTF-7 cross-site scripting
12405| [36468] Apache Geronimo LoginModule security bypass
12406| [36467] Apache Tomcat functions.jsp cross-site scripting
12407| [36402] Apache Tomcat calendar cross-site request forgery
12408| [36354] Apache HTTP Server mod_proxy module denial of service
12409| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12410| [36336] Apache Derby lock table privilege escalation
12411| [36335] Apache Derby schema privilege escalation
12412| [36006] Apache Tomcat "
12413| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12414| [35999] Apache Tomcat \"
12415| [35795] Apache Tomcat CookieExample cross-site scripting
12416| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12417| [35384] Apache HTTP Server mod_cache module denial of service
12418| [35097] Apache HTTP Server mod_status module cross-site scripting
12419| [35095] Apache HTTP Server Prefork MPM module denial of service
12420| [34984] Apache HTTP Server recall_headers information disclosure
12421| [34966] Apache HTTP Server MPM content spoofing
12422| [34965] Apache HTTP Server MPM information disclosure
12423| [34963] Apache HTTP Server MPM multiple denial of service
12424| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12425| [34869] Apache Tomcat JSP example Web application cross-site scripting
12426| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12427| [34496] Apache Tomcat JK Connector security bypass
12428| [34377] Apache Tomcat hello.jsp cross-site scripting
12429| [34212] Apache Tomcat SSL configuration security bypass
12430| [34210] Apache Tomcat Accept-Language cross-site scripting
12431| [34209] Apache Tomcat calendar application cross-site scripting
12432| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12433| [34167] Apache Axis WSDL file path disclosure
12434| [34068] Apache Tomcat AJP connector information disclosure
12435| [33584] Apache HTTP Server suEXEC privilege escalation
12436| [32988] Apache Tomcat proxy module directory traversal
12437| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12438| [32708] Debian Apache tty privilege escalation
12439| [32441] ApacheStats extract() PHP call unspecified
12440| [32128] Apache Tomcat default account
12441| [31680] Apache Tomcat RequestParamExample cross-site scripting
12442| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12443| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12444| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12445| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12446| [29550] Apache mod_tcl set_var() format string
12447| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12448| [28357] Apache HTTP Server mod_alias script source information disclosure
12449| [28063] Apache mod_rewrite off-by-one buffer overflow
12450| [27902] Apache Tomcat URL information disclosure
12451| [26786] Apache James SMTP server denial of service
12452| [25680] libapache2 /tmp/svn file upload
12453| [25614] Apache Struts lookupMap cross-site scripting
12454| [25613] Apache Struts ActionForm denial of service
12455| [25612] Apache Struts isCancelled() security bypass
12456| [24965] Apache mod_python FileSession command execution
12457| [24716] Apache James spooler memory leak denial of service
12458| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12459| [24158] Apache Geronimo jsp-examples cross-site scripting
12460| [24030] Apache auth_ldap module multiple format strings
12461| [24008] Apache mod_ssl custom error message denial of service
12462| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12463| [23612] Apache mod_imap referer field cross-site scripting
12464| [23173] Apache Struts error message cross-site scripting
12465| [22942] Apache Tomcat directory listing denial of service
12466| [22858] Apache Multi-Processing Module code allows denial of service
12467| [22602] RHSA-2005:582 updates for Apache httpd not installed
12468| [22520] Apache mod-auth-shadow "
12469| [22466] ApacheTop symlink
12470| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12471| [22006] Apache HTTP Server byte-range filter denial of service
12472| [21567] Apache mod_ssl off-by-one buffer overflow
12473| [21195] Apache HTTP Server header HTTP request smuggling
12474| [20383] Apache HTTP Server htdigest buffer overflow
12475| [19681] Apache Tomcat AJP12 request denial of service
12476| [18993] Apache HTTP server check_forensic symlink attack
12477| [18790] Apache Tomcat Manager cross-site scripting
12478| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12479| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12480| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12481| [17961] Apache Web server ServerTokens has not been set
12482| [17930] Apache HTTP Server HTTP GET request denial of service
12483| [17785] Apache mod_include module buffer overflow
12484| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12485| [17473] Apache HTTP Server Satisfy directive allows access to resources
12486| [17413] Apache htpasswd buffer overflow
12487| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12488| [17382] Apache HTTP Server IPv6 apr_util denial of service
12489| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12490| [17273] Apache HTTP Server speculative mode denial of service
12491| [17200] Apache HTTP Server mod_ssl denial of service
12492| [16890] Apache HTTP Server server-info request has been detected
12493| [16889] Apache HTTP Server server-status request has been detected
12494| [16705] Apache mod_ssl format string attack
12495| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12496| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12497| [16230] Apache HTTP Server PHP denial of service
12498| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12499| [15958] Apache HTTP Server authentication modules memory corruption
12500| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12501| [15540] Apache HTTP Server socket starvation denial of service
12502| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12503| [15422] Apache HTTP Server mod_access information disclosure
12504| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12505| [15293] Apache for Cygwin "
12506| [15065] Apache-SSL has a default password
12507| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12508| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12509| [14751] Apache Mod_python output filter information disclosure
12510| [14125] Apache HTTP Server mod_userdir module information disclosure
12511| [14075] Apache HTTP Server mod_php file descriptor leak
12512| [13703] Apache HTTP Server account
12513| [13689] Apache HTTP Server configuration allows symlinks
12514| [13688] Apache HTTP Server configuration allows SSI
12515| [13687] Apache HTTP Server Server: header value
12516| [13685] Apache HTTP Server ServerTokens value
12517| [13684] Apache HTTP Server ServerSignature value
12518| [13672] Apache HTTP Server config allows directory autoindexing
12519| [13671] Apache HTTP Server default content
12520| [13670] Apache HTTP Server config file directive references outside content root
12521| [13668] Apache HTTP Server httpd not running in chroot environment
12522| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12523| [13664] Apache HTTP Server config file contains ScriptAlias entry
12524| [13663] Apache HTTP Server CGI support modules loaded
12525| [13661] Apache HTTP Server config file contains AddHandler entry
12526| [13660] Apache HTTP Server 500 error page not CGI script
12527| [13659] Apache HTTP Server 413 error page not CGI script
12528| [13658] Apache HTTP Server 403 error page not CGI script
12529| [13657] Apache HTTP Server 401 error page not CGI script
12530| [13552] Apache HTTP Server mod_cgid module information disclosure
12531| [13550] Apache GET request directory traversal
12532| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
12533| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
12534| [13429] Apache Tomcat non-HTTP request denial of service
12535| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
12536| [13295] Apache weak password encryption
12537| [13254] Apache Tomcat .jsp cross-site scripting
12538| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
12539| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
12540| [12681] Apache HTTP Server mod_proxy could allow mail relaying
12541| [12662] Apache HTTP Server rotatelogs denial of service
12542| [12554] Apache Tomcat stores password in plain text
12543| [12553] Apache HTTP Server redirects and subrequests denial of service
12544| [12552] Apache HTTP Server FTP proxy server denial of service
12545| [12551] Apache HTTP Server prefork MPM denial of service
12546| [12550] Apache HTTP Server weaker than expected encryption
12547| [12549] Apache HTTP Server type-map file denial of service
12548| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
12549| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
12550| [12091] Apache HTTP Server apr_password_validate denial of service
12551| [12090] Apache HTTP Server apr_psprintf code execution
12552| [11804] Apache HTTP Server mod_access_referer denial of service
12553| [11750] Apache HTTP Server could leak sensitive file descriptors
12554| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
12555| [11703] Apache long slash path allows directory listing
12556| [11695] Apache HTTP Server LF (Line Feed) denial of service
12557| [11694] Apache HTTP Server filestat.c denial of service
12558| [11438] Apache HTTP Server MIME message boundaries information disclosure
12559| [11412] Apache HTTP Server error log terminal escape sequence injection
12560| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
12561| [11195] Apache Tomcat web.xml could be used to read files
12562| [11194] Apache Tomcat URL appended with a null character could list directories
12563| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
12564| [11126] Apache HTTP Server illegal character file disclosure
12565| [11125] Apache HTTP Server DOS device name HTTP POST code execution
12566| [11124] Apache HTTP Server DOS device name denial of service
12567| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
12568| [10938] Apache HTTP Server printenv test CGI cross-site scripting
12569| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
12570| [10575] Apache mod_php module could allow an attacker to take over the httpd process
12571| [10499] Apache HTTP Server WebDAV HTTP POST view source
12572| [10457] Apache HTTP Server mod_ssl "
12573| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
12574| [10414] Apache HTTP Server htdigest multiple buffer overflows
12575| [10413] Apache HTTP Server htdigest temporary file race condition
12576| [10412] Apache HTTP Server htpasswd temporary file race condition
12577| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
12578| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
12579| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
12580| [10280] Apache HTTP Server shared memory scorecard overwrite
12581| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
12582| [10241] Apache HTTP Server Host: header cross-site scripting
12583| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
12584| [10208] Apache HTTP Server mod_dav denial of service
12585| [10206] HP VVOS Apache mod_ssl denial of service
12586| [10200] Apache HTTP Server stderr denial of service
12587| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
12588| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
12589| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
12590| [10098] Slapper worm targets OpenSSL/Apache systems
12591| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
12592| [9875] Apache HTTP Server .var file request could disclose installation path
12593| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
12594| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
12595| [9623] Apache HTTP Server ap_log_rerror() path disclosure
12596| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
12597| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
12598| [9396] Apache Tomcat null character to threads denial of service
12599| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
12600| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12601| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12602| [8932] Apache Tomcat example class information disclosure
12603| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12604| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12605| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12606| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12607| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12608| [8400] Apache HTTP Server mod_frontpage buffer overflows
12609| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12610| [8308] Apache "
12611| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12612| [8119] Apache and PHP OPTIONS request reveals "
12613| [8054] Apache is running on the system
12614| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12615| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12616| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12617| [7836] Apache HTTP Server log directory denial of service
12618| [7815] Apache for Windows "
12619| [7810] Apache HTTP request could result in unexpected behavior
12620| [7599] Apache Tomcat reveals installation path
12621| [7494] Apache "
12622| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12623| [7363] Apache Web Server hidden HTTP requests
12624| [7249] Apache mod_proxy denial of service
12625| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12626| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12627| [7059] Apache "
12628| [7057] Apache "
12629| [7056] Apache "
12630| [7055] Apache "
12631| [7054] Apache "
12632| [6997] Apache Jakarta Tomcat error message may reveal information
12633| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12634| [6970] Apache crafted HTTP request could reveal the internal IP address
12635| [6921] Apache long slash path allows directory listing
12636| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12637| [6527] Apache Web Server for Windows and OS2 denial of service
12638| [6316] Apache Jakarta Tomcat may reveal JSP source code
12639| [6305] Apache Jakarta Tomcat directory traversal
12640| [5926] Linux Apache symbolic link
12641| [5659] Apache Web server discloses files when used with php script
12642| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12643| [5204] Apache WebDAV directory listings
12644| [5197] Apache Web server reveals CGI script source code
12645| [5160] Apache Jakarta Tomcat default installation
12646| [5099] Trustix Secure Linux installs Apache with world writable access
12647| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12648| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12649| [4931] Apache source.asp example file allows users to write to files
12650| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12651| [4205] Apache Jakarta Tomcat delivers file contents
12652| [2084] Apache on Debian by default serves the /usr/doc directory
12653| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12654| [697] Apache HTTP server beck exploit
12655| [331] Apache cookies buffer overflow
12656|
12657| Exploit-DB - https://www.exploit-db.com:
12658| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12659| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12660| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12661| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12662| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12663| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12664| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12665| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12666| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12667| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12668| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12669| [29859] Apache Roller OGNL Injection
12670| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12671| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12672| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12673| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12674| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12675| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12676| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12677| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12678| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12679| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12680| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12681| [27096] Apache Geronimo 1.0 Error Page XSS
12682| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12683| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12684| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12685| [25986] Plesk Apache Zeroday Remote Exploit
12686| [25980] Apache Struts includeParams Remote Code Execution
12687| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12688| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12689| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12690| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12691| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12692| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12693| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12694| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12695| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12696| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12697| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12698| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12699| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12700| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12701| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12702| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12703| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12704| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12705| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12706| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12707| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12708| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12709| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12710| [21719] Apache 2.0 Path Disclosure Vulnerability
12711| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12712| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12713| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12714| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12715| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12716| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12717| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12718| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12719| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12720| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12721| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12722| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12723| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12724| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12725| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12726| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12727| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12728| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12729| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12730| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12731| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12732| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12733| [20558] Apache 1.2 Web Server DoS Vulnerability
12734| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12735| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12736| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12737| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12738| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12739| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12740| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12741| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12742| [19231] PHP apache_request_headers Function Buffer Overflow
12743| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12744| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12745| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12746| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12747| [18442] Apache httpOnly Cookie Disclosure
12748| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12749| [18221] Apache HTTP Server Denial of Service
12750| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12751| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12752| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12753| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12754| [16782] Apache Win32 Chunked Encoding
12755| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12756| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12757| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12758| [15319] Apache 2.2 (Windows) Local Denial of Service
12759| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12760| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12761| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12762| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12763| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12764| [12330] Apache OFBiz - Multiple XSS
12765| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12766| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12767| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12768| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12769| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12770| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12771| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12772| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12773| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12774| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12775| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12776| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12777| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12778| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12779| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12780| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12781| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12782| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12783| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12784| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12785| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12786| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12787| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12788| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12789| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12790| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12791| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12792| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12793| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12794| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12795| [466] htpasswd Apache 1.3.31 - Local Exploit
12796| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12797| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12798| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12799| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12800| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12801| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12802| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12803| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12804| [9] Apache HTTP Server 2.x Memory Leak Exploit
12805|
12806| OpenVAS (Nessus) - http://www.openvas.org:
12807| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12808| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12809| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12810| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12811| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12812| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12813| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12814| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12815| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12816| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12817| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12818| [900571] Apache APR-Utils Version Detection
12819| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12820| [900496] Apache Tiles Multiple XSS Vulnerability
12821| [900493] Apache Tiles Version Detection
12822| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12823| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12824| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12825| [870175] RedHat Update for apache RHSA-2008:0004-01
12826| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12827| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12828| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12829| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12830| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12831| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12832| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12833| [855821] Solaris Update for Apache 1.3 122912-19
12834| [855812] Solaris Update for Apache 1.3 122911-19
12835| [855737] Solaris Update for Apache 1.3 122911-17
12836| [855731] Solaris Update for Apache 1.3 122912-17
12837| [855695] Solaris Update for Apache 1.3 122911-16
12838| [855645] Solaris Update for Apache 1.3 122912-16
12839| [855587] Solaris Update for kernel update and Apache 108529-29
12840| [855566] Solaris Update for Apache 116973-07
12841| [855531] Solaris Update for Apache 116974-07
12842| [855524] Solaris Update for Apache 2 120544-14
12843| [855494] Solaris Update for Apache 1.3 122911-15
12844| [855478] Solaris Update for Apache Security 114145-11
12845| [855472] Solaris Update for Apache Security 113146-12
12846| [855179] Solaris Update for Apache 1.3 122912-15
12847| [855147] Solaris Update for kernel update and Apache 108528-29
12848| [855077] Solaris Update for Apache 2 120543-14
12849| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12850| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12851| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12852| [841209] Ubuntu Update for apache2 USN-1627-1
12853| [840900] Ubuntu Update for apache2 USN-1368-1
12854| [840798] Ubuntu Update for apache2 USN-1259-1
12855| [840734] Ubuntu Update for apache2 USN-1199-1
12856| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12857| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12858| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12859| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12860| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12861| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12862| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12863| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12864| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12865| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12866| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12867| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12868| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12869| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12870| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12871| [835188] HP-UX Update for Apache HPSBUX02308
12872| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12873| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12874| [835172] HP-UX Update for Apache HPSBUX02365
12875| [835168] HP-UX Update for Apache HPSBUX02313
12876| [835148] HP-UX Update for Apache HPSBUX01064
12877| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12878| [835131] HP-UX Update for Apache HPSBUX00256
12879| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12880| [835104] HP-UX Update for Apache HPSBUX00224
12881| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12882| [835101] HP-UX Update for Apache HPSBUX01232
12883| [835080] HP-UX Update for Apache HPSBUX02273
12884| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12885| [835044] HP-UX Update for Apache HPSBUX01019
12886| [835040] HP-UX Update for Apache PHP HPSBUX00207
12887| [835025] HP-UX Update for Apache HPSBUX00197
12888| [835023] HP-UX Update for Apache HPSBUX01022
12889| [835022] HP-UX Update for Apache HPSBUX02292
12890| [835005] HP-UX Update for Apache HPSBUX02262
12891| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12892| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12893| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12894| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12895| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12896| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12897| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12898| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12899| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12900| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12901| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12902| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12903| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12904| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12905| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12906| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12907| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12908| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12909| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12910| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12911| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12912| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12913| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12914| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12915| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12916| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12917| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12918| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12919| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12920| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12921| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12922| [801942] Apache Archiva Multiple Vulnerabilities
12923| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12924| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12925| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12926| [801284] Apache Derby Information Disclosure Vulnerability
12927| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12928| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12929| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12930| [800680] Apache APR Version Detection
12931| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12932| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12933| [800677] Apache Roller Version Detection
12934| [800279] Apache mod_jk Module Version Detection
12935| [800278] Apache Struts Cross Site Scripting Vulnerability
12936| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12937| [800276] Apache Struts Version Detection
12938| [800271] Apache Struts Directory Traversal Vulnerability
12939| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12940| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12941| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12942| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12943| [103074] Apache Continuum Cross Site Scripting Vulnerability
12944| [103073] Apache Continuum Detection
12945| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12946| [101023] Apache Open For Business Weak Password security check
12947| [101020] Apache Open For Business HTML injection vulnerability
12948| [101019] Apache Open For Business service detection
12949| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12950| [100923] Apache Archiva Detection
12951| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12952| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12953| [100813] Apache Axis2 Detection
12954| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12955| [100795] Apache Derby Detection
12956| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12957| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12958| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12959| [100514] Apache Multiple Security Vulnerabilities
12960| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12961| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12962| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12963| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12964| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12965| [72612] FreeBSD Ports: apache22
12966| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12967| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12968| [71512] FreeBSD Ports: apache
12969| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12970| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12971| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12972| [70737] FreeBSD Ports: apache
12973| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12974| [70600] FreeBSD Ports: apache
12975| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12976| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12977| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12978| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12979| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12980| [67868] FreeBSD Ports: apache
12981| [66816] FreeBSD Ports: apache
12982| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12983| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12984| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12985| [66081] SLES11: Security update for Apache 2
12986| [66074] SLES10: Security update for Apache 2
12987| [66070] SLES9: Security update for Apache 2
12988| [65998] SLES10: Security update for apache2-mod_python
12989| [65893] SLES10: Security update for Apache 2
12990| [65888] SLES10: Security update for Apache 2
12991| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12992| [65510] SLES9: Security update for Apache 2
12993| [65472] SLES9: Security update for Apache
12994| [65467] SLES9: Security update for Apache
12995| [65450] SLES9: Security update for apache2
12996| [65390] SLES9: Security update for Apache2
12997| [65363] SLES9: Security update for Apache2
12998| [65309] SLES9: Security update for Apache and mod_ssl
12999| [65296] SLES9: Security update for webdav apache module
13000| [65283] SLES9: Security update for Apache2
13001| [65249] SLES9: Security update for Apache 2
13002| [65230] SLES9: Security update for Apache 2
13003| [65228] SLES9: Security update for Apache 2
13004| [65212] SLES9: Security update for apache2-mod_python
13005| [65209] SLES9: Security update for apache2-worker
13006| [65207] SLES9: Security update for Apache 2
13007| [65168] SLES9: Security update for apache2-mod_python
13008| [65142] SLES9: Security update for Apache2
13009| [65136] SLES9: Security update for Apache 2
13010| [65132] SLES9: Security update for apache
13011| [65131] SLES9: Security update for Apache 2 oes/CORE
13012| [65113] SLES9: Security update for apache2
13013| [65072] SLES9: Security update for apache and mod_ssl
13014| [65017] SLES9: Security update for Apache 2
13015| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
13016| [64783] FreeBSD Ports: apache
13017| [64774] Ubuntu USN-802-2 (apache2)
13018| [64653] Ubuntu USN-813-2 (apache2)
13019| [64559] Debian Security Advisory DSA 1834-2 (apache2)
13020| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
13021| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
13022| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
13023| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
13024| [64443] Ubuntu USN-802-1 (apache2)
13025| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
13026| [64423] Debian Security Advisory DSA 1834-1 (apache2)
13027| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
13028| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
13029| [64251] Debian Security Advisory DSA 1816-1 (apache2)
13030| [64201] Ubuntu USN-787-1 (apache2)
13031| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
13032| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
13033| [63565] FreeBSD Ports: apache
13034| [63562] Ubuntu USN-731-1 (apache2)
13035| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
13036| [61185] FreeBSD Ports: apache
13037| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
13038| [60387] Slackware Advisory SSA:2008-045-02 apache
13039| [58826] FreeBSD Ports: apache-tomcat
13040| [58825] FreeBSD Ports: apache-tomcat
13041| [58804] FreeBSD Ports: apache
13042| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
13043| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
13044| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
13045| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
13046| [57335] Debian Security Advisory DSA 1167-1 (apache)
13047| [57201] Debian Security Advisory DSA 1131-1 (apache)
13048| [57200] Debian Security Advisory DSA 1132-1 (apache2)
13049| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
13050| [57145] FreeBSD Ports: apache
13051| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
13052| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
13053| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
13054| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
13055| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
13056| [56067] FreeBSD Ports: apache
13057| [55803] Slackware Advisory SSA:2005-310-04 apache
13058| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13059| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13060| [55355] FreeBSD Ports: apache
13061| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13062| [55261] Debian Security Advisory DSA 805-1 (apache2)
13063| [55259] Debian Security Advisory DSA 803-1 (apache)
13064| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13065| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13066| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13067| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13068| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13069| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13070| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13071| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13072| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13073| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13074| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13075| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13076| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13077| [54439] FreeBSD Ports: apache
13078| [53931] Slackware Advisory SSA:2004-133-01 apache
13079| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
13080| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
13081| [53878] Slackware Advisory SSA:2003-308-01 apache security update
13082| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13083| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13084| [53848] Debian Security Advisory DSA 131-1 (apache)
13085| [53784] Debian Security Advisory DSA 021-1 (apache)
13086| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13087| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13088| [53735] Debian Security Advisory DSA 187-1 (apache)
13089| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13090| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13091| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13092| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13093| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13094| [53282] Debian Security Advisory DSA 594-1 (apache)
13095| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13096| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13097| [53215] Debian Security Advisory DSA 525-1 (apache)
13098| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13099| [52529] FreeBSD Ports: apache+ssl
13100| [52501] FreeBSD Ports: apache
13101| [52461] FreeBSD Ports: apache
13102| [52390] FreeBSD Ports: apache
13103| [52389] FreeBSD Ports: apache
13104| [52388] FreeBSD Ports: apache
13105| [52383] FreeBSD Ports: apache
13106| [52339] FreeBSD Ports: apache+mod_ssl
13107| [52331] FreeBSD Ports: apache
13108| [52329] FreeBSD Ports: ru-apache+mod_ssl
13109| [52314] FreeBSD Ports: apache
13110| [52310] FreeBSD Ports: apache
13111| [15588] Detect Apache HTTPS
13112| [15555] Apache mod_proxy content-length buffer overflow
13113| [15554] Apache mod_include priviledge escalation
13114| [14771] Apache <= 1.3.33 htpasswd local overflow
13115| [14177] Apache mod_access rule bypass
13116| [13644] Apache mod_rootme Backdoor
13117| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13118| [12280] Apache Connection Blocking Denial of Service
13119| [12239] Apache Error Log Escape Sequence Injection
13120| [12123] Apache Tomcat source.jsp malformed request information disclosure
13121| [12085] Apache Tomcat servlet/JSP container default files
13122| [11438] Apache Tomcat Directory Listing and File disclosure
13123| [11204] Apache Tomcat Default Accounts
13124| [11092] Apache 2.0.39 Win32 directory traversal
13125| [11046] Apache Tomcat TroubleShooter Servlet Installed
13126| [11042] Apache Tomcat DOS Device Name XSS
13127| [11041] Apache Tomcat /servlet Cross Site Scripting
13128| [10938] Apache Remote Command Execution via .bat files
13129| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13130| [10773] MacOS X Finder reveals contents of Apache Web files
13131| [10766] Apache UserDir Sensitive Information Disclosure
13132| [10756] MacOS X Finder reveals contents of Apache Web directories
13133| [10752] Apache Auth Module SQL Insertion Attack
13134| [10704] Apache Directory Listing
13135| [10678] Apache /server-info accessible
13136| [10677] Apache /server-status accessible
13137| [10440] Check for Apache Multiple / vulnerability
13138|
13139| SecurityTracker - https://www.securitytracker.com:
13140| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13141| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13142| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13143| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13144| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13145| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13146| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13147| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13148| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13149| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13150| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13151| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13152| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13153| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13154| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13155| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13156| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13157| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13158| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13159| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13160| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13161| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13162| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13163| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13164| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13165| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13166| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13167| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13168| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13169| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13170| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13171| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13172| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13173| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13174| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13175| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13176| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13177| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13178| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13179| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13180| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13181| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13182| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13183| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13184| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13185| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13186| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13187| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13188| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13189| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13190| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13191| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13192| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13193| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13194| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13195| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13196| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13197| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13198| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13199| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13200| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13201| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13202| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13203| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13204| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13205| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13206| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13207| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13208| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13209| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13210| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13211| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13212| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13213| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13214| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13215| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13216| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13217| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13218| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13219| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13220| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13221| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13222| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13223| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13224| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13225| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13226| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13227| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13228| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13229| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13230| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13231| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13232| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13233| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13234| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13235| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13236| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13237| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13238| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13239| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13240| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13241| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13242| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13243| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13244| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13245| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13246| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13247| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13248| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13249| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13250| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13251| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13252| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13253| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13254| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13255| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13256| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13257| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13258| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13259| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13260| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13261| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13262| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13263| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13264| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13265| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13266| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13267| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13268| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13269| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13270| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13271| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13272| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13273| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13274| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13275| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13276| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13277| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13278| [1008920] Apache mod_digest May Validate Replayed Client Responses
13279| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13280| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13281| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13282| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13283| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13284| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13285| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13286| [1008029] Apache mod_alias Contains a Buffer Overflow
13287| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13288| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13289| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13290| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13291| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13292| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13293| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13294| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13295| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13296| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13297| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13298| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13299| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13300| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13301| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13302| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13303| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13304| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13305| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13306| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13307| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13308| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13309| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13310| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13311| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13312| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13313| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13314| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13315| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13316| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13317| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13318| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13319| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13320| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13321| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13322| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13323| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13324| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13325| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13326| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13327| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13328| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13329| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13330| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13331| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13332| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13333| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13334| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13335| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13336| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13337| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13338| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13339| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13340| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13341| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13342| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13343|
13344| OSVDB - http://www.osvdb.org:
13345| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13346| [96077] Apache CloudStack Global Settings Multiple Field XSS
13347| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13348| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13349| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13350| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13351| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13352| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13353| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13354| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13355| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13356| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13357| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13358| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13359| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13360| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13361| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13362| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13363| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13364| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13365| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13366| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13367| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13368| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13369| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13370| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13371| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13372| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13373| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13374| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13375| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13376| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13377| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13378| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13379| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13380| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13381| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13382| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13383| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13384| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13385| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13386| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13387| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13388| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13389| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13390| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13391| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13392| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13393| [94279] Apache Qpid CA Certificate Validation Bypass
13394| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13395| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13396| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13397| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13398| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13399| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13400| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13401| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13402| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13403| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13404| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13405| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13406| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13407| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13408| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13409| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13410| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13411| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13412| [93541] Apache Solr json.wrf Callback XSS
13413| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13414| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13415| [93520] Apache CloudStack Default SSL Key Weakness
13416| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13417| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13418| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13419| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13420| [93515] Apache HBase table.jsp name Parameter XSS
13421| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13422| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13423| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13424| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13425| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13426| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13427| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13428| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13429| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13430| [93252] Apache Tomcat FORM Authenticator Session Fixation
13431| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13432| [93171] Apache Sling HtmlResponse Error Message XSS
13433| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13434| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13435| [93168] Apache Click ErrorReport.java id Parameter XSS
13436| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13437| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13438| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13439| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13440| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13441| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13442| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13443| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13444| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13445| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13446| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13447| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13448| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13449| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13450| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13451| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13452| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13453| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13454| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13455| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13456| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13457| [93144] Apache Solr Admin Command Execution CSRF
13458| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13459| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13460| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13461| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13462| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13463| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13464| [92748] Apache CloudStack VM Console Access Restriction Bypass
13465| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13466| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13467| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13468| [92706] Apache ActiveMQ Debug Log Rendering XSS
13469| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13470| [92270] Apache Tomcat Unspecified CSRF
13471| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13472| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13473| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13474| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13475| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13476| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13477| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13478| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13479| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13480| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13481| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13482| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13483| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13484| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13485| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13486| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13487| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13488| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13489| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13490| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13491| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13492| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13493| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13494| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13495| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13496| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13497| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13498| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13499| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13500| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13501| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13502| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13503| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13504| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13505| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13506| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13507| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13508| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13509| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13510| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13511| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13512| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13513| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13514| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13515| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13516| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13517| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13518| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13519| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13520| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13521| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13522| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13523| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13524| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13525| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13526| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13527| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13528| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13529| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
13530| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
13531| [86901] Apache Tomcat Error Message Path Disclosure
13532| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
13533| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
13534| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
13535| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
13536| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
13537| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
13538| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
13539| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
13540| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
13541| [85430] Apache mod_pagespeed Module Unspecified XSS
13542| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
13543| [85249] Apache Wicket Unspecified XSS
13544| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
13545| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
13546| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
13547| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
13548| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
13549| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
13550| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
13551| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
13552| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
13553| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
13554| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
13555| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
13556| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
13557| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
13558| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
13559| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
13560| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
13561| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
13562| [83339] Apache Roller Blogger Roll Unspecified XSS
13563| [83270] Apache Roller Unspecified Admin Action CSRF
13564| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
13565| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
13566| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
13567| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
13568| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
13569| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
13570| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
13571| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
13572| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
13573| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
13574| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
13575| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
13576| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
13577| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
13578| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
13579| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
13580| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
13581| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
13582| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
13583| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
13584| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
13585| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
13586| [80300] Apache Wicket wicket:pageMapName Parameter XSS
13587| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
13588| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
13589| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
13590| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
13591| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
13592| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
13593| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
13594| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
13595| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
13596| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
13597| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
13598| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
13599| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
13600| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13601| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13602| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13603| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13604| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13605| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13606| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13607| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13608| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13609| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13610| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13611| [77593] Apache Struts Conversion Error OGNL Expression Injection
13612| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13613| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13614| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13615| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13616| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13617| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13618| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13619| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13620| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13621| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13622| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13623| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13624| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13625| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13626| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13627| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13628| [74725] Apache Wicket Multi Window Support Unspecified XSS
13629| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13630| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13631| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13632| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13633| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13634| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13635| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13636| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13637| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13638| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13639| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13640| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13641| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13642| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13643| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13644| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13645| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13646| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13647| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13648| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13649| [73154] Apache Archiva Multiple Unspecified CSRF
13650| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13651| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13652| [72238] Apache Struts Action / Method Names <
13653| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13654| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13655| [71557] Apache Tomcat HTML Manager Multiple XSS
13656| [71075] Apache Archiva User Management Page XSS
13657| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13658| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13659| [70924] Apache Continuum Multiple Admin Function CSRF
13660| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13661| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13662| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13663| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13664| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13665| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13666| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13667| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13668| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13669| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13670| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13671| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13672| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13673| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13674| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13675| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13676| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13677| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13678| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13679| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13680| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13681| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13682| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13683| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13684| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13685| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13686| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13687| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13688| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13689| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13690| [65054] Apache ActiveMQ Jetty Error Handler XSS
13691| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13692| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13693| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13694| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13695| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13696| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13697| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13698| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13699| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13700| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13701| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13702| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13703| [63895] Apache HTTP Server mod_headers Unspecified Issue
13704| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13705| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13706| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13707| [63140] Apache Thrift Service Malformed Data Remote DoS
13708| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13709| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13710| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13711| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13712| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13713| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13714| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13715| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13716| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13717| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13718| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13719| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13720| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13721| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13722| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13723| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13724| [60678] Apache Roller Comment Email Notification Manipulation DoS
13725| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13726| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13727| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13728| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13729| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13730| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13731| [60232] PHP on Apache php.exe Direct Request Remote DoS
13732| [60176] Apache Tomcat Windows Installer Admin Default Password
13733| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13734| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13735| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13736| [59944] Apache Hadoop jobhistory.jsp XSS
13737| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13738| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13739| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13740| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13741| [59019] Apache mod_python Cookie Salting Weakness
13742| [59018] Apache Harmony Error Message Handling Overflow
13743| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13744| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13745| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13746| [59010] Apache Solr get-file.jsp XSS
13747| [59009] Apache Solr action.jsp XSS
13748| [59008] Apache Solr analysis.jsp XSS
13749| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13750| [59006] Apache Beehive select / checkbox Tag XSS
13751| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13752| [59004] Apache Beehive Error Message XSS
13753| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13754| [59002] Apache Jetspeed default-page.psml URI XSS
13755| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13756| [59000] Apache CXF Unsigned Message Policy Bypass
13757| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13758| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13759| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13760| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13761| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13762| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13763| [58993] Apache Hadoop browseBlock.jsp XSS
13764| [58991] Apache Hadoop browseDirectory.jsp XSS
13765| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13766| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13767| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13768| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13769| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13770| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13771| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13772| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13773| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13774| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13775| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13776| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13777| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13778| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13779| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13780| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13781| [58974] Apache Sling /apps Script User Session Management Access Weakness
13782| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13783| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13784| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13785| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13786| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13787| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13788| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13789| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13790| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13791| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13792| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13793| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13794| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13795| [58805] Apache Derby Unauthenticated Database / Admin Access
13796| [58804] Apache Wicket Header Contribution Unspecified Issue
13797| [58803] Apache Wicket Session Fixation
13798| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13799| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13800| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13801| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13802| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13803| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13804| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13805| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13806| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13807| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13808| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13809| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13810| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13811| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13812| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13813| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13814| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13815| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13816| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13817| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13818| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13819| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13820| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13821| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13822| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13823| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13824| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13825| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13826| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13827| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13828| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13829| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13830| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13831| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13832| [58755] Apache Harmony DRLVM Non-public Class Member Access
13833| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13834| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13835| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13836| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13837| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13838| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13839| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13840| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13841| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13842| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13843| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13844| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13845| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13846| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13847| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13848| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13849| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13850| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13851| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13852| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13853| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13854| [58724] Apache Roller Logout Functionality Failure Session Persistence
13855| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13856| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13857| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13858| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13859| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13860| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13861| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13862| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13863| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13864| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13865| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13866| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13867| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13868| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13869| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13870| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13871| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13872| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13873| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13874| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13875| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13876| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13877| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13878| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13879| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13880| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13881| [58687] Apache Axis Invalid wsdl Request XSS
13882| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13883| [58685] Apache Velocity Template Designer Privileged Code Execution
13884| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13885| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13886| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13887| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13888| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13889| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13890| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13891| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13892| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13893| [58667] Apache Roller Database Cleartext Passwords Disclosure
13894| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13895| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13896| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13897| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13898| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13899| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13900| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13901| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13902| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13903| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13904| [56984] Apache Xerces2 Java Malformed XML Input DoS
13905| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13906| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13907| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13908| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13909| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13910| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13911| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13912| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13913| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13914| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13915| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13916| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13917| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13918| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13919| [55056] Apache Tomcat Cross-application TLD File Manipulation
13920| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13921| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13922| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13923| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13924| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13925| [54589] Apache Jserv Nonexistent JSP Request XSS
13926| [54122] Apache Struts s:a / s:url Tag href Element XSS
13927| [54093] Apache ActiveMQ Web Console JMS Message XSS
13928| [53932] Apache Geronimo Multiple Admin Function CSRF
13929| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13930| [53930] Apache Geronimo /console/portal/ URI XSS
13931| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13932| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13933| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13934| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13935| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13936| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13937| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13938| [53380] Apache Struts Unspecified XSS
13939| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13940| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13941| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13942| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13943| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13944| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13945| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13946| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13947| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13948| [51151] Apache Roller Search Function q Parameter XSS
13949| [50482] PHP with Apache php_value Order Unspecified Issue
13950| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13951| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13952| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13953| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13954| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13955| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13956| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13957| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13958| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13959| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13960| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13961| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13962| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13963| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13964| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13965| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13966| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13967| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13968| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13969| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13970| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13971| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13972| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13973| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13974| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13975| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13976| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13977| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13978| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13979| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13980| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13981| [43452] Apache Tomcat HTTP Request Smuggling
13982| [43309] Apache Geronimo LoginModule Login Method Bypass
13983| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13984| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13985| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13986| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13987| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13988| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13989| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13990| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13991| [42091] Apache Maven Site Plugin Installation Permission Weakness
13992| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13993| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13994| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13995| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13996| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13997| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13998| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13999| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
14000| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
14001| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
14002| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
14003| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
14004| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
14005| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
14006| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
14007| [40262] Apache HTTP Server mod_status refresh XSS
14008| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
14009| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
14010| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
14011| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
14012| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
14013| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
14014| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
14015| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
14016| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
14017| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
14018| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
14019| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
14020| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
14021| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
14022| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
14023| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
14024| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
14025| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
14026| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
14027| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
14028| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
14029| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
14030| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
14031| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
14032| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
14033| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
14034| [36080] Apache Tomcat JSP Examples Crafted URI XSS
14035| [36079] Apache Tomcat Manager Uploaded Filename XSS
14036| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
14037| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
14038| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
14039| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
14040| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
14041| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
14042| [34881] Apache Tomcat Malformed Accept-Language Header XSS
14043| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
14044| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
14045| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14046| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
14047| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
14048| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
14049| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
14050| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
14051| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
14052| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
14053| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
14054| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
14055| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
14056| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14057| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14058| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14059| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14060| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14061| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14062| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14063| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14064| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14065| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14066| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14067| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14068| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14069| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14070| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14071| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14072| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14073| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14074| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14075| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14076| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14077| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14078| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14079| [24365] Apache Struts Multiple Function Error Message XSS
14080| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14081| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14082| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14083| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14084| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14085| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14086| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14087| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14088| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14089| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14090| [22459] Apache Geronimo Error Page XSS
14091| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14092| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14093| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14094| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14095| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14096| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14097| [21021] Apache Struts Error Message XSS
14098| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14099| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14100| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14101| [20439] Apache Tomcat Directory Listing Saturation DoS
14102| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14103| [20285] Apache HTTP Server Log File Control Character Injection
14104| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14105| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14106| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14107| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14108| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14109| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14110| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14111| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14112| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14113| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14114| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14115| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14116| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14117| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14118| [18233] Apache HTTP Server htdigest user Variable Overfow
14119| [17738] Apache HTTP Server HTTP Request Smuggling
14120| [16586] Apache HTTP Server Win32 GET Overflow DoS
14121| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14122| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14123| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14124| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14125| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14126| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14127| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14128| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14129| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14130| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14131| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14132| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14133| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14134| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14135| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14136| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14137| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14138| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14139| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14140| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14141| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14142| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14143| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14144| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14145| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14146| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14147| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14148| [13304] Apache Tomcat realPath.jsp Path Disclosure
14149| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14150| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14151| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14152| [12848] Apache HTTP Server htdigest realm Variable Overflow
14153| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14154| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14155| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14156| [12557] Apache HTTP Server prefork MPM accept Error DoS
14157| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14158| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14159| [12231] Apache Tomcat web.xml Arbitrary File Access
14160| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14161| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14162| [12178] Apache Jakarta Lucene results.jsp XSS
14163| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14164| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14165| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14166| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14167| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14168| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14169| [10471] Apache Xerces-C++ XML Parser DoS
14170| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14171| [10068] Apache HTTP Server htpasswd Local Overflow
14172| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14173| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14174| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14175| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14176| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14177| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14178| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14179| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14180| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14181| [9714] Apache Authentication Module Threaded MPM DoS
14182| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14183| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14184| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14185| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14186| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14187| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14188| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14189| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14190| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14191| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14192| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14193| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14194| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14195| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14196| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14197| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14198| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14199| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14200| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14201| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14202| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14203| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14204| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14205| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14206| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14207| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14208| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14209| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14210| [9208] Apache Tomcat .jsp Encoded Newline XSS
14211| [9204] Apache Tomcat ROOT Application XSS
14212| [9203] Apache Tomcat examples Application XSS
14213| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14214| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14215| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14216| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14217| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14218| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14219| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14220| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14221| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14222| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14223| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14224| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14225| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14226| [7611] Apache HTTP Server mod_alias Local Overflow
14227| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14228| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14229| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14230| [6882] Apache mod_python Malformed Query String Variant DoS
14231| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14232| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14233| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14234| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14235| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14236| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14237| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14238| [5278] Apache Tomcat web.xml Restriction Bypass
14239| [5051] Apache Tomcat Null Character DoS
14240| [4973] Apache Tomcat servlet Mapping XSS
14241| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14242| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14243| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14244| [4568] mod_survey For Apache ENV Tags SQL Injection
14245| [4553] Apache HTTP Server ApacheBench Overflow DoS
14246| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14247| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14248| [4383] Apache HTTP Server Socket Race Condition DoS
14249| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14250| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14251| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14252| [4231] Apache Cocoon Error Page Server Path Disclosure
14253| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14254| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14255| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14256| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14257| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14258| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14259| [3322] mod_php for Apache HTTP Server Process Hijack
14260| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14261| [2885] Apache mod_python Malformed Query String DoS
14262| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14263| [2733] Apache HTTP Server mod_rewrite Local Overflow
14264| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14265| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14266| [2149] Apache::Gallery Privilege Escalation
14267| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14268| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14269| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14270| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14271| [872] Apache Tomcat Multiple Default Accounts
14272| [862] Apache HTTP Server SSI Error Page XSS
14273| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14274| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14275| [845] Apache Tomcat MSDOS Device XSS
14276| [844] Apache Tomcat Java Servlet Error Page XSS
14277| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14278| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14279| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14280| [775] Apache mod_python Module Importing Privilege Function Execution
14281| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14282| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14283| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14284| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14285| [637] Apache HTTP Server UserDir Directive Username Enumeration
14286| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14287| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14288| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14289| [561] Apache Web Servers mod_status /server-status Information Disclosure
14290| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14291| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14292| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14293| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14294| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14295| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14296| [376] Apache Tomcat contextAdmin Arbitrary File Access
14297| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14298| [222] Apache HTTP Server test-cgi Arbitrary File Access
14299| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14300| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14301|_
14302445/tcp closed microsoft-ds
143038008/tcp open http
14304| fingerprint-strings:
14305| FourOhFourRequest:
14306| HTTP/1.1 302 Found
14307| Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
14308| Connection: close
14309| X-Frame-Options: SAMEORIGIN
14310| X-XSS-Protection: 1; mode=block
14311| X-Content-Type-Options: nosniff
14312| Content-Security-Policy: frame-ancestors
14313| GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
14314| HTTP/1.1 302 Found
14315| Location: https://:8010
14316| Connection: close
14317| X-Frame-Options: SAMEORIGIN
14318| X-XSS-Protection: 1; mode=block
14319| X-Content-Type-Options: nosniff
14320| Content-Security-Policy: frame-ancestors
14321| GetRequest:
14322| HTTP/1.1 302 Found
14323| Location: https://:8010/
14324| Connection: close
14325| X-Frame-Options: SAMEORIGIN
14326| X-XSS-Protection: 1; mode=block
14327| X-Content-Type-Options: nosniff
14328|_ Content-Security-Policy: frame-ancestors
143291 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
14330SF-Port8008-TCP:V=7.70%I=7%D=8/11%Time=5D4FCD28%P=x86_64-pc-linux-gnu%r(Ge
14331SF:tRequest,CC,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://:8010/\r
14332SF:\nConnection:\x20close\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-XSS-Prote
14333SF:ction:\x201;\x20mode=block\r\nX-Content-Type-Options:\x20nosniff\r\nCon
14334SF:tent-Security-Policy:\x20frame-ancestors\r\n\r\n")%r(FourOhFourRequest,
14335SF:EF,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://:8010/nice%20port
14336SF:s%2C/Tri%6Eity\.txt%2ebak\r\nConnection:\x20close\r\nX-Frame-Options:\x
14337SF:20SAMEORIGIN\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Content-Type
14338SF:-Options:\x20nosniff\r\nContent-Security-Policy:\x20frame-ancestors\r\n
14339SF:\r\n")%r(GenericLines,CB,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20htt
14340SF:ps://:8010\r\nConnection:\x20close\r\nX-Frame-Options:\x20SAMEORIGIN\r\
14341SF:nX-XSS-Protection:\x201;\x20mode=block\r\nX-Content-Type-Options:\x20no
14342SF:sniff\r\nContent-Security-Policy:\x20frame-ancestors\r\n\r\n")%r(HTTPOp
14343SF:tions,CB,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://:8010\r\nCo
14344SF:nnection:\x20close\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-XSS-Protectio
14345SF:n:\x201;\x20mode=block\r\nX-Content-Type-Options:\x20nosniff\r\nContent
14346SF:-Security-Policy:\x20frame-ancestors\r\n\r\n")%r(RTSPRequest,CB,"HTTP/1
14347SF:\.1\x20302\x20Found\r\nLocation:\x20https://:8010\r\nConnection:\x20clo
14348SF:se\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-XSS-Protection:\x201;\x20mode
14349SF:=block\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Security-Policy
14350SF::\x20frame-ancestors\r\n\r\n")%r(SIPOptions,CB,"HTTP/1\.1\x20302\x20Fou
14351SF:nd\r\nLocation:\x20https://:8010\r\nConnection:\x20close\r\nX-Frame-Opt
14352SF:ions:\x20SAMEORIGIN\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Conte
14353SF:nt-Type-Options:\x20nosniff\r\nContent-Security-Policy:\x20frame-ancest
14354SF:ors\r\n\r\n");
14355Device type: general purpose
14356Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
14357OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
14358Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 3.16 - 4.6 (89%), Linux 3.2.0 (89%), Linux 3.11 - 4.1 (87%), Linux 4.4 (87%), Linux 3.10 - 4.11 (86%), Linux 3.13 (86%), Linux 3.13 or 4.2 (86%), Linux 4.2 (86%), Linux 3.18 (86%)
14359No exact OS matches for host (test conditions non-ideal).
14360Uptime guess: 1.100 days (since Sat Aug 10 01:48:27 2019)
14361Network Distance: 2 hops
14362TCP Sequence Prediction: Difficulty=262 (Good luck!)
14363IP ID Sequence Generation: All zeros
14364
14365TRACEROUTE (using port 139/tcp)
14366HOP RTT ADDRESS
143671 210.28 ms 10.248.200.1
143682 210.26 ms ruh-firewall.shabakah.net.sa (212.102.11.2)
14369
14370NSE: Script Post-scanning.
14371Initiating NSE at 04:11
14372Completed NSE at 04:11, 0.00s elapsed
14373Initiating NSE at 04:11
14374Completed NSE at 04:11, 0.00s elapsed
14375Read data files from: /usr/bin/../share/nmap
14376OS and Service detection performed. Please report any incorrect results at https://nmap.org/
14377#######################################################################################################################################
14378Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-11 04:11 EDT
14379NSE: Loaded 45 scripts for scanning.
14380NSE: Script Pre-scanning.
14381Initiating NSE at 04:11
14382Completed NSE at 04:11, 0.00s elapsed
14383Initiating NSE at 04:11
14384Completed NSE at 04:11, 0.00s elapsed
14385Initiating Parallel DNS resolution of 1 host. at 04:11
14386Completed Parallel DNS resolution of 1 host. at 04:11, 0.02s elapsed
14387Initiating UDP Scan at 04:11
14388Scanning ruh-firewall.shabakah.net.sa (212.102.11.2) [15 ports]
14389Completed UDP Scan at 04:12, 4.01s elapsed (15 total ports)
14390Initiating Service scan at 04:12
14391Scanning 13 services on ruh-firewall.shabakah.net.sa (212.102.11.2)
14392Service scan Timing: About 7.69% done; ETC: 04:33 (0:19:36 remaining)
14393Completed Service scan at 04:13, 102.60s elapsed (13 services on 1 host)
14394Initiating OS detection (try #1) against ruh-firewall.shabakah.net.sa (212.102.11.2)
14395Retrying OS detection (try #2) against ruh-firewall.shabakah.net.sa (212.102.11.2)
14396Initiating Traceroute at 04:13
14397Completed Traceroute at 04:14, 7.45s elapsed
14398Initiating Parallel DNS resolution of 1 host. at 04:14
14399Completed Parallel DNS resolution of 1 host. at 04:14, 0.00s elapsed
14400NSE: Script scanning 212.102.11.2.
14401Initiating NSE at 04:14
14402Completed NSE at 04:14, 8.47s elapsed
14403Initiating NSE at 04:14
14404Completed NSE at 04:14, 2.69s elapsed
14405Nmap scan report for ruh-firewall.shabakah.net.sa (212.102.11.2)
14406Host is up (0.34s latency).
14407
14408PORT STATE SERVICE VERSION
1440953/udp open|filtered domain
1441067/udp open|filtered dhcps
1441168/udp open|filtered dhcpc
1441269/udp open|filtered tftp
1441388/udp open|filtered kerberos-sec
14414123/udp open|filtered ntp
14415137/udp filtered netbios-ns
14416138/udp filtered netbios-dgm
14417139/udp open|filtered netbios-ssn
14418161/udp open|filtered snmp
14419162/udp open|filtered snmptrap
14420389/udp open|filtered ldap
14421500/udp open|filtered isakmp
14422520/udp open|filtered route
144232049/udp open|filtered nfs
14424Too many fingerprints match this host to give specific OS details
14425
14426TRACEROUTE (using port 138/udp)
14427HOP RTT ADDRESS
144281 ... 3
144294 208.33 ms 10.248.200.1
144305 210.15 ms 10.248.200.1
144316 210.12 ms 10.248.200.1
144327 209.98 ms 10.248.200.1
144338 209.32 ms 10.248.200.1
144349 209.31 ms 10.248.200.1
1443510 209.31 ms 10.248.200.1
1443611 ... 15
1443716 204.22 ms 10.248.200.1
1443817 ... 18
1443919 204.32 ms 10.248.200.1
1444020 203.48 ms 10.248.200.1
1444121 209.12 ms 10.248.200.1
1444222 ... 29
1444330 204.55 ms 10.248.200.1
14444
14445NSE: Script Post-scanning.
14446Initiating NSE at 04:14
14447Completed NSE at 04:14, 0.00s elapsed
14448Initiating NSE at 04:14
14449Completed NSE at 04:14, 0.00s elapsed
14450Read data files from: /usr/bin/../share/nmap
14451OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
14452Nmap done: 1 IP address (1 host up) scanned in 136.17 seconds
14453 Raw packets sent: 138 (8.476KB) | Rcvd: 157 (56.175KB)
14454#######################################################################################################################################
14455 Anonymous JTSEC #OpSaudiArabia Full Recon #11