· 6 years ago · Dec 20, 2019, 12:42 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.escueladesuboficiales.cl ISP Microsoft Corporation
4Continent South America Flag
5BR
6Country Brazil Country Code BR
7Region Sao Paulo Local time 17 Dec 2019 19:01 -03
8City Campinas Postal Code Unknown
9IP Address 191.234.162.247 Latitude -22.908
10 Longitude -47.07
11=======================================================================================================================================
12#######################################################################################################################################
13> www.escueladesuboficiales.cl
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18www.escueladesuboficiales.cl canonical name = suboficiales.cloudapp.net.
19Name: suboficiales.cloudapp.net
20Address: 191.234.162.247
21>
22###################################################################################################################################
23Domain name: escueladesuboficiales.cl
24Registrant name: Escuela de Suboficiales del Ejército
25Registrant organisation:
26Registrar name: NIC Chile
27Registrar URL: https://www.nic.cl
28Creation date: 2000-06-07 17:49:33 CLST
29Expiration date: 2020-07-05 13:49:33 CLST
30Name server: pdns13.domaincontrol.com
31Name server: pdns14.domaincontrol.com
32###################################################################################################################################
33[i] Scanning Site: https://www.escueladesuboficiales.cl
34
35
36
37B A S I C I N F O
38====================
39
40
41[+] Site Title:
42[+] IP address: 191.234.162.247
43[+] Web Server: Could Not Detect
44[+] CMS: Could Not Detect
45[+] Cloudflare: Not Detected
46[+] Robots File: Could NOT Find robots.txt!
47
48
49
50
51W H O I S L O O K U P
52========================
53
54 %%
55%% This is the NIC Chile Whois server (whois.nic.cl).
56%%
57%% Rights restricted by copyright.
58%% See https://www.nic.cl/normativa/politica-publicacion-de-datos-cl.pdf
59%%
60
61Domain name: escueladesuboficiales.cl
62Registrant name: Escuela de Suboficiales del Ejército
63Registrant organisation:
64Registrar name: NIC Chile
65Registrar URL: https://www.nic.cl
66Creation date: 2000-06-07 17:49:33 CLST
67Expiration date: 2020-07-05 13:49:33 CLST
68Name server: pdns13.domaincontrol.com
69Name server: pdns14.domaincontrol.com
70
71%%
72%% For communication with domain contacts please use website.
73%% See https://www.nic.cl/registry/Whois.do?d=escueladesuboficiales.cl
74%%
75
76
77
78
79G E O I P L O O K U P
80=========================
81
82[i] IP Address: 200.29.72.36
83[i] Country: Chile
84[i] State:
85[i] City:
86[i] Latitude: -33.4378
87[i] Longitude: -70.6503
88
89
90
91
92H T T P H E A D E R S
93=======================
94
95
96
97
98
99
100D N S L O O K U P
101===================
102
103escueladesuboficiales.cl. 599 IN A 184.168.221.36
104escueladesuboficiales.cl. 599 IN A 200.29.72.36
105escueladesuboficiales.cl. 3599 IN NS pdns13.domaincontrol.com.
106escueladesuboficiales.cl. 3599 IN NS pdns14.domaincontrol.com.
107escueladesuboficiales.cl. 3599 IN SOA pdns13.domaincontrol.com. dns.jomax.net. 2019101700 28800 7200 604800 600
108escueladesuboficiales.cl. 3599 IN MX 0 barracuda.netglobalis.net.
109escueladesuboficiales.cl. 3599 IN TXT "MS=ms87801505"
110escueladesuboficiales.cl. 3599 IN TXT "v=spf1 a mx ip4:200.29.72.34 ~all"
111escueladesuboficiales.cl. 3599 IN TXT "c3uoadft14gfrous4nr71p7cha"
112
113
114
115
116S U B N E T C A L C U L A T I O N
117====================================
118
119Address = 200.29.72.36
120Network = 200.29.72.36 / 32
121Netmask = 255.255.255.255
122Broadcast = not needed on Point-to-Point links
123Wildcard Mask = 0.0.0.0
124Hosts Bits = 0
125Max. Hosts = 1 (2^0 - 0)
126Host Range = { 200.29.72.36 - 200.29.72.36 }
127
128
129
130N M A P P O R T S C A N
131============================
132
133Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-20 11:17 UTC
134Nmap scan report for escueladesuboficiales.cl (184.168.221.36)
135Host is up.
136Other addresses for escueladesuboficiales.cl (not scanned): 200.29.72.36
137rDNS record for 184.168.221.36: ip-184-168-221-36.ip.secureserver.net
138
139PORT STATE SERVICE
14021/tcp filtered ftp
14122/tcp filtered ssh
14223/tcp filtered telnet
14380/tcp filtered http
144110/tcp filtered pop3
145143/tcp filtered imap
146443/tcp filtered https
1473389/tcp filtered ms-wbt-server
148
149Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds
150
151######################################################################################################################################
152[INFO] ------TARGET info------
153[*] TARGET: https://www.escueladesuboficiales.cl/
154[*] TARGET IP: 191.234.162.247
155[INFO] NO load balancer detected for www.escueladesuboficiales.cl...
156[*] DNS servers: suboficiales.cloudapp.net. prd1.azuredns-cloud.net.
157[*] TARGET server: Apache
158[*] CC: BR
159[*] Country: Brazil
160[*] RegionCode: SP
161[*] RegionName: Sao Paulo
162[*] City: São Paulo
163[*] ASN: AS8075
164[*] BGP_PREFIX: 191.232.0.0/13
165[*] ISP: MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
166[INFO] SSL/HTTPS certificate detected
167[*] Issuer: issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
168[*] Subject: subject=OU = Domain Control Validated, CN = www.escueladesuboficiales.cl
169[INFO] DNS enumeration:
170[*] ftp.escueladesuboficiales.cl 200.2.201.53
171[*] mail.escueladesuboficiales.cl 200.29.72.34
172[INFO] Possible abuse mails are:
173[*] abuse@afraid.org
174[*] report_spam@hotmail.com
175[INFO] NO PAC (Proxy Auto Configuration) file FOUND
176[INFO] Starting FUZZing in http://www.escueladesuboficiales.cl/FUzZzZzZzZz...
177[INFO] Status code Folders
178[*] 301 http://www.escueladesuboficiales.cl/index
179[*] 301 http://www.escueladesuboficiales.cl/images
180[*] 301 http://www.escueladesuboficiales.cl/download
181[*] 301 http://www.escueladesuboficiales.cl/2006
182[*] 301 http://www.escueladesuboficiales.cl/news
183[*] 301 http://www.escueladesuboficiales.cl/crack
184[*] 301 http://www.escueladesuboficiales.cl/serial
185[*] 301 http://www.escueladesuboficiales.cl/warez
186[*] 301 http://www.escueladesuboficiales.cl/full
187[*] 301 http://www.escueladesuboficiales.cl/12
188[INFO] NO passwords found in source code
189[INFO] SAME content in http://www.escueladesuboficiales.cl/ AND http://191.234.162.247/
190
191Recherche www.escueladesuboficiales.cl
192Connexion HTTPS à www.escueladesuboficiales.cl
193
194lynx : accès impossible au fichier de départ https://www.escueladesuboficiales.cl/
195[INFO] Links found from https://www.escueladesuboficiales.cl/:
196cut: intervalle de champ incorrecte
197Saisissez « cut --help » pour plus d'informations.
198[INFO] Shodan detected the following opened ports on 191.234.162.247:
199[*] 21
200[*] 22
201[*] 443
202[*] 80
203[INFO] ------VirusTotal SECTION------
204[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
205[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
206[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
207[INFO] ------Alexa Rank SECTION------
208[INFO] Percent of Visitors Rank in Country:
209[INFO] Percent of Search Traffic:
210[INFO] Percent of Unique Visits:
211[INFO] Total Sites Linking In:
212[*] Total Sites
213[INFO] Useful links related to www.escueladesuboficiales.cl - 191.234.162.247:
214[*] https://www.virustotal.com/pt/ip-address/191.234.162.247/information/
215[*] https://www.hybrid-analysis.com/search?host=191.234.162.247
216[*] https://www.shodan.io/host/191.234.162.247
217[*] https://www.senderbase.org/lookup/?search_string=191.234.162.247
218[*] https://www.alienvault.com/open-threat-exchange/ip/191.234.162.247
219[*] http://pastebin.com/search?q=191.234.162.247
220[*] http://urlquery.net/search.php?q=191.234.162.247
221[*] http://www.alexa.com/siteinfo/www.escueladesuboficiales.cl
222[*] http://www.google.com/safebrowsing/diagnostic?site=www.escueladesuboficiales.cl
223[*] https://censys.io/ipv4/191.234.162.247
224[*] https://www.abuseipdb.com/check/191.234.162.247
225[*] https://urlscan.io/search/#191.234.162.247
226[*] https://github.com/search?q=191.234.162.247&type=Code
227[INFO] Useful links related to AS8075 - 191.232.0.0/13:
228[*] http://www.google.com/safebrowsing/diagnostic?site=AS:8075
229[*] https://www.senderbase.org/lookup/?search_string=191.232.0.0/13
230[*] http://bgp.he.net/AS8075
231[*] https://stat.ripe.net/AS8075
232[INFO] Date: 20/12/19 | Time: 06:20:18
233[INFO] Total time: 2 minute(s) and 47 second(s)
234#######################################################################################################################################
235Trying "escueladesuboficiales.cl"
236;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42205
237;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 2
238
239;; QUESTION SECTION:
240;escueladesuboficiales.cl. IN ANY
241
242;; ANSWER SECTION:
243escueladesuboficiales.cl. 3600 IN TXT "MS=ms87801505"
244escueladesuboficiales.cl. 3600 IN TXT "c3uoadft14gfrous4nr71p7cha"
245escueladesuboficiales.cl. 3600 IN TXT "v=spf1 a mx ip4:200.29.72.34 ~all"
246escueladesuboficiales.cl. 3600 IN MX 0 barracuda.netglobalis.net.
247escueladesuboficiales.cl. 3600 IN SOA pdns13.domaincontrol.com. dns.jomax.net. 2019101700 28800 7200 604800 600
248escueladesuboficiales.cl. 600 IN A 200.29.72.36
249escueladesuboficiales.cl. 600 IN A 50.63.202.46
250escueladesuboficiales.cl. 3600 IN NS pdns13.domaincontrol.com.
251escueladesuboficiales.cl. 3600 IN NS pdns14.domaincontrol.com.
252
253;; ADDITIONAL SECTION:
254pdns13.domaincontrol.com. 19711 IN A 97.74.110.56
255pdns14.domaincontrol.com. 14727 IN A 173.201.78.56
256
257Received 363 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 66 ms
258#######################################################################################################################################
259
260; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace escueladesuboficiales.cl any
261;; global options: +cmd
262. 83134 IN NS d.root-servers.net.
263. 83134 IN NS h.root-servers.net.
264. 83134 IN NS f.root-servers.net.
265. 83134 IN NS k.root-servers.net.
266. 83134 IN NS j.root-servers.net.
267. 83134 IN NS l.root-servers.net.
268. 83134 IN NS i.root-servers.net.
269. 83134 IN NS g.root-servers.net.
270. 83134 IN NS b.root-servers.net.
271. 83134 IN NS m.root-servers.net.
272. 83134 IN NS e.root-servers.net.
273. 83134 IN NS a.root-servers.net.
274. 83134 IN NS c.root-servers.net.
275. 83134 IN RRSIG NS 8 0 518400 20200101190000 20191219180000 22545 . fzcoCE6wzG7h50tkVBJ5LD8TNSlc7J/yUe9KKgcAt3S6MuBzzrxbFbeO 9Z30o9hdc/xlSu5BGLbVDAQVQKtIAjk67zQljOMcfYYASlxfnvLcdXa3 60JK0jNmwF5fmLkCKz3GWVLSlEgSVwOsgOfqUiK5y9l2kLpe56wmXHxg a/HSB5cghpGSvbvFcsVNNCn/WSH/l3NkSvlG5JZzQqH8FfYwT8msr8kQ gwKqC1l9ATL9fUIWGU5o4U2FVHg+GdYOOY5z9xxSy8x8TtKy7Z2rLu15 HQnO20n2jWO6pckNxb78na/MBYbNwEGkpkbusVFfB8KRqDfyKqlEdrsq KE7jUQ==
276;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 384 ms
277
278cl. 172800 IN NS c.nic.cl.
279cl. 172800 IN NS b.nic.cl.
280cl. 172800 IN NS cl1-tld.d-zone.ca.
281cl. 172800 IN NS a.nic.cl.
282cl. 172800 IN NS cl2-tld.d-zone.ca.
283cl. 172800 IN NS cl1.dnsnode.net.
284cl. 172800 IN NS cl-ns.anycast.pch.net.
285cl. 86400 IN DS 21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
286cl. 86400 IN RRSIG DS 8 1 86400 20200101190000 20191219180000 22545 . i28PK8UEYnUmmwnvXzlXkNa+pPWSyCupzfiBIhwDBnCirzTVR0fOgNf5 3uKShLbqLEQRrKr2KMEhqJYajisVJinwsOICeQWK2ZCKIn5gSSuTEvln Im8n9FT3WdaP4qMwYmls4ajDHrXfdFBru1VirtfNltPRGyYbz1gy7sM0 HqxemuZdXUfuGDhJoFk9iZPnfWxqOAucDlGsmuxrZQbFcuborlmxqhcF QeZGHptTtSB1z3JpGSGydMzuOw1PV+wxEblwmpAm3frCJv/z2oGkVl5v s4lgPzTi0/VT48o+K5W6uPfhI0KnwVhbMZLxcjq/ppPbt8SLnzJinjYl y6WO5w==
287;; Received 862 bytes from 2001:500:12::d0d#53(g.root-servers.net) in 63 ms
288
289escueladesuboficiales.cl. 3600 IN NS pdns13.domaincontrol.com.
290escueladesuboficiales.cl. 3600 IN NS pdns14.domaincontrol.com.
291A2FEC1SM8V6SSLONPF8UOVUO609CSQ57.cl. 900 IN NSEC3 1 1 2 0D8164F2625F6C3B28F87AD62299F6C5 A8OG81CP44TJD461QCLCK1AE27Q3U58C NS SOA TXT RRSIG DNSKEY NSEC3PARAM
292A2FEC1SM8V6SSLONPF8UOVUO609CSQ57.cl. 900 IN RRSIG NSEC3 8 2 900 20200131143818 20191220100023 12363 cl. KmAKygJaiQgmBXRG3QC+l/JapbRzWCjSoZJ/18h9TaFc0TCTlneSYRci sPNj5Ms1pVwGa9sCaFvVDd2GV4FVX3xd5P+MSUpPB3Wk09V6gJF+61ab 7aEn/v96fyfsgUrNsd4doPsRXCyvEConAik9FgznN904uvZgtlnEqIim bPU=
2935DV9FE3N5T9UD62PVACLP758VMISTE5G.cl. 900 IN NSEC3 1 1 2 0D8164F2625F6C3B28F87AD62299F6C5 665V0EL50GJK4SSBAU3KALPCJPDI7E4L NS DS RRSIG
2945DV9FE3N5T9UD62PVACLP758VMISTE5G.cl. 900 IN RRSIG NSEC3 8 2 900 20200202150539 20191220100023 12363 cl. mPTwDewue7W3gGY1+77DoJfcg5MkveBiXH8ZaFrppjkUVV9htGswp2Li YDGRmO43HmZclR6IsX5yEcw/ituqct4qW6Upcr8O2HqIFa+OJRV+ks9r t6idr+PrmRYICTDPuPFkOWy5lUYBGEPk052bQhA+SNmNQFhUaoBKvj4S jEs=
295;; Received 655 bytes from 2001:67c:1010:8::53#53(cl1.dnsnode.net) in 47 ms
296
297escueladesuboficiales.cl. 600 IN A 50.63.202.62
298escueladesuboficiales.cl. 600 IN A 200.29.72.36
299escueladesuboficiales.cl. 3600 IN NS pdns13.domaincontrol.com.
300escueladesuboficiales.cl. 3600 IN NS pdns14.domaincontrol.com.
301escueladesuboficiales.cl. 3600 IN SOA pdns13.domaincontrol.com. dns.jomax.net. 2019101700 28800 7200 604800 600
302escueladesuboficiales.cl. 3600 IN MX 0 barracuda.netglobalis.net.
303escueladesuboficiales.cl. 3600 IN TXT "MS=ms87801505"
304escueladesuboficiales.cl. 3600 IN TXT "v=spf1 a mx ip4:200.29.72.34 ~all"
305escueladesuboficiales.cl. 3600 IN TXT "c3uoadft14gfrous4nr71p7cha"
306;; Received 342 bytes from 173.201.78.56#53(pdns14.domaincontrol.com) in 363 ms
307
308#######################################################################################################################################
309[*] Performing General Enumeration of Domain: escueladesuboficiales.cl
310[-] DNSSEC is not configured for escueladesuboficiales.cl
311[*] SOA pdns13.domaincontrol.com 97.74.110.56
312[*] NS pdns13.domaincontrol.com 97.74.110.56
313[*] NS pdns14.domaincontrol.com 173.201.78.56
314[*] MX barracuda.netglobalis.net 200.2.212.75
315[*] MX barracuda.netglobalis.net 200.29.15.34
316[*] A escueladesuboficiales.cl 50.63.202.62
317[*] A escueladesuboficiales.cl 200.29.72.36
318[*] TXT escueladesuboficiales.cl v=spf1 a mx ip4:200.29.72.34 ~all
319[*] TXT escueladesuboficiales.cl c3uoadft14gfrous4nr71p7cha
320[*] TXT escueladesuboficiales.cl MS=ms87801505
321[*] Enumerating SRV Records
322[-] No SRV Records Found for escueladesuboficiales.cl
323[+] 0 Records Found
324#######################################################################################################################################
325[*] Processing domain escueladesuboficiales.cl
326[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
327[+] Getting nameservers
32897.74.110.56 - pdns13.domaincontrol.com
329173.201.78.56 - pdns14.domaincontrol.com
330[-] Zone transfer failed
331
332[+] TXT records found
333"v=spf1 a mx ip4:200.29.72.34 ~all"
334"c3uoadft14gfrous4nr71p7cha"
335"MS=ms87801505"
336
337[+] MX records found, added to target list
3380 barracuda.netglobalis.net.
339
340[*] Scanning escueladesuboficiales.cl for A records
34150.63.202.62 - escueladesuboficiales.cl
342200.29.72.36 - escueladesuboficiales.cl
343200.2.201.53 - ftp.escueladesuboficiales.cl
344127.0.0.1 - localhost.escueladesuboficiales.cl
345200.29.72.34 - mail.escueladesuboficiales.cl
346200.29.72.34 - pop.escueladesuboficiales.cl
347191.234.162.247 - portal.escueladesuboficiales.cl
348191.234.162.247 - www.escueladesuboficiales.cl
349
350#######################################################################################################################################
351
352 AVAILABLE PLUGINS
353 -----------------
354
355 FallbackScsvPlugin
356 CertificateInfoPlugin
357 OpenSslCipherSuitesPlugin
358 HeartbleedPlugin
359 CompressionPlugin
360 RobotPlugin
361 OpenSslCcsInjectionPlugin
362 HttpHeadersPlugin
363 SessionRenegotiationPlugin
364 SessionResumptionPlugin
365 EarlyDataPlugin
366
367
368
369 CHECKING HOST(S) AVAILABILITY
370 -----------------------------
371
372 191.234.162.247:443 => 191.234.162.247
373
374
375
376
377 SCAN RESULTS FOR 191.234.162.247:443 - 191.234.162.247
378 ------------------------------------------------------
379
380 * TLSV1_3 Cipher Suites:
381 Server rejected all cipher suites.
382
383 * Certificate Information:
384 Content
385 SHA1 Fingerprint: 49e27e3d2838e6e397b8f00c241a68728b183b81
386 Common Name: suboficiales
387 Issuer: suboficiales
388 Serial Number: 4340
389 Not Before: 2018-01-15 01:27:02
390 Not After: 2019-01-15 01:27:02
391 Signature Algorithm: sha256
392 Public Key Algorithm: RSA
393 Key Size: 2048
394 Exponent: 65537 (0x10001)
395 DNS Subject Alternative Names: []
396
397 Trust
398 Hostname Validation: FAILED - Certificate does NOT match 191.234.162.247
399 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
400 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
401 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
402 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
403 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
404 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
405 Received Chain: suboficiales
406 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
407 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
408 Received Chain Order: OK - Order is valid
409 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
410
411 Extensions
412 OCSP Must-Staple: NOT SUPPORTED - Extension not found
413 Certificate Transparency: NOT SUPPORTED - Extension not found
414
415 OCSP Stapling
416 NOT SUPPORTED - Server did not send back an OCSP response
417
418 * Session Renegotiation:
419 Client-initiated Renegotiation: OK - Rejected
420 Secure Renegotiation: OK - Supported
421
422 * Downgrade Attacks:
423 TLS_FALLBACK_SCSV: OK - Supported
424
425 * TLSV1_1 Cipher Suites:
426 Forward Secrecy OK - Supported
427 RC4 INSECURE - Supported
428
429 Preferred:
430 None - Server followed client cipher suite preference.
431 Accepted:
432 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
433 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
434 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
435 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
436 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
437 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
438 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
439 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
440 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
441 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
442 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
443 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
444 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
445 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
446 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
447 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
448
449 * ROBOT Attack:
450 OK - Not vulnerable
451
452 * TLS 1.2 Session Resumption Support:
453 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
454 With TLS Tickets: OK - Supported
455
456 * OpenSSL Heartbleed:
457 OK - Not vulnerable to Heartbleed
458
459 * TLSV1_2 Cipher Suites:
460 Forward Secrecy OK - Supported
461 RC4 INSECURE - Supported
462
463 Preferred:
464 None - Server followed client cipher suite preference.
465 Accepted:
466 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
467 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
468 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
469 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
470 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
471 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
472 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
473 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
474 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
475 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
476 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
477 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
478 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
479 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 403 Forbidden
480 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
481 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
482 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
483 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
484 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
485 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
486 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
487 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
488 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
489 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
490 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
491 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
492 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
493 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
494 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
495
496 * Deflate Compression:
497 OK - Compression disabled
498
499 * OpenSSL CCS Injection:
500 OK - Not vulnerable to OpenSSL CCS injection
501
502 * SSLV2 Cipher Suites:
503 Server rejected all cipher suites.
504
505 * TLSV1 Cipher Suites:
506 Forward Secrecy OK - Supported
507 RC4 INSECURE - Supported
508
509 Preferred:
510 None - Server followed client cipher suite preference.
511 Accepted:
512 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
513 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
514 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
515 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
516 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
517 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
518 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
519 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
520 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
522 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
523 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
524 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
525 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
526 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
527 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
528
529 * SSLV3 Cipher Suites:
530 Forward Secrecy OK - Supported
531 RC4 INSECURE - Supported
532
533 Preferred:
534 None - Server followed client cipher suite preference.
535 Accepted:
536 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
537 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
538 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
539 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
540 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
541 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
542 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
543 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
544 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
545 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
546 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
547 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
548 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
549 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
550 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
551 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
552
553
554 SCAN COMPLETED IN 52.69 S
555 -------------------------
556#######################################################################################################################################
557Domains still to check: 1
558 Checking if the hostname escueladesuboficiales.cl. given is in fact a domain...
559
560Analyzing domain: escueladesuboficiales.cl.
561 Checking NameServers using system default resolver...
562 IP: 97.74.110.56 (United States)
563 HostName: pdns13.domaincontrol.com Type: NS
564 HostName: pdns13.domaincontrol.com Type: PTR
565 IP: 173.201.78.56 (United States)
566 HostName: pdns14.domaincontrol.com Type: NS
567 HostName: pdns14.domaincontrol.com Type: PTR
568
569 Checking MailServers using system default resolver...
570 IP: 200.2.212.75 (Chile)
571 HostName: barracuda.netglobalis.net Type: MX
572 HostName: barracuda1.netglobalis.net Type: PTR
573 IP: 200.29.15.34 (Chile)
574 HostName: barracuda.netglobalis.net Type: MX
575 HostName: barracuda2.netglobalis.net Type: PTR
576
577 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
578 No zone transfer found on nameserver 173.201.78.56
579 No zone transfer found on nameserver 97.74.110.56
580
581 Checking SPF record...
582 New IP found: 200.29.72.34
583
584 Checking 192 most common hostnames using system default resolver...
585 IP: 191.234.162.247 (Brazil)
586 HostName: www.escueladesuboficiales.cl. Type: A
587 IP: 200.2.201.53 (Chile)
588 HostName: ftp.escueladesuboficiales.cl. Type: A
589 IP: 200.29.72.34 (Chile)
590 Type: SPF
591 HostName: mail.escueladesuboficiales.cl. Type: A
592 HostName: new-front.ejercito.cl Type: PTR
593 IP: 200.29.72.34 (Chile)
594 Type: SPF
595 HostName: mail.escueladesuboficiales.cl. Type: A
596 HostName: new-front.ejercito.cl Type: PTR
597 HostName: pop.escueladesuboficiales.cl. Type: A
598
599 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
600 Checking netblock 173.201.78.0
601 Checking netblock 191.234.162.0
602 Checking netblock 200.2.201.0
603 Checking netblock 97.74.110.0
604 Checking netblock 200.29.72.0
605 Checking netblock 200.29.15.0
606 Checking netblock 200.2.212.0
607
608 Searching for escueladesuboficiales.cl. emails in Google
609
610 Checking 7 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
611 Host 173.201.78.56 is up (echo-reply ttl 54)
612 Host 191.234.162.247 is up (reset ttl 64)
613 Host 200.2.201.53 is up (reset ttl 64)
614 Host 97.74.110.56 is up (reset ttl 64)
615 Host 200.29.72.34 is up (reset ttl 64)
616 Host 200.29.15.34 is up (reset ttl 64)
617 Host 200.2.212.75 is up (reset ttl 64)
618
619 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
620 Scanning ip 173.201.78.56 (pdns14.domaincontrol.com (PTR)):
621 53/tcp open tcpwrapped syn-ack ttl 47
622 Scanning ip 191.234.162.247 (www.escueladesuboficiales.cl.):
623 21/tcp open ftp syn-ack ttl 43 vsftpd 2.2.2
624 22/tcp open ssh syn-ack ttl 43 OpenSSH 5.3 (protocol 2.0)
625 | ssh-hostkey:
626 | 1024 93:bf:2d:15:e9:3c:8e:64:df:4b:1f:2b:cc:a3:a8:ab (DSA)
627 |_ 2048 85:f2:7b:05:17:1b:40:cb:af:4a:84:f9:4f:a8:74:07 (RSA)
628 80/tcp open http syn-ack ttl 43 Apache httpd
629 | http-methods:
630 |_ Supported Methods: GET HEAD POST OPTIONS
631 |_http-server-header: Apache
632 |_http-title: Did not follow redirect to https://191.234.162.247/
633 |_https-redirect: ERROR: Script execution failed (use -d to debug)
634 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
635 | ssl-cert: Subject: commonName=suboficiales/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
636 | Issuer: commonName=suboficiales/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
637 | Public Key type: rsa
638 | Public Key bits: 2048
639 | Signature Algorithm: sha256WithRSAEncryption
640 | Not valid before: 2018-01-15T01:27:02
641 | Not valid after: 2019-01-15T01:27:02
642 | MD5: 43dc c23f 0541 e947 2e98 f43c a4a8 adda
643 |_SHA-1: 49e2 7e3d 2838 e6e3 97b8 f00c 241a 6872 8b18 3b81
644 |_ssl-date: 2019-12-20T11:32:36+00:00; -2m33s from scanner time.
645 Running (JUST GUESSING): Linux 2.6.X|3.X (91%)
646 OS Info: Service Info: OS: Unix
647 |_clock-skew: -2m33s
648 Scanning ip 200.2.201.53 (ftp.escueladesuboficiales.cl.):
649 Scanning ip 97.74.110.56 (pdns13.domaincontrol.com (PTR)):
650 53/tcp open tcpwrapped syn-ack ttl 49
651 Scanning ip 200.29.72.34 (pop.escueladesuboficiales.cl.):
652 Scanning ip 200.29.15.34 (barracuda2.netglobalis.net (PTR)):
653 443/tcp open ssl/http syn-ack ttl 51 nginx
654 |_http-favicon: Unknown favicon MD5: EEB82041F5921BC49ED723997A5BF35F
655 | http-methods:
656 |_ Supported Methods: GET HEAD
657 | http-robots.txt: 1 disallowed entry
658 |_/
659 |_http-server-header: BarracudaHTTP 4.0
660 |_http-title: Site doesn't have a title (text/html).
661 | ssl-cert: Subject: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
662 | Issuer: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
663 | Public Key type: rsa
664 | Public Key bits: 1024
665 | Signature Algorithm: sha1WithRSAEncryption
666 | Not valid before: 2011-09-29T14:32:57
667 | Not valid after: 2031-09-24T14:32:57
668 | MD5: be5b 6b52 780d 35f1 392f 45d9 6beb 868c
669 |_SHA-1: 51f7 9008 06f0 783f 09d4 5d50 17a8 9322 afeb 3fc3
670 |_ssl-date: TLS randomness does not represent time
671 587/tcp open smtp syn-ack ttl 51
672 | fingerprint-strings:
673 | GenericLines, GetRequest:
674 | 220 MX NGL ESMTP
675 | Syntax error, command unrecognized
676 Scanning ip 200.2.212.75 (barracuda1.netglobalis.net (PTR)):
677 443/tcp open ssl/http syn-ack ttl 49 nginx
678 |_http-favicon: Unknown favicon MD5: EEB82041F5921BC49ED723997A5BF35F
679 | http-methods:
680 |_ Supported Methods: GET HEAD
681 | http-robots.txt: 1 disallowed entry
682 |_/
683 |_http-server-header: BarracudaHTTP 4.0
684 |_http-title: Site doesn't have a title (text/html).
685 | ssl-cert: Subject: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
686 | Issuer: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
687 | Public Key type: rsa
688 | Public Key bits: 1024
689 | Signature Algorithm: sha1WithRSAEncryption
690 | Not valid before: 2011-09-29T14:32:57
691 | Not valid after: 2031-09-24T14:32:57
692 | MD5: be5b 6b52 780d 35f1 392f 45d9 6beb 868c
693 |_SHA-1: 51f7 9008 06f0 783f 09d4 5d50 17a8 9322 afeb 3fc3
694 |_ssl-date: TLS randomness does not represent time
695 587/tcp open smtp syn-ack ttl 50
696 | fingerprint-strings:
697 | GenericLines, GetRequest:
698 | 220 barracuda.netglobalis.net ESMTP
699 | Syntax error, command unrecognized
700 WebCrawling domain's web servers... up to 50 max links.
701
702 + URL to crawl: http://www.escueladesuboficiales.cl.
703 + Date: 2019-12-20
704
705 + Crawling URL: http://www.escueladesuboficiales.cl.:
706 + Links:
707 + Crawling http://www.escueladesuboficiales.cl. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
708 + Searching for directories...
709 + Searching open folders...
710
711
712 + URL to crawl: https://www.escueladesuboficiales.cl.
713 + Date: 2019-12-20
714
715 + Crawling URL: https://www.escueladesuboficiales.cl.:
716 + Links:
717 + Crawling https://www.escueladesuboficiales.cl. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
718 + Searching for directories...
719 + Searching open folders...
720
721
722 + URL to crawl: https://barracuda.netglobalis.net
723 + Date: 2019-12-20
724
725 + Crawling URL: https://barracuda.netglobalis.net:
726 + Links:
727 + Crawling https://barracuda.netglobalis.net ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
728 + Searching for directories...
729 + Searching open folders...
730
731
732 + URL to crawl: https://barracuda.netglobalis.net
733 + Date: 2019-12-20
734
735 + Crawling URL: https://barracuda.netglobalis.net:
736 + Links:
737 + Crawling https://barracuda.netglobalis.net ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
738 + Searching for directories...
739 + Searching open folders...
740
741--Finished--
742Summary information for domain escueladesuboficiales.cl.
743-----------------------------------------
744
745 Domain Ips Information:
746 IP: 173.201.78.56
747 HostName: pdns14.domaincontrol.com Type: NS
748 HostName: pdns14.domaincontrol.com Type: PTR
749 Country: United States
750 Is Active: True (echo-reply ttl 54)
751 Port: 53/tcp open tcpwrapped syn-ack ttl 47
752 IP: 191.234.162.247
753 HostName: www.escueladesuboficiales.cl. Type: A
754 Country: Brazil
755 Is Active: True (reset ttl 64)
756 Port: 21/tcp open ftp syn-ack ttl 43 vsftpd 2.2.2
757 Port: 22/tcp open ssh syn-ack ttl 43 OpenSSH 5.3 (protocol 2.0)
758 Script Info: | ssh-hostkey:
759 Script Info: | 1024 93:bf:2d:15:e9:3c:8e:64:df:4b:1f:2b:cc:a3:a8:ab (DSA)
760 Script Info: |_ 2048 85:f2:7b:05:17:1b:40:cb:af:4a:84:f9:4f:a8:74:07 (RSA)
761 Port: 80/tcp open http syn-ack ttl 43 Apache httpd
762 Script Info: | http-methods:
763 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
764 Script Info: |_http-server-header: Apache
765 Script Info: |_http-title: Did not follow redirect to https://191.234.162.247/
766 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
767 Port: 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
768 Script Info: | ssl-cert: Subject: commonName=suboficiales/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
769 Script Info: | Issuer: commonName=suboficiales/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
770 Script Info: | Public Key type: rsa
771 Script Info: | Public Key bits: 2048
772 Script Info: | Signature Algorithm: sha256WithRSAEncryption
773 Script Info: | Not valid before: 2018-01-15T01:27:02
774 Script Info: | Not valid after: 2019-01-15T01:27:02
775 Script Info: | MD5: 43dc c23f 0541 e947 2e98 f43c a4a8 adda
776 Script Info: |_SHA-1: 49e2 7e3d 2838 e6e3 97b8 f00c 241a 6872 8b18 3b81
777 Script Info: |_ssl-date: 2019-12-20T11:32:36+00:00; -2m33s from scanner time.
778 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (91%)
779 Os Info: OS: Unix
780 Script Info: |_clock-skew: -2m33s
781 IP: 200.2.201.53
782 HostName: ftp.escueladesuboficiales.cl. Type: A
783 Country: Chile
784 Is Active: True (reset ttl 64)
785 IP: 97.74.110.56
786 HostName: pdns13.domaincontrol.com Type: NS
787 HostName: pdns13.domaincontrol.com Type: PTR
788 Country: United States
789 Is Active: True (reset ttl 64)
790 Port: 53/tcp open tcpwrapped syn-ack ttl 49
791 IP: 200.29.72.34
792 Type: SPF
793 HostName: mail.escueladesuboficiales.cl. Type: A
794 HostName: new-front.ejercito.cl Type: PTR
795 HostName: pop.escueladesuboficiales.cl. Type: A
796 Country: Chile
797 Is Active: True (reset ttl 64)
798 IP: 200.29.15.34
799 HostName: barracuda.netglobalis.net Type: MX
800 HostName: barracuda2.netglobalis.net Type: PTR
801 Country: Chile
802 Is Active: True (reset ttl 64)
803 Port: 443/tcp open ssl/http syn-ack ttl 51 nginx
804 Script Info: |_http-favicon: Unknown favicon MD5: EEB82041F5921BC49ED723997A5BF35F
805 Script Info: | http-methods:
806 Script Info: |_ Supported Methods: GET HEAD
807 Script Info: | http-robots.txt: 1 disallowed entry
808 Script Info: |_/
809 Script Info: |_http-server-header: BarracudaHTTP 4.0
810 Script Info: |_http-title: Site doesn't have a title (text/html).
811 Script Info: | ssl-cert: Subject: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
812 Script Info: | Issuer: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
813 Script Info: | Public Key type: rsa
814 Script Info: | Public Key bits: 1024
815 Script Info: | Signature Algorithm: sha1WithRSAEncryption
816 Script Info: | Not valid before: 2011-09-29T14:32:57
817 Script Info: | Not valid after: 2031-09-24T14:32:57
818 Script Info: | MD5: be5b 6b52 780d 35f1 392f 45d9 6beb 868c
819 Script Info: |_SHA-1: 51f7 9008 06f0 783f 09d4 5d50 17a8 9322 afeb 3fc3
820 Script Info: |_ssl-date: TLS randomness does not represent time
821 Port: 587/tcp open smtp syn-ack ttl 51
822 Script Info: | fingerprint-strings:
823 Script Info: | GenericLines, GetRequest:
824 Script Info: | 220 MX NGL ESMTP
825 Script Info: | Syntax error, command unrecognized
826 IP: 200.2.212.75
827 HostName: barracuda.netglobalis.net Type: MX
828 HostName: barracuda1.netglobalis.net Type: PTR
829 Country: Chile
830 Is Active: True (reset ttl 64)
831 Port: 443/tcp open ssl/http syn-ack ttl 49 nginx
832 Script Info: |_http-favicon: Unknown favicon MD5: EEB82041F5921BC49ED723997A5BF35F
833 Script Info: | http-methods:
834 Script Info: |_ Supported Methods: GET HEAD
835 Script Info: | http-robots.txt: 1 disallowed entry
836 Script Info: |_/
837 Script Info: |_http-server-header: BarracudaHTTP 4.0
838 Script Info: |_http-title: Site doesn't have a title (text/html).
839 Script Info: | ssl-cert: Subject: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
840 Script Info: | Issuer: commonName=Barracuda/emailAddress=sales@barracuda.com/organizationName=Barracuda Networks/stateOrProvinceName=California/countryName=US
841 Script Info: | Public Key type: rsa
842 Script Info: | Public Key bits: 1024
843 Script Info: | Signature Algorithm: sha1WithRSAEncryption
844 Script Info: | Not valid before: 2011-09-29T14:32:57
845 Script Info: | Not valid after: 2031-09-24T14:32:57
846 Script Info: | MD5: be5b 6b52 780d 35f1 392f 45d9 6beb 868c
847 Script Info: |_SHA-1: 51f7 9008 06f0 783f 09d4 5d50 17a8 9322 afeb 3fc3
848 Script Info: |_ssl-date: TLS randomness does not represent time
849 Port: 587/tcp open smtp syn-ack ttl 50
850 Script Info: | fingerprint-strings:
851 Script Info: | GenericLines, GetRequest:
852 Script Info: | 220 barracuda.netglobalis.net ESMTP
853 Script Info: | Syntax error, command unrecognized
854
855--------------End Summary --------------
856-----------------------------------------
857#######################################################################################################################################
858----- escueladesuboficiales.cl -----
859
860
861Host's addresses:
862__________________
863
864escueladesuboficiales.cl. 600 IN A 200.29.72.36
865escueladesuboficiales.cl. 600 IN A 184.168.221.40
866
867
868Name Servers:
869______________
870
871pdns14.domaincontrol.com. 85364 IN A 173.201.78.56
872pdns13.domaincontrol.com. 85357 IN A 97.74.110.56
873
874
875Mail (MX) Servers:
876___________________
877
878barracuda.netglobalis.net. 52191 IN A 200.2.212.75
879barracuda.netglobalis.net. 52191 IN A 200.29.15.34
880
881
882
883Google Results:
884________________
885
886 perhaps Google is blocking our queries.
887 Check manually.
888
889
890Brute forcing with /usr/share/dnsenum/dns.txt:
891_______________________________________________
892
893ftp.escueladesuboficiales.cl. 2305 IN A 200.2.201.53
894mail.escueladesuboficiales.cl. 2280 IN A 200.29.72.34
895pop.escueladesuboficiales.cl. 2521 IN A 200.29.72.34
896portal.escueladesuboficiales.cl. 2520 IN CNAME suboficiales.cloudapp.net.
897suboficiales.cloudapp.net. 10 IN A 191.234.162.247
898www.escueladesuboficiales.cl. 1937 IN CNAME suboficiales.cloudapp.net.
899suboficiales.cloudapp.net. 10 IN A 191.234.162.247
900
901
902Launching Whois Queries:
903_________________________
904
905 whois ip result: 184.168.221.0 -> 184.168.0.0/16
906 whois ip result: 200.2.201.0 -> 200.2.192.0/19
907 whois ip result: 200.29.72.0 -> 200.29.64.0/19
908
909
910escueladesuboficiales.cl________________________
911
912 200.29.64.0/19
913 200.2.192.0/19
914 184.168.0.0/16
915#######################################################################################################################################
916URLCrazy Domain Report
917Domain : www.escueladesuboficiales.cl
918Keyboard : qwerty
919At : 2019-12-20 06:19:08 -0500
920
921# Please wait. 335 hostnames to process
922
923Typo Type Typo DNS-A CC-A DNS-MX Extn
924---------------------------------------------------------------------------------------------------------------------------------
925Character Omission ww.escueladesuboficiales.cl ? cl
926Character Omission www.ecueladesuboficiales.cl ? cl
927Character Omission www.esceladesuboficiales.cl ? cl
928Character Omission www.escueadesuboficiales.cl ? cl
929Character Omission www.escueladesboficiales.cl ? cl
930Character Omission www.escueladesubficiales.cl ? cl
931Character Omission www.escueladesubofciales.cl ? cl
932Character Omission www.escueladesuboficales.cl ? cl
933Character Omission www.escueladesuboficiaes.cl ? cl
934Character Omission www.escueladesuboficiale.cl ? cl
935Character Omission www.escueladesuboficials.cl ? cl
936Character Omission www.escueladesuboficiles.cl ? cl
937Character Omission www.escueladesubofiiales.cl ? cl
938Character Omission www.escueladesuboiciales.cl ? cl
939Character Omission www.escueladesuoficiales.cl ? cl
940Character Omission www.escueladeuboficiales.cl ? cl
941Character Omission www.escueladsuboficiales.cl ? cl
942Character Omission www.escuelaesuboficiales.cl ? cl
943Character Omission www.escueldesuboficiales.cl ? cl
944Character Omission www.esculadesuboficiales.cl ? cl
945Character Omission www.esueladesuboficiales.cl ? cl
946Character Omission www.scueladesuboficiales.cl ? cl
947Character Omission wwwescueladesuboficiales.cl ? cl
948Character Repeat www.eescueladesuboficiales.cl ? cl
949Character Repeat www.esccueladesuboficiales.cl ? cl
950Character Repeat www.escueeladesuboficiales.cl ? cl
951Character Repeat www.escuelaadesuboficiales.cl ? cl
952Character Repeat www.escueladdesuboficiales.cl ? cl
953Character Repeat www.escueladeesuboficiales.cl ? cl
954Character Repeat www.escueladessuboficiales.cl ? cl
955Character Repeat www.escueladesubboficiales.cl ? cl
956Character Repeat www.escueladesubofficiales.cl ? cl
957Character Repeat www.escueladesuboficciales.cl ? cl
958Character Repeat www.escueladesuboficiaales.cl ? cl
959Character Repeat www.escueladesuboficialees.cl ? cl
960Character Repeat www.escueladesuboficialess.cl ? cl
961Character Repeat www.escueladesuboficialles.cl ? cl
962Character Repeat www.escueladesuboficiiales.cl ? cl
963Character Repeat www.escueladesubofiiciales.cl ? cl
964Character Repeat www.escueladesubooficiales.cl ? cl
965Character Repeat www.escueladesuuboficiales.cl ? cl
966Character Repeat www.escuelladesuboficiales.cl ? cl
967Character Repeat www.escuueladesuboficiales.cl ? cl
968Character Repeat www.esscueladesuboficiales.cl ? cl
969Character Repeat wwww.escueladesuboficiales.cl ? cl
970Character Swap ww.wescueladesuboficiales.cl ? cl
971Character Swap www.ecsueladesuboficiales.cl ? cl
972Character Swap www.esceuladesuboficiales.cl ? cl
973Character Swap www.escuealdesuboficiales.cl ? cl
974Character Swap www.escueladesbuoficiales.cl ? cl
975Character Swap www.escueladesubfoiciales.cl ? cl
976Character Swap www.escueladesubofciiales.cl ? cl
977Character Swap www.escueladesuboficailes.cl ? cl
978Character Swap www.escueladesuboficiaels.cl ? cl
979Character Swap www.escueladesuboficiales.lc ? lc
980Character Swap www.escueladesuboficialse.cl ? cl
981Character Swap www.escueladesuboficilaes.cl ? cl
982Character Swap www.escueladesubofiicales.cl ? cl
983Character Swap www.escueladesuboifciales.cl ? cl
984Character Swap www.escueladesuobficiales.cl ? cl
985Character Swap www.escueladeusboficiales.cl ? cl
986Character Swap www.escueladseuboficiales.cl ? cl
987Character Swap www.escuelaedsuboficiales.cl ? cl
988Character Swap www.escueldaesuboficiales.cl ? cl
989Character Swap www.esculeadesuboficiales.cl ? cl
990Character Swap www.esuceladesuboficiales.cl ? cl
991Character Swap www.secueladesuboficiales.cl ? cl
992Character Swap wwwe.scueladesuboficiales.cl ? cl
993Character Replacement eww.escueladesuboficiales.cl ? cl
994Character Replacement qww.escueladesuboficiales.cl ? cl
995Character Replacement wew.escueladesuboficiales.cl ? cl
996Character Replacement wqw.escueladesuboficiales.cl ? cl
997Character Replacement wwe.escueladesuboficiales.cl ? cl
998Character Replacement wwq.escueladesuboficiales.cl ? cl
999Character Replacement www.eacueladesuboficiales.cl ? cl
1000Character Replacement www.edcueladesuboficiales.cl ? cl
1001Character Replacement www.escieladesuboficiales.cl ? cl
1002Character Replacement www.escuekadesuboficiales.cl ? cl
1003Character Replacement www.escueladeauboficiales.cl ? cl
1004Character Replacement www.escueladeduboficiales.cl ? cl
1005Character Replacement www.escueladesiboficiales.cl ? cl
1006Character Replacement www.escueladesubificiales.cl ? cl
1007Character Replacement www.escueladesubodiciales.cl ? cl
1008Character Replacement www.escueladesuboficiakes.cl ? cl
1009Character Replacement www.escueladesuboficialea.cl ? cl
1010Character Replacement www.escueladesuboficialed.cl ? cl
1011Character Replacement www.escueladesuboficialrs.cl ? cl
1012Character Replacement www.escueladesuboficialws.cl ? cl
1013Character Replacement www.escueladesuboficisles.cl ? cl
1014Character Replacement www.escueladesuboficoales.cl ? cl
1015Character Replacement www.escueladesuboficuales.cl ? cl
1016Character Replacement www.escueladesubofiviales.cl ? cl
1017Character Replacement www.escueladesubofixiales.cl ? cl
1018Character Replacement www.escueladesubofociales.cl ? cl
1019Character Replacement www.escueladesubofuciales.cl ? cl
1020Character Replacement www.escueladesubogiciales.cl ? cl
1021Character Replacement www.escueladesubpficiales.cl ? cl
1022Character Replacement www.escueladesunoficiales.cl ? cl
1023Character Replacement www.escueladesuvoficiales.cl ? cl
1024Character Replacement www.escueladesyboficiales.cl ? cl
1025Character Replacement www.escueladrsuboficiales.cl ? cl
1026Character Replacement www.escueladwsuboficiales.cl ? cl
1027Character Replacement www.escuelafesuboficiales.cl ? cl
1028Character Replacement www.escuelasesuboficiales.cl ? cl
1029Character Replacement www.escuelsdesuboficiales.cl ? cl
1030Character Replacement www.escurladesuboficiales.cl ? cl
1031Character Replacement www.escuwladesuboficiales.cl ? cl
1032Character Replacement www.escyeladesuboficiales.cl ? cl
1033Character Replacement www.esvueladesuboficiales.cl ? cl
1034Character Replacement www.esxueladesuboficiales.cl ? cl
1035Character Replacement www.rscueladesuboficiales.cl ? cl
1036Character Replacement www.wscueladesuboficiales.cl ? cl
1037Double Character Replacement eew.escueladesuboficiales.cl ? cl
1038Double Character Replacement qqw.escueladesuboficiales.cl ? cl
1039Double Character Replacement wee.escueladesuboficiales.cl ? cl
1040Double Character Replacement wqq.escueladesuboficiales.cl ? cl
1041Character Insertion weww.escueladesuboficiales.cl ? cl
1042Character Insertion wqww.escueladesuboficiales.cl ? cl
1043Character Insertion wwew.escueladesuboficiales.cl ? cl
1044Character Insertion wwqw.escueladesuboficiales.cl ? cl
1045Character Insertion www.erscueladesuboficiales.cl ? cl
1046Character Insertion www.esacueladesuboficiales.cl ? cl
1047Character Insertion www.escueladersuboficiales.cl ? cl
1048Character Insertion www.escueladesauboficiales.cl ? cl
1049Character Insertion www.escueladesduboficiales.cl ? cl
1050Character Insertion www.escueladesubnoficiales.cl ? cl
1051Character Insertion www.escueladesubofdiciales.cl ? cl
1052Character Insertion www.escueladesubofgiciales.cl ? cl
1053Character Insertion www.escueladesuboficialers.cl ? cl
1054Character Insertion www.escueladesuboficialesa.cl ? cl
1055Character Insertion www.escueladesuboficialesd.cl ? cl
1056Character Insertion www.escueladesuboficialews.cl ? cl
1057Character Insertion www.escueladesuboficialkes.cl ? cl
1058Character Insertion www.escueladesuboficiasles.cl ? cl
1059Character Insertion www.escueladesuboficioales.cl ? cl
1060Character Insertion www.escueladesuboficiuales.cl ? cl
1061Character Insertion www.escueladesuboficviales.cl ? cl
1062Character Insertion www.escueladesuboficxiales.cl ? cl
1063Character Insertion www.escueladesubofiociales.cl ? cl
1064Character Insertion www.escueladesubofiuciales.cl ? cl
1065Character Insertion www.escueladesuboificiales.cl ? cl
1066Character Insertion www.escueladesubopficiales.cl ? cl
1067Character Insertion www.escueladesubvoficiales.cl ? cl
1068Character Insertion www.escueladesuiboficiales.cl ? cl
1069Character Insertion www.escueladesuyboficiales.cl ? cl
1070Character Insertion www.escueladewsuboficiales.cl ? cl
1071Character Insertion www.escueladfesuboficiales.cl ? cl
1072Character Insertion www.escueladsesuboficiales.cl ? cl
1073Character Insertion www.escuelasdesuboficiales.cl ? cl
1074Character Insertion www.escuelkadesuboficiales.cl ? cl
1075Character Insertion www.escuerladesuboficiales.cl ? cl
1076Character Insertion www.escuewladesuboficiales.cl ? cl
1077Character Insertion www.escuieladesuboficiales.cl ? cl
1078Character Insertion www.escuyeladesuboficiales.cl ? cl
1079Character Insertion www.escvueladesuboficiales.cl ? cl
1080Character Insertion www.escxueladesuboficiales.cl ? cl
1081Character Insertion www.esdcueladesuboficiales.cl ? cl
1082Character Insertion www.ewscueladesuboficiales.cl ? cl
1083Character Insertion wwwe.escueladesuboficiales.cl ? cl
1084Character Insertion wwwq.escueladesuboficiales.cl ? cl
1085Missing Dot wwwwww.escueladesuboficiales.cl ? cl
1086Singular or Pluralise escueladesuboficiale.cl ? cl
1087Singular or Pluralise escueladesuboficiales.cl 50.63.202.62 US,UNITED STATES barracuda.netglobalis.net cl
1088Vowel Swap www.ascualadasuboficialas.cl ? cl
1089Vowel Swap www.escaeladesaboficiales.cl ? cl
1090Vowel Swap www.esceeladeseboficiales.cl ? cl
1091Vowel Swap www.escieladesiboficiales.cl ? cl
1092Vowel Swap www.escoeladesoboficiales.cl ? cl
1093Vowel Swap www.escueladesubaficiales.cl ? cl
1094Vowel Swap www.escueladesubeficiales.cl ? cl
1095Vowel Swap www.escueladesubofacaales.cl ? cl
1096Vowel Swap www.escueladesubofeceales.cl ? cl
1097Vowel Swap www.escueladesubofocoales.cl ? cl
1098Vowel Swap www.escueladesubofucuales.cl ? cl
1099Vowel Swap www.escueladesubuficiales.cl ? cl
1100Vowel Swap www.escueledesuboficieles.cl ? cl
1101Vowel Swap www.escuelidesuboficiiles.cl ? cl
1102Vowel Swap www.escuelodesuboficioles.cl ? cl
1103Vowel Swap www.escueludesuboficiules.cl ? cl
1104Vowel Swap www.iscuiladisuboficialis.cl ? cl
1105Vowel Swap www.oscuoladosuboficialos.cl ? cl
1106Vowel Swap www.uscuuladusuboficialus.cl ? cl
1107Homophones www.escueladesubofayecayeales.cl ? cl
1108Homophones www.escueladesubofeyeceyeales.cl ? cl
1109Homophones www.escueladesuboficiails.cl ? cl
1110Homophones www.escuelaidsuboficiales.cl ? cl
1111Homophones www.esqueueladesuboficiales.cl ? cl
1112Bit Flipping 7ww.escueladesuboficiales.cl ? cl
1113Bit Flipping gww.escueladesuboficiales.cl ? cl
1114Bit Flipping sww.escueladesuboficiales.cl ? cl
1115Bit Flipping uww.escueladesuboficiales.cl ? cl
1116Bit Flipping vww.escueladesuboficiales.cl ? cl
1117Bit Flipping w7w.escueladesuboficiales.cl ? cl
1118Bit Flipping wgw.escueladesuboficiales.cl ? cl
1119Bit Flipping wsw.escueladesuboficiales.cl ? cl
1120Bit Flipping wuw.escueladesuboficiales.cl ? cl
1121Bit Flipping wvw.escueladesuboficiales.cl ? cl
1122Bit Flipping ww7.escueladesuboficiales.cl ? cl
1123Bit Flipping wwg.escueladesuboficiales.cl ? cl
1124Bit Flipping wws.escueladesuboficiales.cl ? cl
1125Bit Flipping wwu.escueladesuboficiales.cl ? cl
1126Bit Flipping wwv.escueladesuboficiales.cl ? cl
1127Bit Flipping www.ascueladesuboficiales.cl ? cl
1128Bit Flipping www.dscueladesuboficiales.cl ? cl
1129Bit Flipping www.e3cueladesuboficiales.cl ? cl
1130Bit Flipping www.eccueladesuboficiales.cl ? cl
1131Bit Flipping www.eqcueladesuboficiales.cl ? cl
1132Bit Flipping www.ercueladesuboficiales.cl ? cl
1133Bit Flipping www.esaueladesuboficiales.cl ? cl
1134Bit Flipping www.esbueladesuboficiales.cl ? cl
1135Bit Flipping www.esc5eladesuboficiales.cl ? cl
1136Bit Flipping www.esceeladesuboficiales.cl ? cl
1137Bit Flipping www.escqeladesuboficiales.cl ? cl
1138Bit Flipping www.escteladesuboficiales.cl ? cl
1139Bit Flipping www.escualadesuboficiales.cl ? cl
1140Bit Flipping www.escudladesuboficiales.cl ? cl
1141Bit Flipping www.escuedadesuboficiales.cl ? cl
1142Bit Flipping www.escuehadesuboficiales.cl ? cl
1143Bit Flipping www.escueladasuboficiales.cl ? cl
1144Bit Flipping www.escueladdsuboficiales.cl ? cl
1145Bit Flipping www.escuelade3uboficiales.cl ? cl
1146Bit Flipping www.escueladecuboficiales.cl ? cl
1147Bit Flipping www.escueladequboficiales.cl ? cl
1148Bit Flipping www.escueladeruboficiales.cl ? cl
1149Bit Flipping www.escuelades5boficiales.cl ? cl
1150Bit Flipping www.escueladeseboficiales.cl ? cl
1151Bit Flipping www.escueladesqboficiales.cl ? cl
1152Bit Flipping www.escueladestboficiales.cl ? cl
1153Bit Flipping www.escueladesubgficiales.cl ? cl
1154Bit Flipping www.escueladesubkficiales.cl ? cl
1155Bit Flipping www.escueladesubmficiales.cl ? cl
1156Bit Flipping www.escueladesubnficiales.cl ? cl
1157Bit Flipping www.escueladesubobiciales.cl ? cl
1158Bit Flipping www.escueladesubofaciales.cl ? cl
1159Bit Flipping www.escueladesubofhciales.cl ? cl
1160Bit Flipping www.escueladesubofiaiales.cl ? cl
1161Bit Flipping www.escueladesubofibiales.cl ? cl
1162Bit Flipping www.escueladesuboficaales.cl ? cl
1163Bit Flipping www.escueladesubofichales.cl ? cl
1164Bit Flipping www.escueladesuboficiades.cl ? cl
1165Bit Flipping www.escueladesuboficiahes.cl ? cl
1166Bit Flipping www.escueladesuboficialas.cl ? cl
1167Bit Flipping www.escueladesuboficialds.cl ? cl
1168Bit Flipping www.escueladesuboficiale3.cl ? cl
1169Bit Flipping www.escueladesuboficialec.cl ? cl
1170Bit Flipping www.escueladesuboficialeq.cl ? cl
1171Bit Flipping www.escueladesuboficialer.cl ? cl
1172Bit Flipping www.escueladesuboficiales.cd ? cd
1173Bit Flipping www.escueladesuboficiales.ch ? ch
1174Bit Flipping www.escueladesuboficiales.cm ? cm
1175Bit Flipping www.escueladesuboficiales.cn ? cn
1176Bit Flipping www.escueladesuboficiales.gl ? gl
1177Bit Flipping www.escueladesuboficiales.sl ? sl
1178Bit Flipping www.escueladesuboficialew.cl ? cl
1179Bit Flipping www.escueladesuboficialgs.cl ? cl
1180Bit Flipping www.escueladesuboficialms.cl ? cl
1181Bit Flipping www.escueladesuboficialus.cl ? cl
1182Bit Flipping www.escueladesuboficiames.cl ? cl
1183Bit Flipping www.escueladesuboficianes.cl ? cl
1184Bit Flipping www.escueladesuboficicles.cl ? cl
1185Bit Flipping www.escueladesuboficieles.cl ? cl
1186Bit Flipping www.escueladesuboficiiles.cl ? cl
1187Bit Flipping www.escueladesuboficiqles.cl ? cl
1188Bit Flipping www.escueladesubofickales.cl ? cl
1189Bit Flipping www.escueladesuboficmales.cl ? cl
1190Bit Flipping www.escueladesuboficyales.cl ? cl
1191Bit Flipping www.escueladesubofigiales.cl ? cl
1192Bit Flipping www.escueladesubofikiales.cl ? cl
1193Bit Flipping www.escueladesubofisiales.cl ? cl
1194Bit Flipping www.escueladesubofkciales.cl ? cl
1195Bit Flipping www.escueladesubofmciales.cl ? cl
1196Bit Flipping www.escueladesubofyciales.cl ? cl
1197Bit Flipping www.escueladesuboniciales.cl ? cl
1198Bit Flipping www.escueladesuboviciales.cl ? cl
1199Bit Flipping www.escueladesucoficiales.cl ? cl
1200Bit Flipping www.escueladesufoficiales.cl ? cl
1201Bit Flipping www.escueladesujoficiales.cl ? cl
1202Bit Flipping www.escueladesuroficiales.cl ? cl
1203Bit Flipping www.escueladeswboficiales.cl ? cl
1204Bit Flipping www.escueladewuboficiales.cl ? cl
1205Bit Flipping www.escueladgsuboficiales.cl ? cl
1206Bit Flipping www.escueladmsuboficiales.cl ? cl
1207Bit Flipping www.escueladusuboficiales.cl ? cl
1208Bit Flipping www.escuelaeesuboficiales.cl ? cl
1209Bit Flipping www.escuelalesuboficiales.cl ? cl
1210Bit Flipping www.escuelatesuboficiales.cl ? cl
1211Bit Flipping www.escuelcdesuboficiales.cl ? cl
1212Bit Flipping www.escueledesuboficiales.cl ? cl
1213Bit Flipping www.escuelidesuboficiales.cl ? cl
1214Bit Flipping www.escuelqdesuboficiales.cl ? cl
1215Bit Flipping www.escuemadesuboficiales.cl ? cl
1216Bit Flipping www.escuenadesuboficiales.cl ? cl
1217Bit Flipping www.escugladesuboficiales.cl ? cl
1218Bit Flipping www.escumladesuboficiales.cl ? cl
1219Bit Flipping www.escuuladesuboficiales.cl ? cl
1220Bit Flipping www.escweladesuboficiales.cl ? cl
1221Bit Flipping www.esgueladesuboficiales.cl ? cl
1222Bit Flipping www.eskueladesuboficiales.cl ? cl
1223Bit Flipping www.essueladesuboficiales.cl ? cl
1224Bit Flipping www.ewcueladesuboficiales.cl ? cl
1225Bit Flipping www.gscueladesuboficiales.cl ? cl
1226Bit Flipping www.mscueladesuboficiales.cl ? cl
1227Bit Flipping www.uscueladesuboficiales.cl ? cl
1228Bit Flipping wwwnescueladesuboficiales.cl ? cl
1229Homoglyphs vvvvvv.escueladesuboficiales.cl ? cl
1230Homoglyphs vvvvw.escueladesuboficiales.cl ? cl
1231Homoglyphs vvwvv.escueladesuboficiales.cl ? cl
1232Homoglyphs vvww.escueladesuboficiales.cl ? cl
1233Homoglyphs wvvvv.escueladesuboficiales.cl ? cl
1234Homoglyphs wvvw.escueladesuboficiales.cl ? cl
1235Homoglyphs wwvv.escueladesuboficiales.cl ? cl
1236Homoglyphs www.escue1adesuboficia1es.cl ? cl
1237Homoglyphs www.escue1adesuboficiales.cl ? cl
1238Homoglyphs www.escuelaclesuboficiales.cl ? cl
1239Homoglyphs www.escueladesub0ficiales.cl ? cl
1240Homoglyphs www.escueladesuboficia1es.cl ? cl
1241Homoglyphs www.escueladesuboficlales.cl ? cl
1242Homoglyphs www.escueladesuboflciales.cl ? cl
1243Homoglyphs www.escueladesuboflclales.cl ? cl
1244Wrong TLD escueladesuboficiales.ca ? ca
1245Wrong TLD escueladesuboficiales.ch ? ch
1246Wrong TLD escueladesuboficiales.com ? com
1247Wrong TLD escueladesuboficiales.de ? de
1248Wrong TLD escueladesuboficiales.edu ? edu
1249Wrong TLD escueladesuboficiales.es ? es
1250Wrong TLD escueladesuboficiales.fr ? fr
1251Wrong TLD escueladesuboficiales.it ? it
1252Wrong TLD escueladesuboficiales.jp ? jp
1253Wrong TLD escueladesuboficiales.net ? net
1254Wrong TLD escueladesuboficiales.nl ? nl
1255Wrong TLD escueladesuboficiales.no ? no
1256Wrong TLD escueladesuboficiales.org ? org
1257Wrong TLD escueladesuboficiales.ru ? ru
1258Wrong TLD escueladesuboficiales.se ? se
1259Wrong TLD escueladesuboficiales.us ? us
1260#######################################################################################################################################
1261[*] Processing domain www.escueladesuboficiales.cl
1262[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1263[+] Getting nameservers
1264[-] Getting nameservers failed
1265[-] Zone transfer failed
1266
1267[*] Scanning www.escueladesuboficiales.cl for A records
1268191.234.162.247 - www.escueladesuboficiales.cl
1269#######################################################################################################################################
1270Privileges have been dropped to "nobody:nogroup" for security reasons.
1271
1272Processed queries: 0
1273Received packets: 0
1274Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
1275Current incoming rate: 0 pps, average: 0 pps
1276Current success rate: 0 pps, average: 0 pps
1277Finished total: 0, success: 0 (0.00%)
1278Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1279Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1280Response: | Success: | Total:
1281OK: | 0 ( 0.00%) | 0 ( 0.00%)
1282NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
1283SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
1284REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
1285FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1286
1287
1288
1289Processed queries: 1919
1290Received packets: 861
1291Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
1292Current incoming rate: 860 pps, average: 860 pps
1293Current success rate: 594 pps, average: 594 pps
1294Finished total: 595, success: 595 (100.00%)
1295Mismatched domains: 1 (0.12%), IDs: 0 (0.00%)
1296Failures: 0: 16.13%, 1: 262.52%, 2: 43.87%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1297Response: | Success: | Total:
1298OK: | 64 ( 10.76%) | 64 ( 7.47%)
1299NXDOMAIN: | 519 ( 87.23%) | 519 ( 60.56%)
1300SERVFAIL: | 12 ( 2.02%) | 12 ( 1.40%)
1301REFUSED: | 0 ( 0.00%) | 262 ( 30.57%)
1302FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1303
1304
1305
1306Processed queries: 1919
1307Received packets: 2884
1308Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
1309Current incoming rate: 2018 pps, average: 1439 pps
1310Current success rate: 920 pps, average: 757 pps
1311Finished total: 1517, success: 1517 (100.00%)
1312Mismatched domains: 774 (27.00%), IDs: 0 (0.00%)
1313Failures: 0: 6.33%, 1: 33.36%, 2: 29.27%, 3: 38.23%, 4: 17.07%, 5: 1.98%, 6: 0.20%, 7: 0.07%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1314Response: | Success: | Total:
1315OK: | 152 ( 10.02%) | 205 ( 7.15%)
1316NXDOMAIN: | 1331 ( 87.74%) | 1826 ( 63.69%)
1317SERVFAIL: | 34 ( 2.24%) | 48 ( 1.67%)
1318REFUSED: | 0 ( 0.00%) | 788 ( 27.49%)
1319FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1320
1321
1322
1323Processed queries: 1919
1324Received packets: 4127
1325Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
1326Current incoming rate: 1240 pps, average: 1373 pps
1327Current success rate: 357 pps, average: 623 pps
1328Finished total: 1875, success: 1875 (100.00%)
1329Mismatched domains: 1538 (37.49%), IDs: 0 (0.00%)
1330Failures: 0: 5.12%, 1: 26.99%, 2: 23.68%, 3: 19.95%, 4: 15.57%, 5: 7.25%, 6: 2.93%, 7: 0.69%, 8: 0.11%, 9: 0.05%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1331Response: | Success: | Total:
1332OK: | 178 ( 9.49%) | 266 ( 6.48%)
1333NXDOMAIN: | 1656 ( 88.32%) | 2693 ( 65.65%)
1334SERVFAIL: | 41 ( 2.19%) | 69 ( 1.68%)
1335REFUSED: | 0 ( 0.00%) | 1074 ( 26.18%)
1336FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1337
1338
1339
1340Processed queries: 1919
1341Received packets: 4208
1342Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
1343Current incoming rate: 80 pps, average: 1050 pps
1344Current success rate: 27 pps, average: 474 pps
1345Finished total: 1903, success: 1903 (100.00%)
1346Mismatched domains: 1584 (37.88%), IDs: 0 (0.00%)
1347Failures: 0: 5.04%, 1: 26.59%, 2: 23.33%, 3: 19.65%, 4: 15.34%, 5: 6.46%, 6: 2.47%, 7: 0.84%, 8: 0.68%, 9: 0.42%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1348Response: | Success: | Total:
1349OK: | 178 ( 9.35%) | 267 ( 6.38%)
1350NXDOMAIN: | 1682 ( 88.39%) | 2762 ( 66.04%)
1351SERVFAIL: | 43 ( 2.26%) | 71 ( 1.70%)
1352REFUSED: | 0 ( 0.00%) | 1082 ( 25.87%)
1353FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1354
1355
1356
1357Processed queries: 1919
1358Received packets: 4251
1359Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
1360Current incoming rate: 42 pps, average: 848 pps
1361Current success rate: 10 pps, average: 382 pps
1362Finished total: 1914, success: 1914 (100.00%)
1363Mismatched domains: 1614 (38.20%), IDs: 0 (0.00%)
1364Failures: 0: 5.02%, 1: 26.44%, 2: 23.20%, 3: 19.54%, 4: 15.26%, 5: 6.43%, 6: 2.46%, 7: 0.68%, 8: 0.42%, 9: 0.63%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1365Response: | Success: | Total:
1366OK: | 180 ( 9.40%) | 270 ( 6.39%)
1367NXDOMAIN: | 1689 ( 88.24%) | 2794 ( 66.13%)
1368SERVFAIL: | 45 ( 2.35%) | 73 ( 1.73%)
1369REFUSED: | 0 ( 0.00%) | 1088 ( 25.75%)
1370FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1371
1372
1373
1374Processed queries: 1919
1375Received packets: 4275
1376Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
1377Current incoming rate: 23 pps, average: 711 pps
1378Current success rate: 3 pps, average: 319 pps
1379Finished total: 1918, success: 1918 (100.00%)
1380Mismatched domains: 1633 (38.43%), IDs: 0 (0.00%)
1381Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.16%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1382Response: | Success: | Total:
1383OK: | 181 ( 9.44%) | 271 ( 6.38%)
1384NXDOMAIN: | 1692 ( 88.22%) | 2813 ( 66.20%)
1385SERVFAIL: | 45 ( 2.35%) | 74 ( 1.74%)
1386REFUSED: | 0 ( 0.00%) | 1091 ( 25.68%)
1387FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1388
1389
1390
1391Processed queries: 1919
1392Received packets: 4287
1393Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
1394Current incoming rate: 11 pps, average: 611 pps
1395Current success rate: 0 pps, average: 273 pps
1396Finished total: 1918, success: 1918 (100.00%)
1397Mismatched domains: 1645 (38.61%), IDs: 0 (0.00%)
1398Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1399Response: | Success: | Total:
1400OK: | 181 ( 9.44%) | 271 ( 6.36%)
1401NXDOMAIN: | 1692 ( 88.22%) | 2821 ( 66.21%)
1402SERVFAIL: | 45 ( 2.35%) | 75 ( 1.76%)
1403REFUSED: | 0 ( 0.00%) | 1093 ( 25.65%)
1404FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1405
1406
1407
1408Processed queries: 1919
1409Received packets: 4301
1410Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
1411Current incoming rate: 13 pps, average: 536 pps
1412Current success rate: 0 pps, average: 239 pps
1413Finished total: 1918, success: 1918 (100.00%)
1414Mismatched domains: 1659 (38.81%), IDs: 0 (0.00%)
1415Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1416Response: | Success: | Total:
1417OK: | 181 ( 9.44%) | 271 ( 6.34%)
1418NXDOMAIN: | 1692 ( 88.22%) | 2833 ( 66.27%)
1419SERVFAIL: | 45 ( 2.35%) | 76 ( 1.78%)
1420REFUSED: | 0 ( 0.00%) | 1094 ( 25.59%)
1421FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1422
1423
1424
1425Processed queries: 1919
1426Received packets: 4308
1427Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
1428Current incoming rate: 6 pps, average: 477 pps
1429Current success rate: 0 pps, average: 212 pps
1430Finished total: 1918, success: 1918 (100.00%)
1431Mismatched domains: 1666 (38.91%), IDs: 0 (0.00%)
1432Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.05%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1433Response: | Success: | Total:
1434OK: | 181 ( 9.44%) | 271 ( 6.33%)
1435NXDOMAIN: | 1692 ( 88.22%) | 2839 ( 66.30%)
1436SERVFAIL: | 45 ( 2.35%) | 76 ( 1.77%)
1437REFUSED: | 0 ( 0.00%) | 1095 ( 25.57%)
1438FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1439
1440
1441
1442Processed queries: 1919
1443Received packets: 4310
1444Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
1445Current incoming rate: 1 pps, average: 430 pps
1446Current success rate: 0 pps, average: 191 pps
1447Finished total: 1918, success: 1918 (100.00%)
1448Mismatched domains: 1668 (38.94%), IDs: 0 (0.00%)
1449Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.05%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1450Response: | Success: | Total:
1451OK: | 181 ( 9.44%) | 271 ( 6.33%)
1452NXDOMAIN: | 1692 ( 88.22%) | 2840 ( 66.29%)
1453SERVFAIL: | 45 ( 2.35%) | 76 ( 1.77%)
1454REFUSED: | 0 ( 0.00%) | 1095 ( 25.56%)
1455FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1456
1457
1458
1459Processed queries: 1919
1460Received packets: 4311
1461Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
1462Current incoming rate: 0 pps, average: 391 pps
1463Current success rate: 0 pps, average: 174 pps
1464Finished total: 1918, success: 1918 (100.00%)
1465Mismatched domains: 1669 (38.95%), IDs: 0 (0.00%)
1466Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.05%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1467Response: | Success: | Total:
1468OK: | 181 ( 9.44%) | 271 ( 6.32%)
1469NXDOMAIN: | 1692 ( 88.22%) | 2840 ( 66.28%)
1470SERVFAIL: | 45 ( 2.35%) | 76 ( 1.77%)
1471REFUSED: | 0 ( 0.00%) | 1096 ( 25.58%)
1472FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1473
1474
1475
1476Processed queries: 1919
1477Received packets: 4322
1478Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
1479Current incoming rate: 10 pps, average: 359 pps
1480Current success rate: 0 pps, average: 159 pps
1481Finished total: 1918, success: 1918 (100.00%)
1482Mismatched domains: 1680 (39.11%), IDs: 0 (0.00%)
1483Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.05%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1484Response: | Success: | Total:
1485OK: | 181 ( 9.44%) | 271 ( 6.31%)
1486NXDOMAIN: | 1692 ( 88.22%) | 2841 ( 66.13%)
1487SERVFAIL: | 45 ( 2.35%) | 85 ( 1.98%)
1488REFUSED: | 0 ( 0.00%) | 1097 ( 25.54%)
1489FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1490
1491
1492
1493Processed queries: 1919
1494Received packets: 4325
1495Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
1496Current incoming rate: 2 pps, average: 332 pps
1497Current success rate: 0 pps, average: 147 pps
1498Finished total: 1918, success: 1918 (100.00%)
1499Mismatched domains: 1683 (39.15%), IDs: 0 (0.00%)
1500Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.05%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1501Response: | Success: | Total:
1502OK: | 181 ( 9.44%) | 271 ( 6.30%)
1503NXDOMAIN: | 1692 ( 88.22%) | 2841 ( 66.09%)
1504SERVFAIL: | 45 ( 2.35%) | 87 ( 2.02%)
1505REFUSED: | 0 ( 0.00%) | 1098 ( 25.54%)
1506FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1507
1508
1509
1510Processed queries: 1919
1511Received packets: 4329
1512Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
1513Current incoming rate: 3 pps, average: 308 pps
1514Current success rate: 0 pps, average: 136 pps
1515Finished total: 1918, success: 1918 (100.00%)
1516Mismatched domains: 1687 (39.21%), IDs: 0 (0.00%)
1517Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.05%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1518Response: | Success: | Total:
1519OK: | 181 ( 9.44%) | 271 ( 6.30%)
1520NXDOMAIN: | 1692 ( 88.22%) | 2842 ( 66.05%)
1521SERVFAIL: | 45 ( 2.35%) | 89 ( 2.07%)
1522REFUSED: | 0 ( 0.00%) | 1099 ( 25.54%)
1523FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1524
1525
1526
1527Processed queries: 1919
1528Received packets: 4337
1529Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
1530Current incoming rate: 7 pps, average: 288 pps
1531Current success rate: 0 pps, average: 127 pps
1532Finished total: 1918, success: 1918 (100.00%)
1533Mismatched domains: 1695 (39.32%), IDs: 0 (0.00%)
1534Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.05%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1535Response: | Success: | Total:
1536OK: | 181 ( 9.44%) | 272 ( 6.31%)
1537NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 66.04%)
1538SERVFAIL: | 45 ( 2.35%) | 89 ( 2.06%)
1539REFUSED: | 0 ( 0.00%) | 1101 ( 25.54%)
1540FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1541
1542
1543
1544Processed queries: 1919
1545Received packets: 4337
1546Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
1547Current incoming rate: 0 pps, average: 270 pps
1548Current success rate: 0 pps, average: 119 pps
1549Finished total: 1918, success: 1918 (100.00%)
1550Mismatched domains: 1695 (39.32%), IDs: 0 (0.00%)
1551Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.05%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1552Response: | Success: | Total:
1553OK: | 181 ( 9.44%) | 272 ( 6.31%)
1554NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 66.04%)
1555SERVFAIL: | 45 ( 2.35%) | 89 ( 2.06%)
1556REFUSED: | 0 ( 0.00%) | 1101 ( 25.54%)
1557FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1558
1559
1560
1561Processed queries: 1919
1562Received packets: 4338
1563Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
1564Current incoming rate: 0 pps, average: 254 pps
1565Current success rate: 0 pps, average: 112 pps
1566Finished total: 1918, success: 1918 (100.00%)
1567Mismatched domains: 1696 (39.33%), IDs: 0 (0.00%)
1568Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.05%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1569Response: | Success: | Total:
1570OK: | 181 ( 9.44%) | 272 ( 6.31%)
1571NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 66.03%)
1572SERVFAIL: | 45 ( 2.35%) | 89 ( 2.06%)
1573REFUSED: | 0 ( 0.00%) | 1102 ( 25.56%)
1574FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1575
1576
1577
1578Processed queries: 1919
1579Received packets: 4340
1580Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
1581Current incoming rate: 1 pps, average: 240 pps
1582Current success rate: 0 pps, average: 106 pps
1583Finished total: 1918, success: 1918 (100.00%)
1584Mismatched domains: 1698 (39.36%), IDs: 0 (0.00%)
1585Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.05%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1586Response: | Success: | Total:
1587OK: | 181 ( 9.44%) | 273 ( 6.33%)
1588NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.99%)
1589SERVFAIL: | 45 ( 2.35%) | 89 ( 2.06%)
1590REFUSED: | 0 ( 0.00%) | 1103 ( 25.57%)
1591FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1592
1593
1594
1595Processed queries: 1919
1596Received packets: 4341
1597Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
1598Current incoming rate: 0 pps, average: 228 pps
1599Current success rate: 0 pps, average: 100 pps
1600Finished total: 1918, success: 1918 (100.00%)
1601Mismatched domains: 1699 (39.37%), IDs: 0 (0.00%)
1602Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.05%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1603Response: | Success: | Total:
1604OK: | 181 ( 9.44%) | 273 ( 6.33%)
1605NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.98%)
1606SERVFAIL: | 45 ( 2.35%) | 89 ( 2.06%)
1607REFUSED: | 0 ( 0.00%) | 1104 ( 25.59%)
1608FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1609
1610
1611
1612Processed queries: 1919
1613Received packets: 4345
1614Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
1615Current incoming rate: 3 pps, average: 216 pps
1616Current success rate: 0 pps, average: 95 pps
1617Finished total: 1918, success: 1918 (100.00%)
1618Mismatched domains: 1703 (39.43%), IDs: 0 (0.00%)
1619Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1620Response: | Success: | Total:
1621OK: | 181 ( 9.44%) | 273 ( 6.32%)
1622NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.92%)
1623SERVFAIL: | 45 ( 2.35%) | 91 ( 2.11%)
1624REFUSED: | 0 ( 0.00%) | 1106 ( 25.61%)
1625FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1626
1627
1628
1629Processed queries: 1919
1630Received packets: 4348
1631Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
1632Current incoming rate: 2 pps, average: 206 pps
1633Current success rate: 0 pps, average: 91 pps
1634Finished total: 1918, success: 1918 (100.00%)
1635Mismatched domains: 1706 (39.47%), IDs: 0 (0.00%)
1636Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.05%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1637Response: | Success: | Total:
1638OK: | 181 ( 9.44%) | 273 ( 6.32%)
1639NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.87%)
1640SERVFAIL: | 45 ( 2.35%) | 93 ( 2.15%)
1641REFUSED: | 0 ( 0.00%) | 1107 ( 25.61%)
1642FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1643
1644
1645
1646Processed queries: 1919
1647Received packets: 4353
1648Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
1649Current incoming rate: 4 pps, average: 197 pps
1650Current success rate: 0 pps, average: 87 pps
1651Finished total: 1918, success: 1918 (100.00%)
1652Mismatched domains: 1711 (39.54%), IDs: 0 (0.00%)
1653Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1654Response: | Success: | Total:
1655OK: | 181 ( 9.44%) | 273 ( 6.31%)
1656NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.80%)
1657SERVFAIL: | 45 ( 2.35%) | 97 ( 2.24%)
1658REFUSED: | 0 ( 0.00%) | 1108 ( 25.61%)
1659FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1660
1661
1662
1663Processed queries: 1919
1664Received packets: 4354
1665Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
1666Current incoming rate: 0 pps, average: 188 pps
1667Current success rate: 0 pps, average: 83 pps
1668Finished total: 1918, success: 1918 (100.00%)
1669Mismatched domains: 1712 (39.56%), IDs: 0 (0.00%)
1670Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1671Response: | Success: | Total:
1672OK: | 181 ( 9.44%) | 273 ( 6.31%)
1673NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.78%)
1674SERVFAIL: | 45 ( 2.35%) | 97 ( 2.24%)
1675REFUSED: | 0 ( 0.00%) | 1109 ( 25.62%)
1676FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1677
1678
1679
1680Processed queries: 1919
1681Received packets: 4354
1682Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
1683Current incoming rate: 0 pps, average: 181 pps
1684Current success rate: 0 pps, average: 79 pps
1685Finished total: 1918, success: 1918 (100.00%)
1686Mismatched domains: 1712 (39.56%), IDs: 0 (0.00%)
1687Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1688Response: | Success: | Total:
1689OK: | 181 ( 9.44%) | 273 ( 6.31%)
1690NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.78%)
1691SERVFAIL: | 45 ( 2.35%) | 97 ( 2.24%)
1692REFUSED: | 0 ( 0.00%) | 1109 ( 25.62%)
1693FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1694
1695
1696
1697Processed queries: 1919
1698Received packets: 4354
1699Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1700Current incoming rate: 0 pps, average: 173 pps
1701Current success rate: 0 pps, average: 76 pps
1702Finished total: 1918, success: 1918 (100.00%)
1703Mismatched domains: 1712 (39.56%), IDs: 0 (0.00%)
1704Failures: 0: 5.01%, 1: 26.38%, 2: 23.15%, 3: 19.50%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
1705Response: | Success: | Total:
1706OK: | 181 ( 9.44%) | 273 ( 6.31%)
1707NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.78%)
1708SERVFAIL: | 45 ( 2.35%) | 97 ( 2.24%)
1709REFUSED: | 0 ( 0.00%) | 1109 ( 25.62%)
1710FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1711
1712
1713
1714Processed queries: 1919
1715Received packets: 4354
1716Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1717Current incoming rate: 0 pps, average: 173 pps
1718Current success rate: 0 pps, average: 76 pps
1719Finished total: 1919, success: 1918 (99.95%)
1720Mismatched domains: 1712 (39.56%), IDs: 0 (0.00%)
1721Failures: 0: 5.00%, 1: 26.37%, 2: 23.14%, 3: 19.49%, 4: 15.22%, 5: 6.41%, 6: 2.45%, 7: 0.68%, 8: 0.42%, 9: 0.52%, 10: 0.05%, 11: 0.10%, 12: 0.10%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
1722Response: | Success: | Total:
1723OK: | 181 ( 9.44%) | 273 ( 6.31%)
1724NXDOMAIN: | 1692 ( 88.22%) | 2847 ( 65.78%)
1725SERVFAIL: | 45 ( 2.35%) | 97 ( 2.24%)
1726REFUSED: | 0 ( 0.00%) | 1109 ( 25.62%)
1727FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1728www.escueladesuboficiales.cl
1729suboficiales.cloudapp.net.
1730#######################################################################################################################################
1731[+] www.escueladesuboficiales.cl has no SPF record!
1732[*] No DMARC record found. Looking for organizational record
1733[+] No organizational DMARC record
1734[+] Spoofing possible for www.escueladesuboficiales.cl!
1735#######################################################################################################################################
1736www.escueladesuboficiales.cl. 2552 IN CNAME suboficiales.cloudapp.net.
1737dig: '.www.escueladesuboficiales.cl' is not a legal name (empty label)
1738www.escueladesuboficiales.cl. 2552 IN CNAME suboficiales.cloudapp.net.
1739#######################################################################################################################################
1740WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1741Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-20 06:31 EST
1742Nmap scan report for www.escueladesuboficiales.cl (191.234.162.247)
1743Host is up (0.46s latency).
1744Not shown: 489 filtered ports, 3 closed ports
1745Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1746PORT STATE SERVICE
174721/tcp open ftp
174822/tcp open ssh
174980/tcp open http
1750443/tcp open https
1751
1752Nmap done: 1 IP address (1 host up) scanned in 17.66 seconds
1753#######################################################################################################################################
1754Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-20 06:31 EST
1755Nmap scan report for www.escueladesuboficiales.cl (191.234.162.247)
1756Host is up (0.39s latency).
1757Not shown: 2 filtered ports
1758PORT STATE SERVICE
175953/udp open|filtered domain
176067/udp open|filtered dhcps
176168/udp open|filtered dhcpc
176269/udp open|filtered tftp
176388/udp open|filtered kerberos-sec
1764123/udp open|filtered ntp
1765139/udp open|filtered netbios-ssn
1766161/udp open|filtered snmp
1767162/udp open|filtered snmptrap
1768389/udp open|filtered ldap
1769500/udp open|filtered isakmp
1770520/udp open|filtered route
17712049/udp open|filtered nfs
1772
1773Nmap done: 1 IP address (1 host up) scanned in 6.49 seconds
1774#######################################################################################################################################
1775# general
1776(gen) banner: SSH-2.0-OpenSSH_5.3
1777(gen) software: OpenSSH 5.3
1778(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
1779(gen) compression: enabled (zlib@openssh.com)
1780
1781# key exchange algorithms
1782(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1783 `- [info] available since OpenSSH 4.4
1784(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1785 `- [warn] using weak hashing algorithm
1786 `- [info] available since OpenSSH 2.3.0
1787(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1788 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1789(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1790 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1791 `- [warn] using small 1024-bit modulus
1792 `- [warn] using weak hashing algorithm
1793 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1794
1795# host-key algorithms
1796(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1797(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1798 `- [warn] using small 1024-bit modulus
1799 `- [warn] using weak random number generator could reveal the key
1800 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1801
1802# encryption algorithms (ciphers)
1803(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1804(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1805(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1806(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1807 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1808 `- [warn] using weak cipher
1809 `- [info] available since OpenSSH 4.2
1810(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1811 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1812 `- [warn] using weak cipher
1813 `- [info] available since OpenSSH 4.2
1814(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1815 `- [warn] using weak cipher mode
1816 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1817(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1818 `- [warn] using weak cipher
1819 `- [warn] using weak cipher mode
1820 `- [warn] using small 64-bit block size
1821 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1822(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1823 `- [fail] disabled since Dropbear SSH 0.53
1824 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1825 `- [warn] using weak cipher mode
1826 `- [warn] using small 64-bit block size
1827 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1828(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1829 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1830 `- [warn] using weak cipher mode
1831 `- [warn] using small 64-bit block size
1832 `- [info] available since OpenSSH 2.1.0
1833(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1834 `- [warn] using weak cipher mode
1835 `- [info] available since OpenSSH 2.3.0
1836(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1837 `- [warn] using weak cipher mode
1838 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1839(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1840 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1841 `- [warn] using weak cipher
1842 `- [info] available since OpenSSH 2.1.0
1843(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1844 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1845 `- [warn] using weak cipher mode
1846 `- [info] available since OpenSSH 2.3.0
1847
1848# message authentication code algorithms
1849(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1850 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1851 `- [warn] using encrypt-and-MAC mode
1852 `- [warn] using weak hashing algorithm
1853 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1854(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1855 `- [warn] using weak hashing algorithm
1856 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1857(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1858 `- [warn] using small 64-bit tag size
1859 `- [info] available since OpenSSH 4.7
1860(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1861 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1862(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1863 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1864(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1865 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1866 `- [warn] using encrypt-and-MAC mode
1867 `- [info] available since OpenSSH 2.5.0
1868(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1869 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1870 `- [warn] using encrypt-and-MAC mode
1871 `- [info] available since OpenSSH 2.1.0
1872(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1873 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1874 `- [warn] using encrypt-and-MAC mode
1875 `- [warn] using weak hashing algorithm
1876 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1877(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1878 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1879 `- [warn] using encrypt-and-MAC mode
1880 `- [warn] using weak hashing algorithm
1881 `- [info] available since OpenSSH 2.5.0
1882
1883# algorithm recommendations (for OpenSSH 5.3)
1884(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1885(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1886(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1887(rec) -ssh-dss -- key algorithm to remove
1888(rec) -arcfour -- enc algorithm to remove
1889(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1890(rec) -blowfish-cbc -- enc algorithm to remove
1891(rec) -3des-cbc -- enc algorithm to remove
1892(rec) -aes256-cbc -- enc algorithm to remove
1893(rec) -arcfour256 -- enc algorithm to remove
1894(rec) -cast128-cbc -- enc algorithm to remove
1895(rec) -aes192-cbc -- enc algorithm to remove
1896(rec) -arcfour128 -- enc algorithm to remove
1897(rec) -aes128-cbc -- enc algorithm to remove
1898(rec) -hmac-md5-96 -- mac algorithm to remove
1899(rec) -hmac-ripemd160 -- mac algorithm to remove
1900(rec) -hmac-sha1-96 -- mac algorithm to remove
1901(rec) -umac-64@openssh.com -- mac algorithm to remove
1902(rec) -hmac-md5 -- mac algorithm to remove
1903(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1904(rec) -hmac-sha1 -- mac algorithm to remove
1905########################################################################################################################################
1906USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1907RHOSTS => www.escueladesuboficiales.cl
1908RHOST => www.escueladesuboficiales.cl
1909[*] 191.234.162.247:22 - SSH - Using malformed packet technique
1910[*] 191.234.162.247:22 - SSH - Starting scan
1911[-] 191.234.162.247:22 - SSH - User 'admin' not found
1912[-] 191.234.162.247:22 - SSH - User 'administrator' not found
1913[-] 191.234.162.247:22 - SSH - User 'anonymous' not found
1914[-] 191.234.162.247:22 - SSH - User 'backup' not found
1915[-] 191.234.162.247:22 - SSH - User 'bee' not found
1916[+] 191.234.162.247:22 - SSH - User 'ftp' found
1917[-] 191.234.162.247:22 - SSH - User 'guest' not found
1918[-] 191.234.162.247:22 - SSH - User 'GUEST' not found
1919[-] 191.234.162.247:22 - SSH - User 'info' not found
1920[+] 191.234.162.247:22 - SSH - User 'mail' found
1921[-] 191.234.162.247:22 - SSH - User 'mailadmin' not found
1922[-] 191.234.162.247:22 - SSH - User 'msfadmin' not found
1923[+] 191.234.162.247:22 - SSH - User 'mysql' found
1924[+] 191.234.162.247:22 - SSH - User 'nobody' found
1925[-] 191.234.162.247:22 - SSH - User 'oracle' not found
1926[-] 191.234.162.247:22 - SSH - User 'owaspbwa' not found
1927[+] 191.234.162.247:22 - SSH - User 'postfix' found
1928[-] 191.234.162.247:22 - SSH - User 'postgres' not found
1929[-] 191.234.162.247:22 - SSH - User 'private' not found
1930[-] 191.234.162.247:22 - SSH - User 'proftpd' not found
1931[-] 191.234.162.247:22 - SSH - User 'public' not found
1932[+] 191.234.162.247:22 - SSH - User 'root' found
1933[-] 191.234.162.247:22 - SSH - User 'superadmin' not found
1934[-] 191.234.162.247:22 - SSH - User 'support' not found
1935[-] 191.234.162.247:22 - SSH - User 'sys' not found
1936[-] 191.234.162.247:22 - SSH - User 'system' not found
1937[-] 191.234.162.247:22 - SSH - User 'systemadmin' not found
1938[-] 191.234.162.247:22 - SSH - User 'systemadministrator' not found
1939[-] 191.234.162.247:22 - SSH - User 'test' not found
1940[-] 191.234.162.247:22 - SSH - User 'tomcat' not found
1941[-] 191.234.162.247:22 - SSH - User 'user' not found
1942[-] 191.234.162.247:22 - SSH - User 'webmaster' not found
1943[-] 191.234.162.247:22 - SSH - User 'www-data' not found
1944[-] 191.234.162.247:22 - SSH - User 'Fortimanager_Access' not found
1945[*] Scanned 1 of 1 hosts (100% complete)
1946[*] Auxiliary module execution completed
1947#######################################################################################################################################
1948HTTP/1.1 301 Moved Permanently
1949Date: Fri, 20 Dec 2019 11:34:56 GMT
1950Server: Apache
1951Location: https://www.escueladesuboficiales.cl/
1952Connection: close
1953Content-Type: text/html; charset=iso-8859-1
1954#######################################################################################################################################
1955http://www.escueladesuboficiales.cl [301 Moved Permanently] Apache, Country[BRAZIL][BR], HTTPServer[Apache], IP[191.234.162.247], RedirectLocation[https://www.escueladesuboficiales.cl/], Title[301 Moved Permanently]
1956ERROR Opening: https://www.escueladesuboficiales.cl/ - SSL_connect returned=1 errno=0 state=error: wrong signature type
1957#######################################################################################################################################
1958Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-20 06:38 EST
1959NSE: Loaded 163 scripts for scanning.
1960NSE: Script Pre-scanning.
1961Initiating NSE at 06:38
1962Completed NSE at 06:38, 0.00s elapsed
1963Initiating NSE at 06:38
1964Completed NSE at 06:38, 0.00s elapsed
1965Initiating Parallel DNS resolution of 1 host. at 06:38
1966Completed Parallel DNS resolution of 1 host. at 06:38, 0.02s elapsed
1967Initiating SYN Stealth Scan at 06:38
1968Scanning www.escueladesuboficiales.cl (191.234.162.247) [1 port]
1969Discovered open port 80/tcp on 191.234.162.247
1970Completed SYN Stealth Scan at 06:38, 0.80s elapsed (1 total ports)
1971Initiating Service scan at 06:38
1972Scanning 1 service on www.escueladesuboficiales.cl (191.234.162.247)
1973Completed Service scan at 06:38, 7.25s elapsed (1 service on 1 host)
1974Initiating OS detection (try #1) against www.escueladesuboficiales.cl (191.234.162.247)
1975Retrying OS detection (try #2) against www.escueladesuboficiales.cl (191.234.162.247)
1976Initiating Traceroute at 06:38
1977Completed Traceroute at 06:38, 6.63s elapsed
1978Initiating Parallel DNS resolution of 14 hosts. at 06:38
1979Completed Parallel DNS resolution of 14 hosts. at 06:38, 0.88s elapsed
1980NSE: Script scanning 191.234.162.247.
1981Initiating NSE at 06:38
1982Stats: 0:04:26 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
1983NSE: Active NSE Script Threads: 2 (2 waiting)
1984NSE Timing: About 99.34% done; ETC: 06:42 (0:00:02 remaining)
1985Completed NSE at 06:44, 344.20s elapsed
1986Initiating NSE at 06:44
1987Completed NSE at 06:44, 3.28s elapsed
1988Nmap scan report for www.escueladesuboficiales.cl (191.234.162.247)
1989Host is up (0.80s latency).
1990
1991PORT STATE SERVICE VERSION
199280/tcp open http Apache httpd
1993| http-brute:
1994|_ Path "/" does not require authentication
1995|_http-chrono: Request times for /; avg: 1800.20ms; min: 1600.12ms; max: 1957.24ms
1996|_http-csrf: Couldn't find any CSRF vulnerabilities.
1997|_http-date: Fri, 20 Dec 2019 11:36:41 GMT; -2m32s from local time.
1998|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1999|_http-dombased-xss: Couldn't find any DOM based XSS.
2000|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2001|_http-errors: Couldn't find any error pages.
2002|_http-feed: Couldn't find any feeds.
2003|_http-fetch: Please enter the complete path of the directory to save data in.
2004| http-headers:
2005| Date: Fri, 20 Dec 2019 11:36:54 GMT
2006| Server: Apache
2007| Location: https://www.escueladesuboficiales.cl/
2008| Content-Length: 245
2009| Connection: close
2010| Content-Type: text/html; charset=iso-8859-1
2011|
2012|_ (Request type: GET)
2013|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2014| http-methods:
2015|_ Supported Methods: GET HEAD POST OPTIONS
2016|_http-mobileversion-checker: No mobile version detected.
2017|_http-passwd: ERROR: Script execution failed (use -d to debug)
2018|_http-security-headers:
2019|_http-server-header: Apache
2020| http-sitemap-generator:
2021| Directory structure:
2022| Longest directory structure:
2023| Depth: 0
2024| Dir: /
2025| Total files found (by extension):
2026|_
2027|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2028|_http-title: Did not follow redirect to https://cadunjmg/
2029| http-vhosts:
2030|_127 names had status 301
2031|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2032|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2033|_http-xssed: No previously reported XSS vuln.
2034|_https-redirect: ERROR: Script execution failed (use -d to debug)
2035| vulscan: VulDB - https://vuldb.com:
2036| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2037| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2038| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2039| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2040| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2041| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2042| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2043| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2044| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2045| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2046| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2047| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2048| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2049| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2050| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2051| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2052| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2053| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2054| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2055| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2056| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2057| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2058| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2059| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2060| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2061| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2062| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2063| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2064| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2065| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2066| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2067| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2068| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2069| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2070| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2071| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2072| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2073| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2074| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2075| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2076| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2077| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2078| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2079| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2080| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2081| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2082| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2083| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2084| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2085| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2086| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2087| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2088| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2089| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2090| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2091| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2092| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2093| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2094| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2095| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2096| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2097| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2098| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2099| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2100| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2101| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2102| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2103| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2104| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2105| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2106| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2107| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2108| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2109| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2110| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2111| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2112| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2113| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2114| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2115| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2116| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2117| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2118| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2119| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2120| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2121| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2122| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2123| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2124| [136370] Apache Fineract up to 1.2.x sql injection
2125| [136369] Apache Fineract up to 1.2.x sql injection
2126| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2127| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2128| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2129| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2130| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2131| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2132| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2133| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2134| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2135| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2136| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2137| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2138| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2139| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2140| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2141| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2142| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2143| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2144| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2145| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2146| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2147| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2148| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2149| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2150| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2151| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2152| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2153| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2154| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2155| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2156| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2157| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2158| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2159| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2160| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2161| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2162| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2163| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2164| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2165| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2166| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2167| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2168| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2169| [130629] Apache Guacamole Cookie Flag weak encryption
2170| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2171| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2172| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2173| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2174| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2175| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2176| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2177| [130123] Apache Airflow up to 1.8.2 information disclosure
2178| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2179| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2180| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2181| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2182| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2183| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2184| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2185| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2186| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2187| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2188| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2189| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2190| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2191| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2192| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2193| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2194| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2195| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2196| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2197| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2198| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2199| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2200| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2201| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2202| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2203| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2204| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2205| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2206| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2207| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2208| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2209| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2210| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2211| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2212| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2213| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2214| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2215| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2216| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2217| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2218| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2219| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2220| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2221| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2222| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2223| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2224| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2225| [127007] Apache Spark Request Code Execution
2226| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2227| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2228| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2229| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2230| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2231| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2232| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2233| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2234| [126346] Apache Tomcat Path privilege escalation
2235| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2236| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2237| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2238| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2239| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2240| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2241| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2242| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2243| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2244| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2245| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2246| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2247| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2248| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2249| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2250| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2251| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2252| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2253| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2254| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2255| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2256| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2257| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2258| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2259| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2260| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2261| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2262| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2263| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2264| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2265| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2266| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2267| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2268| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2269| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2270| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2271| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2272| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2273| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2274| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2275| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2276| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2277| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2278| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2279| [123197] Apache Sentry up to 2.0.0 privilege escalation
2280| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2281| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2282| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2283| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2284| [122800] Apache Spark 1.3.0 REST API weak authentication
2285| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2286| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2287| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2288| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2289| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2290| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2291| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2292| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2293| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2294| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2295| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2296| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2297| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2298| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2299| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2300| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2301| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2302| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2303| [121354] Apache CouchDB HTTP API Code Execution
2304| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2305| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2306| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2307| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2308| [120168] Apache CXF weak authentication
2309| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2310| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2311| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2312| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2313| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2314| [119306] Apache MXNet Network Interface privilege escalation
2315| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2316| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2317| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2318| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2319| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2320| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2321| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2322| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2323| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2324| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2325| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2326| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2327| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2328| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2329| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2330| [117115] Apache Tika up to 1.17 tika-server command injection
2331| [116929] Apache Fineract getReportType Parameter privilege escalation
2332| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2333| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2334| [116926] Apache Fineract REST Parameter privilege escalation
2335| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2336| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2337| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2338| [115883] Apache Hive up to 2.3.2 privilege escalation
2339| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2340| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2341| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2342| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2343| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2344| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2345| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2346| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2347| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2348| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2349| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2350| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2351| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2352| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2353| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2354| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2355| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2356| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2357| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2358| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2359| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2360| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2361| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2362| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2363| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2364| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2365| [113895] Apache Geode up to 1.3.x Code Execution
2366| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2367| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2368| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2369| [113747] Apache Tomcat Servlets privilege escalation
2370| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2371| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2372| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2373| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2374| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2375| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2376| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2377| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2378| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2379| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2380| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2381| [112885] Apache Allura up to 1.8.0 File information disclosure
2382| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2383| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2384| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2385| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2386| [112625] Apache POI up to 3.16 Loop denial of service
2387| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2388| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2389| [112339] Apache NiFi 1.5.0 Header privilege escalation
2390| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2391| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2392| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2393| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2394| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2395| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2396| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2397| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2398| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2399| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2400| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2401| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2402| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2403| [112114] Oracle 9.1 Apache Log4j privilege escalation
2404| [112113] Oracle 9.1 Apache Log4j privilege escalation
2405| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2406| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2407| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2408| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2409| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2410| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2411| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2412| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2413| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2414| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2415| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2416| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2417| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2418| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2419| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2420| [110701] Apache Fineract Query Parameter sql injection
2421| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2422| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2423| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2424| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2425| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2426| [110106] Apache CXF Fediz Spring cross site request forgery
2427| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2428| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2429| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2430| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2431| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2432| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2433| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2434| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2435| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2436| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2437| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2438| [108938] Apple macOS up to 10.13.1 apache denial of service
2439| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2440| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2441| [108935] Apple macOS up to 10.13.1 apache denial of service
2442| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2443| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2444| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2445| [108931] Apple macOS up to 10.13.1 apache denial of service
2446| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2447| [108929] Apple macOS up to 10.13.1 apache denial of service
2448| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2449| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2450| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2451| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2452| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2453| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2454| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2455| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2456| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2457| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2458| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2459| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2460| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2461| [108782] Apache Xerces2 XML Service denial of service
2462| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2463| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2464| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2465| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2466| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2467| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2468| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2469| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2470| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2471| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2472| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2473| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2474| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2475| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2476| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2477| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2478| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2479| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2480| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2481| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2482| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2483| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2484| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2485| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2486| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2487| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2488| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2489| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2490| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2491| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2492| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2493| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2494| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2495| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2496| [107639] Apache NiFi 1.4.0 XML External Entity
2497| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2498| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2499| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2500| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2501| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2502| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2503| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2504| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2505| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2506| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2507| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2508| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2509| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2510| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2511| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2512| [107084] Apache Struts up to 2.3.19 cross site scripting
2513| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2514| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2515| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2516| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2517| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2518| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2519| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2520| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2521| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2522| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2523| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2524| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2525| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2526| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2527| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2528| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2529| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2530| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2531| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2532| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2533| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2534| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2535| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2536| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2537| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2538| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2539| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2540| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2541| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2542| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2543| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2544| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2545| [105643] Apache Pony Mail up to 0.8b weak authentication
2546| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2547| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2548| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2549| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2550| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2551| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2552| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2553| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2554| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2555| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2556| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2557| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2558| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2559| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2560| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2561| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2562| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2563| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2564| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2565| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2566| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2567| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2568| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2569| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2570| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2571| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2572| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2573| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2574| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2575| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2576| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2577| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2578| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2579| [103690] Apache OpenMeetings 1.0.0 sql injection
2580| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2581| [103688] Apache OpenMeetings 1.0.0 weak encryption
2582| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2583| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2584| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2585| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2586| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2587| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2588| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2589| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2590| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2591| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2592| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2593| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2594| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2595| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2596| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2597| [103352] Apache Solr Node weak authentication
2598| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2599| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2600| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2601| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2602| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2603| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2604| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2605| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2606| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2607| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2608| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2609| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2610| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2611| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2612| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2613| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2614| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2615| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2616| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2617| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2618| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2619| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2620| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2621| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2622| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2623| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2624| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2625| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2626| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2627| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2628| [99937] Apache Batik up to 1.8 privilege escalation
2629| [99936] Apache FOP up to 2.1 privilege escalation
2630| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2631| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2632| [99930] Apache Traffic Server up to 6.2.0 denial of service
2633| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2634| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2635| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2636| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2637| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2638| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2639| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2640| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2641| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2642| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2643| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2644| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2645| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2646| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2647| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2648| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2649| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2650| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2651| [98605] Apple macOS up to 10.12.3 Apache denial of service
2652| [98604] Apple macOS up to 10.12.3 Apache denial of service
2653| [98603] Apple macOS up to 10.12.3 Apache denial of service
2654| [98602] Apple macOS up to 10.12.3 Apache denial of service
2655| [98601] Apple macOS up to 10.12.3 Apache denial of service
2656| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2657| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2658| [98199] Apache Camel Validation XML External Entity
2659| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2660| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2661| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2662| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2663| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2664| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2665| [97081] Apache Tomcat HTTPS Request denial of service
2666| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2667| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2668| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2669| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2670| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2671| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2672| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2673| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2674| [95311] Apache Storm UI Daemon privilege escalation
2675| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2676| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2677| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2678| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2679| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2680| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2681| [94540] Apache Tika 1.9 tika-server File information disclosure
2682| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2683| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2684| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2685| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2686| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2687| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2688| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2689| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2690| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2691| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2692| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2693| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2694| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2695| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2696| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2697| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2698| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2699| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2700| [93532] Apache Commons Collections Library Java privilege escalation
2701| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2702| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2703| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2704| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2705| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2706| [93098] Apache Commons FileUpload privilege escalation
2707| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2708| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2709| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2710| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2711| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2712| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2713| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2714| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2715| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2716| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2717| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2718| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2719| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2720| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2721| [92549] Apache Tomcat on Red Hat privilege escalation
2722| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2723| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2724| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2725| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2726| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2727| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2728| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2729| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2730| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2731| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2732| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2733| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2734| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2735| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2736| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2737| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2738| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2739| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2740| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2741| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2742| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2743| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2744| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2745| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2746| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2747| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2748| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2749| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2750| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2751| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2752| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2753| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2754| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2755| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2756| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2757| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2758| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2759| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2760| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2761| [90263] Apache Archiva Header denial of service
2762| [90262] Apache Archiva Deserialize privilege escalation
2763| [90261] Apache Archiva XML DTD Connection privilege escalation
2764| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2765| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2766| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2767| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2768| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2769| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2770| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2771| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2772| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2773| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2774| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2775| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2776| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2777| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2778| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2779| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2780| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2781| [87765] Apache James Server 2.3.2 Command privilege escalation
2782| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2783| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2784| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2785| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2786| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2787| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2788| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2789| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2790| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2791| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2792| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2793| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2794| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2795| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2796| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2797| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2798| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2799| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2800| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2801| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2802| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2803| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2804| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2805| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2806| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2807| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2808| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2809| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2810| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2811| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2812| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2813| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2814| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2815| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2816| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2817| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2818| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2819| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2820| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2821| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2822| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2823| [82076] Apache Ranger up to 0.5.1 privilege escalation
2824| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2825| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2826| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2827| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2828| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2829| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2830| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2831| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2832| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2833| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2834| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2835| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2836| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2837| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2838| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2839| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2840| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2841| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2842| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2843| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2844| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2845| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2846| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2847| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2848| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2849| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2850| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2851| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2852| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2853| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2854| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2855| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2856| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2857| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2858| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2859| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2860| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2861| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2862| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2863| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2864| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2865| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2866| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2867| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2868| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2869| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2870| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2871| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2872| [78989] Apache Ambari up to 2.1.1 Open Redirect
2873| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2874| [78987] Apache Ambari up to 2.0.x cross site scripting
2875| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2876| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2877| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2878| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2879| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2880| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2881| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2882| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2883| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2884| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2885| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2886| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2887| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2888| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2889| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2890| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2891| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2892| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2893| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2894| [76567] Apache Struts 2.3.20 unknown vulnerability
2895| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2896| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2897| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2898| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2899| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2900| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2901| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2902| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2903| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2904| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2905| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2906| [74793] Apache Tomcat File Upload denial of service
2907| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2908| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2909| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2910| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2911| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2912| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2913| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2914| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2915| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2916| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2917| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2918| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2919| [74468] Apache Batik up to 1.6 denial of service
2920| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2921| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2922| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2923| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2924| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2925| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2926| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2927| [73731] Apache XML Security unknown vulnerability
2928| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2929| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2930| [73593] Apache Traffic Server up to 5.1.0 denial of service
2931| [73511] Apache POI up to 3.10 Deadlock denial of service
2932| [73510] Apache Solr up to 4.3.0 cross site scripting
2933| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2934| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2935| [73173] Apache CloudStack Stack-Based unknown vulnerability
2936| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2937| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2938| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2939| [72890] Apache Qpid 0.30 unknown vulnerability
2940| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2941| [72878] Apache Cordova 3.5.0 cross site request forgery
2942| [72877] Apache Cordova 3.5.0 cross site request forgery
2943| [72876] Apache Cordova 3.5.0 cross site request forgery
2944| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2945| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2946| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2947| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2948| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2949| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2950| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2951| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2952| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2953| [71629] Apache Axis2/C spoofing
2954| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2955| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2956| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2957| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2958| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2959| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2960| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2961| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2962| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2963| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2964| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2965| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2966| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2967| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2968| [70809] Apache POI up to 3.11 Crash denial of service
2969| [70808] Apache POI up to 3.10 unknown vulnerability
2970| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2971| [70749] Apache Axis up to 1.4 getCN spoofing
2972| [70701] Apache Traffic Server up to 3.3.5 denial of service
2973| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2974| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2975| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2976| [70661] Apache Subversion up to 1.6.17 denial of service
2977| [70660] Apache Subversion up to 1.6.17 spoofing
2978| [70659] Apache Subversion up to 1.6.17 spoofing
2979| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2980| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2981| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2982| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2983| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2984| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2985| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2986| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2987| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2988| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2989| [69846] Apache HBase up to 0.94.8 information disclosure
2990| [69783] Apache CouchDB up to 1.2.0 memory corruption
2991| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2992| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2993| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2994| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2995| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2996| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2997| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2998| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2999| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3000| [69431] Apache Archiva up to 1.3.6 cross site scripting
3001| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3002| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3003| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
3004| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3005| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3006| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3007| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3008| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3009| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3010| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3011| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3012| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3013| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3014| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3015| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3016| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3017| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3018| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3019| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3020| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3021| [66356] Apache Wicket up to 6.8.0 information disclosure
3022| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3023| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3024| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3025| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3026| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3027| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3028| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3029| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3030| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3031| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3032| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3033| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3034| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3035| [65668] Apache Solr 4.0.0 Updater denial of service
3036| [65665] Apache Solr up to 4.3.0 denial of service
3037| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3038| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3039| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3040| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3041| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3042| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3043| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3044| [65410] Apache Struts 2.3.15.3 cross site scripting
3045| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3046| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3047| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3048| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3049| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3050| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3051| [65340] Apache Shindig 2.5.0 information disclosure
3052| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3053| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3054| [10826] Apache Struts 2 File privilege escalation
3055| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3056| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3057| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3058| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3059| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3060| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3061| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3062| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3063| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3064| [64722] Apache XML Security for C++ Heap-based memory corruption
3065| [64719] Apache XML Security for C++ Heap-based memory corruption
3066| [64718] Apache XML Security for C++ verify denial of service
3067| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3068| [64716] Apache XML Security for C++ spoofing
3069| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3070| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3071| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3072| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3073| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3074| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3075| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3076| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3077| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3078| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3079| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3080| [64467] Apache Geronimo 3.0 memory corruption
3081| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3082| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3083| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3084| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3085| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3086| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3087| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3088| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3089| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3090| [8873] Apache Struts 2.3.14 privilege escalation
3091| [8872] Apache Struts 2.3.14 privilege escalation
3092| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3093| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3094| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3095| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3096| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3097| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3098| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3099| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3100| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3101| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3102| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3103| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3104| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3105| [8427] Apache Tomcat Session Transaction weak authentication
3106| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3107| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3108| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3109| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3110| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3111| [63747] Apache Rave up to 0.20 User Account information disclosure
3112| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3113| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3114| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3115| [7687] Apache CXF up to 2.7.2 Token weak authentication
3116| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3117| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3118| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3119| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3120| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3121| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3122| [63090] Apache Tomcat up to 4.1.24 denial of service
3123| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3124| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3125| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3126| [62833] Apache CXF -/2.6.0 spoofing
3127| [62832] Apache Axis2 up to 1.6.2 spoofing
3128| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3129| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3130| [62826] Apache Libcloud up to 0.11.0 spoofing
3131| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3132| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3133| [62661] Apache Axis2 unknown vulnerability
3134| [62658] Apache Axis2 unknown vulnerability
3135| [62467] Apache Qpid up to 0.17 denial of service
3136| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3137| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3138| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3139| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3140| [62035] Apache Struts up to 2.3.4 denial of service
3141| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3142| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3143| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3144| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3145| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3146| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3147| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3148| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3149| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3150| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3151| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3152| [61229] Apache Sling up to 2.1.1 denial of service
3153| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3154| [61094] Apache Roller up to 5.0 cross site scripting
3155| [61093] Apache Roller up to 5.0 cross site request forgery
3156| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3157| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3158| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3159| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3160| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3161| [60708] Apache Qpid 0.12 unknown vulnerability
3162| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3163| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3164| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3165| [4882] Apache Wicket up to 1.5.4 directory traversal
3166| [4881] Apache Wicket up to 1.4.19 cross site scripting
3167| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3168| [60352] Apache Struts up to 2.2.3 memory corruption
3169| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3170| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3171| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3172| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3173| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3174| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3175| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3176| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3177| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3178| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3179| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3180| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3181| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3182| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3183| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3184| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3185| [59888] Apache Tomcat up to 6.0.6 denial of service
3186| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3187| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3188| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3189| [59850] Apache Geronimo up to 2.2.1 denial of service
3190| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3191| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3192| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3193| [58413] Apache Tomcat up to 6.0.10 spoofing
3194| [58381] Apache Wicket up to 1.4.17 cross site scripting
3195| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3196| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3197| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3198| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3199| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3200| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3201| [57568] Apache Archiva up to 1.3.4 cross site scripting
3202| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3203| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3204| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3205| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3206| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3207| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3208| [57025] Apache Tomcat up to 7.0.11 information disclosure
3209| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3210| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3211| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3212| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3213| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3214| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3215| [56512] Apache Continuum up to 1.4.0 cross site scripting
3216| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3217| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3218| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3219| [56441] Apache Tomcat up to 7.0.6 denial of service
3220| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3221| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3222| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3223| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3224| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3225| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3226| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3227| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3228| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3229| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3230| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3231| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3232| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3233| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3234| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3235| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3236| [54012] Apache Tomcat up to 6.0.10 denial of service
3237| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3238| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3239| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3240| [52894] Apache Tomcat up to 6.0.7 information disclosure
3241| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3242| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3243| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3244| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3245| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3246| [52584] Apache CouchDB up to 0.10.1 information disclosure
3247| [51757] Apache HTTP Server 2.0.44 cross site scripting
3248| [51756] Apache HTTP Server 2.0.44 spoofing
3249| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3250| [51690] Apache Tomcat up to 6.0 directory traversal
3251| [51689] Apache Tomcat up to 6.0 information disclosure
3252| [51688] Apache Tomcat up to 6.0 directory traversal
3253| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3254| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3255| [50626] Apache Solr 1.0.0 cross site scripting
3256| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3257| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3258| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3259| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3260| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3261| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3262| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3263| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3264| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3265| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3266| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3267| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3268| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3269| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3270| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3271| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3272| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3273| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3274| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3275| [47214] Apachefriends xampp 1.6.8 spoofing
3276| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3277| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3278| [47065] Apache Tomcat 4.1.23 cross site scripting
3279| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3280| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3281| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3282| [86625] Apache Struts directory traversal
3283| [44461] Apache Tomcat up to 5.5.0 information disclosure
3284| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3285| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3286| [43663] Apache Tomcat up to 6.0.16 directory traversal
3287| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3288| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3289| [43516] Apache Tomcat up to 4.1.20 directory traversal
3290| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3291| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3292| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3293| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3294| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3295| [40924] Apache Tomcat up to 6.0.15 information disclosure
3296| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3297| [40922] Apache Tomcat up to 6.0 information disclosure
3298| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3299| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3300| [40656] Apache Tomcat 5.5.20 information disclosure
3301| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3302| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3303| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3304| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3305| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3306| [40234] Apache Tomcat up to 6.0.15 directory traversal
3307| [40221] Apache HTTP Server 2.2.6 information disclosure
3308| [40027] David Castro Apache Authcas 0.4 sql injection
3309| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3310| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3311| [3414] Apache Tomcat WebDAV Stored privilege escalation
3312| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3313| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3314| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3315| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3316| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3317| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3318| [38524] Apache Geronimo 2.0 unknown vulnerability
3319| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3320| [38331] Apache Tomcat 4.1.24 information disclosure
3321| [38330] Apache Tomcat 4.1.24 information disclosure
3322| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3323| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3324| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3325| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3326| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3327| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3328| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3329| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3330| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3331| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3332| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3333| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3334| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3335| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3336| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3337| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3338| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3339| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3340| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3341| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3342| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3343| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3344| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3345| [34252] Apache HTTP Server denial of service
3346| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3347| [33877] Apache Opentaps 0.9.3 cross site scripting
3348| [33876] Apache Open For Business Project unknown vulnerability
3349| [33875] Apache Open For Business Project cross site scripting
3350| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3351| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3352|
3353| MITRE CVE - https://cve.mitre.org:
3354| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3355| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3356| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3357| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3358| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3359| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3360| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3361| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3362| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3363| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3364| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3365| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3366| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3367| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3368| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3369| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3370| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3371| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3372| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3373| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3374| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3375| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3376| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3377| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3378| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3379| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3380| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3381| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3382| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3383| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3384| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3385| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3386| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3387| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3388| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3389| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3390| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3391| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3392| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3393| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3394| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3395| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3396| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3397| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3398| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3399| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3400| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3401| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3402| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3403| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3404| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3405| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3406| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3407| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3408| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3409| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3410| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3411| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3412| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3413| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3414| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3415| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3416| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3417| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3418| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3419| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3420| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3421| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3422| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3423| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3424| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3425| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3426| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3427| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3428| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3429| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3430| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3431| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3432| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3433| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3434| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3435| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3436| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3437| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3438| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3439| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3440| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3441| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3442| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3443| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3444| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3445| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3446| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3447| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3448| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3449| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3450| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3451| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3452| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3453| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3454| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3455| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3456| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3457| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3458| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3459| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3460| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3461| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3462| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3463| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3464| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3465| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3466| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3467| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3468| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3469| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3470| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3471| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3472| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3473| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3474| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3475| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3476| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3477| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3478| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3479| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3480| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3481| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3482| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3483| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3484| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3485| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3486| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3487| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3488| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3489| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3490| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3491| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3492| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3493| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3494| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3495| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3496| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3497| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3498| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3499| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3500| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3501| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3502| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3503| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3504| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3505| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3506| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3507| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3508| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3509| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3510| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3511| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3512| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3513| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3514| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3515| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3516| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3517| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3518| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3519| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3520| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3521| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3522| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3523| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3524| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3525| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3526| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3527| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3528| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3529| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3530| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3531| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3532| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3533| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3534| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3535| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3536| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3537| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3538| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3539| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3540| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3541| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3542| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3543| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3544| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3545| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3546| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3547| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3548| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3549| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3550| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3551| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3552| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3553| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3554| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3555| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3556| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3557| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3558| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3559| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3560| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3561| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3562| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3563| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3564| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3565| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3566| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3567| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3568| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3569| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3570| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3571| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3572| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3573| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3574| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3575| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3576| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3577| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3578| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3579| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3580| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3581| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3582| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3583| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3584| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3585| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3586| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3587| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3588| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3589| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3590| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3591| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3592| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3593| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3594| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3595| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3596| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3597| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3598| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3599| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3600| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3601| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3602| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3603| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3604| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3605| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3606| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3607| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3608| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3609| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3610| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3611| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3612| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3613| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3614| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3615| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3616| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3617| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3618| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3619| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3620| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3621| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3622| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3623| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3624| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3625| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3626| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3627| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3628| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3629| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3630| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3631| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3632| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3633| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3634| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3635| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3636| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3637| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3638| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3639| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3640| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3641| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3642| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3643| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3644| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3645| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3646| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3647| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3648| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3649| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3650| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3651| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3652| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3653| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3654| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3655| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3656| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3657| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3658| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3659| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3660| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3661| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3662| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3663| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3664| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3665| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3666| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3667| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3668| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3669| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3670| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3671| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3672| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3673| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3674| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3675| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3676| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3677| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3678| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3679| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3680| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3681| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3682| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3683| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3684| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3685| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3686| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3687| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3688| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3689| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3690| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3691| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3692| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3693| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3694| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3695| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3696| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3697| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3698| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3699| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3700| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3701| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3702| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3703| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3704| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3705| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3706| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3707| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3708| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3709| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3710| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3711| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3712| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3713| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3714| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3715| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3716| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3717| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3718| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3719| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3720| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3721| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3722| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3723| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3724| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3725| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3726| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3727| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3728| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3729| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3730| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3731| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3732| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3733| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3734| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3735| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3736| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3737| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3738| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3739| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3740| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3741| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3742| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3743| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3744| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3745| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3746| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3747| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3748| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3749| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3750| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3751| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3752| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3753| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3754| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3755| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3756| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3757| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3758| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3759| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3760| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3761| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3762| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3763| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3764| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3765| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3766| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3767| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3768| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3769| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3770| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3771| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3772| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3773| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3774| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3775| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3776| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3777| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3778| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3779| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3780| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3781| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3782| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3783| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3784| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3785| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3786| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3787| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3788| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3789| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3790| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3791| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3792| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3793| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3794| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3795| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3796| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3797| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3798| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3799| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3800| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3801| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3802| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3803| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3804| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3805| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3806| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3807| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3808| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3809| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3810| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3811| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3812| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3813| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3814| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3815| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3816| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3817| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3818| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3819| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3820| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3821| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3822| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3823| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3824| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3825| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3826| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3827| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3828| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3829| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3830| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3831| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3832| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3833| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3834| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3835| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3836| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3837| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3838| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3839| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3840| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3841| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3842| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3843| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3844| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3845| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3846| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3847| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3848| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3849| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3850| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3851| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3852| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3853| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3854| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3855| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3856| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3857| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3858| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3859| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3860| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3861| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3862| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3863| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3864| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3865| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3866| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3867| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3868| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3869| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3870| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3871| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3872| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3873| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3874| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3875| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3876| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3877| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3878| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3879| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3880| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3881| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3882| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3883| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3884| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3885| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3886| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3887| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3888| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3889| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3890| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3891| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3892| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3893| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3894| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3895| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3896| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3897| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3898| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3899| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3900| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3901| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3902| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3903| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3904| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3905| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3906| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3907| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3908| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3909| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3910| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3911| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3912| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3913| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3914| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3915| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3916| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3917| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3918| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3919| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3920| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3921| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3922| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3923| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3924| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3925| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3926| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3927| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3928| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3929| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3930| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3931| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3932| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3933| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3934| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3935| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3936| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3937| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3938| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3939| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3940| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3941| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3942| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3943| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3944| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3945| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3946| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3947| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3948| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3949| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3950| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3951| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3952| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3953| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3954| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3955| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3956| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3957| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3958| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3959| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3960| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3961| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3962| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3963|
3964| SecurityFocus - https://www.securityfocus.com/bid/:
3965| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3966| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3967| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3968| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3969| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3970| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3971| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3972| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3973| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3974| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3975| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3976| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3977| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3978| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3979| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3980| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3981| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3982| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3983| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3984| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3985| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3986| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3987| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3988| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3989| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3990| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3991| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3992| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3993| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3994| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3995| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3996| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3997| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3998| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3999| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4000| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4001| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4002| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4003| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4004| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4005| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4006| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4007| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4008| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4009| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4010| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4011| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4012| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4013| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4014| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4015| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4016| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4017| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4018| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4019| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4020| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4021| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4022| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4023| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4024| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4025| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4026| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4027| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4028| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4029| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4030| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4031| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4032| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4033| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4034| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4035| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4036| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4037| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4038| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4039| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4040| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4041| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4042| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4043| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4044| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4045| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4046| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4047| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4048| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4049| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4050| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4051| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4052| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4053| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4054| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4055| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4056| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4057| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4058| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4059| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4060| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4061| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4062| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4063| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4064| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4065| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4066| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4067| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4068| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4069| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4070| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4071| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4072| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4073| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4074| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4075| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4076| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4077| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4078| [100447] Apache2Triad Multiple Security Vulnerabilities
4079| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4080| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4081| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4082| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4083| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4084| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4085| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4086| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4087| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4088| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4089| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4090| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4091| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4092| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4093| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4094| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4095| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4096| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4097| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4098| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4099| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4100| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4101| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4102| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4103| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4104| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4105| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4106| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4107| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4108| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4109| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4110| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4111| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4112| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4113| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4114| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4115| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4116| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4117| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4118| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4119| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4120| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4121| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4122| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4123| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4124| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4125| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4126| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4127| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4128| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4129| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4130| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4131| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4132| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4133| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4134| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4135| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4136| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4137| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4138| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4139| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4140| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4141| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4142| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4143| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4144| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4145| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4146| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4147| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4148| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4149| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4150| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4151| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4152| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4153| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4154| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4155| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4156| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4157| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4158| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4159| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4160| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4161| [95675] Apache Struts Remote Code Execution Vulnerability
4162| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4163| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4164| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4165| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4166| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4167| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4168| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4169| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4170| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4171| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4172| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4173| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4174| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4175| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4176| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4177| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4178| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4179| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4180| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4181| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4182| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4183| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4184| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4185| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4186| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4187| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4188| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4189| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4190| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4191| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4192| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4193| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4194| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4195| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4196| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4197| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4198| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4199| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4200| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4201| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4202| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4203| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4204| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4205| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4206| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4207| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4208| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4209| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4210| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4211| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4212| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4213| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4214| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4215| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4216| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4217| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4218| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4219| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4220| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4221| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4222| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4223| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4224| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4225| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4226| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4227| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4228| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4229| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4230| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4231| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4232| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4233| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4234| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4235| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4236| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4237| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4238| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4239| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4240| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4241| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4242| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4243| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4244| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4245| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4246| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4247| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4248| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4249| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4250| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4251| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4252| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4253| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4254| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4255| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4256| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4257| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4258| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4259| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4260| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4261| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4262| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4263| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4264| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4265| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4266| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4267| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4268| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4269| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4270| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4271| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4272| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4273| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4274| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4275| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4276| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4277| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4278| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4279| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4280| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4281| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4282| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4283| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4284| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4285| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4286| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4287| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4288| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4289| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4290| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4291| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4292| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4293| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4294| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4295| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4296| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4297| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4298| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4299| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4300| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4301| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4302| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4303| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4304| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4305| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4306| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4307| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4308| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4309| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4310| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4311| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4312| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4313| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4314| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4315| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4316| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4317| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4318| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4319| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4320| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4321| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4322| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4323| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4324| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4325| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4326| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4327| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4328| [76933] Apache James Server Unspecified Command Execution Vulnerability
4329| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4330| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4331| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4332| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4333| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4334| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4335| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4336| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4337| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4338| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4339| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4340| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4341| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4342| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4343| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4344| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4345| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4346| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4347| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4348| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4349| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4350| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4351| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4352| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4353| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4354| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4355| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4356| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4357| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4358| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4359| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4360| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4361| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4362| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4363| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4364| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4365| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4366| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4367| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4368| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4369| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4370| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4371| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4372| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4373| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4374| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4375| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4376| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4377| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4378| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4379| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4380| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4381| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4382| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4383| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4384| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4385| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4386| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4387| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4388| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4389| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4390| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4391| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4392| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4393| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4394| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4395| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4396| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4397| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4398| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4399| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4400| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4401| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4402| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4403| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4404| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4405| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4406| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4407| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4408| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4409| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4410| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4411| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4412| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4413| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4414| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4415| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4416| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4417| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4418| [68229] Apache Harmony PRNG Entropy Weakness
4419| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4420| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4421| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4422| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4423| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4424| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4425| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4426| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4427| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4428| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4429| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4430| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4431| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4432| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4433| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4434| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4435| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4436| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4437| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4438| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4439| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4440| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4441| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4442| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4443| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4444| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4445| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4446| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4447| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4448| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4449| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4450| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4451| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4452| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4453| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4454| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4455| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4456| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4457| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4458| [64780] Apache CloudStack Unauthorized Access Vulnerability
4459| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4460| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4461| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4462| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4463| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4464| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4465| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4466| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4467| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4468| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4469| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4470| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4471| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4472| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4473| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4474| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4475| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4476| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4477| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4478| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4479| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4480| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4481| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4482| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4483| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4484| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4485| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4486| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4487| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4488| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4489| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4490| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4491| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4492| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4493| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4494| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4495| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4496| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4497| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4498| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4499| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4500| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4501| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4502| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4503| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4504| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4505| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4506| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4507| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4508| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4509| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4510| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4511| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4512| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4513| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4514| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4515| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4516| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4517| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4518| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4519| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4520| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4521| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4522| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4523| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4524| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4525| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4526| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4527| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4528| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4529| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4530| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4531| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4532| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4533| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4534| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4535| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4536| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4537| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4538| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4539| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4540| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4541| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4542| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4543| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4544| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4545| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4546| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4547| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4548| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4549| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4550| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4551| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4552| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4553| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4554| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4555| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4556| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4557| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4558| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4559| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4560| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4561| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4562| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4563| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4564| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4565| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4566| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4567| [54798] Apache Libcloud Man In The Middle Vulnerability
4568| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4569| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4570| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4571| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4572| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4573| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4574| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4575| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4576| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4577| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4578| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4579| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4580| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4581| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4582| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4583| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4584| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4585| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4586| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4587| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4588| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4589| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4590| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4591| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4592| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4593| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4594| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4595| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4596| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4597| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4598| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4599| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4600| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4601| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4602| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4603| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4604| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4605| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4606| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4607| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4608| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4609| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4610| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4611| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4612| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4613| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4614| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4615| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4616| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4617| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4618| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4619| [49290] Apache Wicket Cross Site Scripting Vulnerability
4620| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4621| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4622| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4623| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4624| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4625| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4626| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4627| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4628| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4629| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4630| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4631| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4632| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4633| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4634| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4635| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4636| [46953] Apache MPM-ITK Module Security Weakness
4637| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4638| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4639| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4640| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4641| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4642| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4643| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4644| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4645| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4646| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4647| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4648| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4649| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4650| [44616] Apache Shiro Directory Traversal Vulnerability
4651| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4652| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4653| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4654| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4655| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4656| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4657| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4658| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4659| [42492] Apache CXF XML DTD Processing Security Vulnerability
4660| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4661| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4662| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4663| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4664| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4665| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4666| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4667| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4668| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4669| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4670| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4671| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4672| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4673| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4674| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4675| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4676| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4677| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4678| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4679| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4680| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4681| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4682| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4683| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4684| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4685| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4686| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4687| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4688| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4689| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4690| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4691| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4692| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4693| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4694| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4695| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4696| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4697| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4698| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4699| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4700| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4701| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4702| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4703| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4704| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4705| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4706| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4707| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4708| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4709| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4710| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4711| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4712| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4713| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4714| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4715| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4716| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4717| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4718| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4719| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4720| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4721| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4722| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4723| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4724| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4725| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4726| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4727| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4728| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4729| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4730| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4731| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4732| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4733| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4734| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4735| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4736| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4737| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4738| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4739| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4740| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4741| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4742| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4743| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4744| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4745| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4746| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4747| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4748| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4749| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4750| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4751| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4752| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4753| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4754| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4755| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4756| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4757| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4758| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4759| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4760| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4761| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4762| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4763| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4764| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4765| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4766| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4767| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4768| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4769| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4770| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4771| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4772| [20527] Apache Mod_TCL Remote Format String Vulnerability
4773| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4774| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4775| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4776| [19106] Apache Tomcat Information Disclosure Vulnerability
4777| [18138] Apache James SMTP Denial Of Service Vulnerability
4778| [17342] Apache Struts Multiple Remote Vulnerabilities
4779| [17095] Apache Log4Net Denial Of Service Vulnerability
4780| [16916] Apache mod_python FileSession Code Execution Vulnerability
4781| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4782| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4783| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4784| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4785| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4786| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4787| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4788| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4789| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4790| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4791| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4792| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4793| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4794| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4795| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4796| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4797| [14106] Apache HTTP Request Smuggling Vulnerability
4798| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4799| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4800| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4801| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4802| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4803| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4804| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4805| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4806| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4807| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4808| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4809| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4810| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4811| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4812| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4813| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4814| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4815| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4816| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4817| [11094] Apache mod_ssl Denial Of Service Vulnerability
4818| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4819| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4820| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4821| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4822| [10478] ClueCentral Apache Suexec Patch Security Weakness
4823| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4824| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4825| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4826| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4827| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4828| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4829| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4830| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4831| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4832| [9733] Apache Cygwin Directory Traversal Vulnerability
4833| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4834| [9590] Apache-SSL Client Certificate Forging Vulnerability
4835| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4836| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4837| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4838| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4839| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4840| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4841| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4842| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4843| [8898] Red Hat Apache Directory Index Default Configuration Error
4844| [8883] Apache Cocoon Directory Traversal Vulnerability
4845| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4846| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4847| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4848| [8707] Apache htpasswd Password Entropy Weakness
4849| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4850| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4851| [8226] Apache HTTP Server Multiple Vulnerabilities
4852| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4853| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4854| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4855| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4856| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4857| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4858| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4859| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4860| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4861| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4862| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4863| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4864| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4865| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4866| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4867| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4868| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4869| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4870| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4871| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4872| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4873| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4874| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4875| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4876| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4877| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4878| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4879| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4880| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4881| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4882| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4883| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4884| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4885| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4886| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4887| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4888| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4889| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4890| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4891| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4892| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4893| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4894| [5485] Apache 2.0 Path Disclosure Vulnerability
4895| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4896| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4897| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4898| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4899| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4900| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4901| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4902| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4903| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4904| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4905| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4906| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4907| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4908| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4909| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4910| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4911| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4912| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4913| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4914| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4915| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4916| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4917| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4918| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4919| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4920| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4921| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4922| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4923| [3596] Apache Split-Logfile File Append Vulnerability
4924| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4925| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4926| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4927| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4928| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4929| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4930| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4931| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4932| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4933| [3169] Apache Server Address Disclosure Vulnerability
4934| [3009] Apache Possible Directory Index Disclosure Vulnerability
4935| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4936| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4937| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4938| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4939| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4940| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4941| [2216] Apache Web Server DoS Vulnerability
4942| [2182] Apache /tmp File Race Vulnerability
4943| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4944| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4945| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4946| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4947| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4948| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4949| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4950| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4951| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4952| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4953| [1457] Apache::ASP source.asp Example Script Vulnerability
4954| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4955| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4956|
4957| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4958| [86258] Apache CloudStack text fields cross-site scripting
4959| [85983] Apache Subversion mod_dav_svn module denial of service
4960| [85875] Apache OFBiz UEL code execution
4961| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4962| [85871] Apache HTTP Server mod_session_dbd unspecified
4963| [85756] Apache Struts OGNL expression command execution
4964| [85755] Apache Struts DefaultActionMapper class open redirect
4965| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4966| [85574] Apache HTTP Server mod_dav denial of service
4967| [85573] Apache Struts Showcase App OGNL code execution
4968| [85496] Apache CXF denial of service
4969| [85423] Apache Geronimo RMI classloader code execution
4970| [85326] Apache Santuario XML Security for C++ buffer overflow
4971| [85323] Apache Santuario XML Security for Java spoofing
4972| [85319] Apache Qpid Python client SSL spoofing
4973| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4974| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4975| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4976| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4977| [84952] Apache Tomcat CVE-2012-3544 denial of service
4978| [84763] Apache Struts CVE-2013-2135 security bypass
4979| [84762] Apache Struts CVE-2013-2134 security bypass
4980| [84719] Apache Subversion CVE-2013-2088 command execution
4981| [84718] Apache Subversion CVE-2013-2112 denial of service
4982| [84717] Apache Subversion CVE-2013-1968 denial of service
4983| [84577] Apache Tomcat security bypass
4984| [84576] Apache Tomcat symlink
4985| [84543] Apache Struts CVE-2013-2115 security bypass
4986| [84542] Apache Struts CVE-2013-1966 security bypass
4987| [84154] Apache Tomcat session hijacking
4988| [84144] Apache Tomcat denial of service
4989| [84143] Apache Tomcat information disclosure
4990| [84111] Apache HTTP Server command execution
4991| [84043] Apache Virtual Computing Lab cross-site scripting
4992| [84042] Apache Virtual Computing Lab cross-site scripting
4993| [83782] Apache CloudStack information disclosure
4994| [83781] Apache CloudStack security bypass
4995| [83720] Apache ActiveMQ cross-site scripting
4996| [83719] Apache ActiveMQ denial of service
4997| [83718] Apache ActiveMQ denial of service
4998| [83263] Apache Subversion denial of service
4999| [83262] Apache Subversion denial of service
5000| [83261] Apache Subversion denial of service
5001| [83259] Apache Subversion denial of service
5002| [83035] Apache mod_ruid2 security bypass
5003| [82852] Apache Qpid federation_tag security bypass
5004| [82851] Apache Qpid qpid::framing::Buffer denial of service
5005| [82758] Apache Rave User RPC API information disclosure
5006| [82663] Apache Subversion svn_fs_file_length() denial of service
5007| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5008| [82641] Apache Qpid AMQP denial of service
5009| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5010| [82618] Apache Commons FileUpload symlink
5011| [82360] Apache HTTP Server manager interface cross-site scripting
5012| [82359] Apache HTTP Server hostnames cross-site scripting
5013| [82338] Apache Tomcat log/logdir information disclosure
5014| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5015| [82268] Apache OpenJPA deserialization command execution
5016| [81981] Apache CXF UsernameTokens security bypass
5017| [81980] Apache CXF WS-Security security bypass
5018| [81398] Apache OFBiz cross-site scripting
5019| [81240] Apache CouchDB directory traversal
5020| [81226] Apache CouchDB JSONP code execution
5021| [81225] Apache CouchDB Futon user interface cross-site scripting
5022| [81211] Apache Axis2/C SSL spoofing
5023| [81167] Apache CloudStack DeployVM information disclosure
5024| [81166] Apache CloudStack AddHost API information disclosure
5025| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5026| [80518] Apache Tomcat cross-site request forgery security bypass
5027| [80517] Apache Tomcat FormAuthenticator security bypass
5028| [80516] Apache Tomcat NIO denial of service
5029| [80408] Apache Tomcat replay-countermeasure security bypass
5030| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5031| [80317] Apache Tomcat slowloris denial of service
5032| [79984] Apache Commons HttpClient SSL spoofing
5033| [79983] Apache CXF SSL spoofing
5034| [79830] Apache Axis2/Java SSL spoofing
5035| [79829] Apache Axis SSL spoofing
5036| [79809] Apache Tomcat DIGEST security bypass
5037| [79806] Apache Tomcat parseHeaders() denial of service
5038| [79540] Apache OFBiz unspecified
5039| [79487] Apache Axis2 SAML security bypass
5040| [79212] Apache Cloudstack code execution
5041| [78734] Apache CXF SOAP Action security bypass
5042| [78730] Apache Qpid broker denial of service
5043| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5044| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5045| [78562] Apache mod_pagespeed module security bypass
5046| [78454] Apache Axis2 security bypass
5047| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5048| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5049| [78321] Apache Wicket unspecified cross-site scripting
5050| [78183] Apache Struts parameters denial of service
5051| [78182] Apache Struts cross-site request forgery
5052| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5053| [77987] mod_rpaf module for Apache denial of service
5054| [77958] Apache Struts skill name code execution
5055| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5056| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5057| [77568] Apache Qpid broker security bypass
5058| [77421] Apache Libcloud spoofing
5059| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5060| [77046] Oracle Solaris Apache HTTP Server information disclosure
5061| [76837] Apache Hadoop information disclosure
5062| [76802] Apache Sling CopyFrom denial of service
5063| [76692] Apache Hadoop symlink
5064| [76535] Apache Roller console cross-site request forgery
5065| [76534] Apache Roller weblog cross-site scripting
5066| [76152] Apache CXF elements security bypass
5067| [76151] Apache CXF child policies security bypass
5068| [75983] MapServer for Windows Apache file include
5069| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5070| [75558] Apache POI denial of service
5071| [75545] PHP apache_request_headers() buffer overflow
5072| [75302] Apache Qpid SASL security bypass
5073| [75211] Debian GNU/Linux apache 2 cross-site scripting
5074| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5075| [74871] Apache OFBiz FlexibleStringExpander code execution
5076| [74870] Apache OFBiz multiple cross-site scripting
5077| [74750] Apache Hadoop unspecified spoofing
5078| [74319] Apache Struts XSLTResult.java file upload
5079| [74313] Apache Traffic Server header buffer overflow
5080| [74276] Apache Wicket directory traversal
5081| [74273] Apache Wicket unspecified cross-site scripting
5082| [74181] Apache HTTP Server mod_fcgid module denial of service
5083| [73690] Apache Struts OGNL code execution
5084| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5085| [73100] Apache MyFaces in directory traversal
5086| [73096] Apache APR hash denial of service
5087| [73052] Apache Struts name cross-site scripting
5088| [73030] Apache CXF UsernameToken security bypass
5089| [72888] Apache Struts lastName cross-site scripting
5090| [72758] Apache HTTP Server httpOnly information disclosure
5091| [72757] Apache HTTP Server MPM denial of service
5092| [72585] Apache Struts ParameterInterceptor security bypass
5093| [72438] Apache Tomcat Digest security bypass
5094| [72437] Apache Tomcat Digest security bypass
5095| [72436] Apache Tomcat DIGEST security bypass
5096| [72425] Apache Tomcat parameter denial of service
5097| [72422] Apache Tomcat request object information disclosure
5098| [72377] Apache HTTP Server scoreboard security bypass
5099| [72345] Apache HTTP Server HTTP request denial of service
5100| [72229] Apache Struts ExceptionDelegator command execution
5101| [72089] Apache Struts ParameterInterceptor directory traversal
5102| [72088] Apache Struts CookieInterceptor command execution
5103| [72047] Apache Geronimo hash denial of service
5104| [72016] Apache Tomcat hash denial of service
5105| [71711] Apache Struts OGNL expression code execution
5106| [71654] Apache Struts interfaces security bypass
5107| [71620] Apache ActiveMQ failover denial of service
5108| [71617] Apache HTTP Server mod_proxy module information disclosure
5109| [71508] Apache MyFaces EL security bypass
5110| [71445] Apache HTTP Server mod_proxy security bypass
5111| [71203] Apache Tomcat servlets privilege escalation
5112| [71181] Apache HTTP Server ap_pregsub() denial of service
5113| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5114| [70336] Apache HTTP Server mod_proxy information disclosure
5115| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5116| [69472] Apache Tomcat AJP security bypass
5117| [69396] Apache HTTP Server ByteRange filter denial of service
5118| [69394] Apache Wicket multi window support cross-site scripting
5119| [69176] Apache Tomcat XML information disclosure
5120| [69161] Apache Tomcat jsvc information disclosure
5121| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5122| [68541] Apache Tomcat sendfile information disclosure
5123| [68420] Apache XML Security denial of service
5124| [68238] Apache Tomcat JMX information disclosure
5125| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5126| [67804] Apache Subversion control rules information disclosure
5127| [67803] Apache Subversion control rules denial of service
5128| [67802] Apache Subversion baselined denial of service
5129| [67672] Apache Archiva multiple cross-site scripting
5130| [67671] Apache Archiva multiple cross-site request forgery
5131| [67564] Apache APR apr_fnmatch() denial of service
5132| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5133| [67515] Apache Tomcat annotations security bypass
5134| [67480] Apache Struts s:submit information disclosure
5135| [67414] Apache APR apr_fnmatch() denial of service
5136| [67356] Apache Struts javatemplates cross-site scripting
5137| [67354] Apache Struts Xwork cross-site scripting
5138| [66676] Apache Tomcat HTTP BIO information disclosure
5139| [66675] Apache Tomcat web.xml security bypass
5140| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5141| [66241] Apache HttpComponents information disclosure
5142| [66154] Apache Tomcat ServletSecurity security bypass
5143| [65971] Apache Tomcat ServletSecurity security bypass
5144| [65876] Apache Subversion mod_dav_svn denial of service
5145| [65343] Apache Continuum unspecified cross-site scripting
5146| [65162] Apache Tomcat NIO connector denial of service
5147| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5148| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5149| [65159] Apache Tomcat ServletContect security bypass
5150| [65050] Apache CouchDB web-based administration UI cross-site scripting
5151| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5152| [64473] Apache Subversion blame -g denial of service
5153| [64472] Apache Subversion walk() denial of service
5154| [64407] Apache Axis2 CVE-2010-0219 code execution
5155| [63926] Apache Archiva password privilege escalation
5156| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5157| [63493] Apache Archiva credentials cross-site request forgery
5158| [63477] Apache Tomcat HttpOnly session hijacking
5159| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5160| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5161| [62959] Apache Shiro filters security bypass
5162| [62790] Apache Perl cgi module denial of service
5163| [62576] Apache Qpid exchange denial of service
5164| [62575] Apache Qpid AMQP denial of service
5165| [62354] Apache Qpid SSL denial of service
5166| [62235] Apache APR-util apr_brigade_split_line() denial of service
5167| [62181] Apache XML-RPC SAX Parser information disclosure
5168| [61721] Apache Traffic Server cache poisoning
5169| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5170| [61186] Apache CouchDB Futon cross-site request forgery
5171| [61169] Apache CXF DTD denial of service
5172| [61070] Apache Jackrabbit search.jsp SQL injection
5173| [61006] Apache SLMS Quoting cross-site request forgery
5174| [60962] Apache Tomcat time cross-site scripting
5175| [60883] Apache mod_proxy_http information disclosure
5176| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5177| [60264] Apache Tomcat Transfer-Encoding denial of service
5178| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5179| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5180| [59413] Apache mod_proxy_http timeout information disclosure
5181| [59058] Apache MyFaces unencrypted view state cross-site scripting
5182| [58827] Apache Axis2 xsd file include
5183| [58790] Apache Axis2 modules cross-site scripting
5184| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5185| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5186| [58056] Apache ActiveMQ .jsp source code disclosure
5187| [58055] Apache Tomcat realm name information disclosure
5188| [58046] Apache HTTP Server mod_auth_shadow security bypass
5189| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5190| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5191| [57429] Apache CouchDB algorithms information disclosure
5192| [57398] Apache ActiveMQ Web console cross-site request forgery
5193| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5194| [56653] Apache HTTP Server DNS spoofing
5195| [56652] Apache HTTP Server DNS cross-site scripting
5196| [56625] Apache HTTP Server request header information disclosure
5197| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5198| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5199| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5200| [55857] Apache Tomcat WAR files directory traversal
5201| [55856] Apache Tomcat autoDeploy attribute security bypass
5202| [55855] Apache Tomcat WAR directory traversal
5203| [55210] Intuit component for Joomla! Apache information disclosure
5204| [54533] Apache Tomcat 404 error page cross-site scripting
5205| [54182] Apache Tomcat admin default password
5206| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5207| [53666] Apache HTTP Server Solaris pollset support denial of service
5208| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5209| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5210| [53041] mod_proxy_ftp module for Apache denial of service
5211| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5212| [51953] Apache Tomcat Path Disclosure
5213| [51952] Apache Tomcat Path Traversal
5214| [51951] Apache stronghold-status Information Disclosure
5215| [51950] Apache stronghold-info Information Disclosure
5216| [51949] Apache PHP Source Code Disclosure
5217| [51948] Apache Multiviews Attack
5218| [51946] Apache JServ Environment Status Information Disclosure
5219| [51945] Apache error_log Information Disclosure
5220| [51944] Apache Default Installation Page Pattern Found
5221| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5222| [51942] Apache AXIS XML External Entity File Retrieval
5223| [51941] Apache AXIS Sample Servlet Information Leak
5224| [51940] Apache access_log Information Disclosure
5225| [51626] Apache mod_deflate denial of service
5226| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5227| [51365] Apache Tomcat RequestDispatcher security bypass
5228| [51273] Apache HTTP Server Incomplete Request denial of service
5229| [51195] Apache Tomcat XML information disclosure
5230| [50994] Apache APR-util xml/apr_xml.c denial of service
5231| [50993] Apache APR-util apr_brigade_vprintf denial of service
5232| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5233| [50930] Apache Tomcat j_security_check information disclosure
5234| [50928] Apache Tomcat AJP denial of service
5235| [50884] Apache HTTP Server XML ENTITY denial of service
5236| [50808] Apache HTTP Server AllowOverride privilege escalation
5237| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5238| [50059] Apache mod_proxy_ajp information disclosure
5239| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5240| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5241| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5242| [49921] Apache ActiveMQ Web interface cross-site scripting
5243| [49898] Apache Geronimo Services/Repository directory traversal
5244| [49725] Apache Tomcat mod_jk module information disclosure
5245| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5246| [49712] Apache Struts unspecified cross-site scripting
5247| [49213] Apache Tomcat cal2.jsp cross-site scripting
5248| [48934] Apache Tomcat POST doRead method information disclosure
5249| [48211] Apache Tomcat header HTTP request smuggling
5250| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5251| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5252| [47709] Apache Roller "
5253| [47104] Novell Netware ApacheAdmin console security bypass
5254| [47086] Apache HTTP Server OS fingerprinting unspecified
5255| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5256| [45791] Apache Tomcat RemoteFilterValve security bypass
5257| [44435] Oracle WebLogic Apache Connector buffer overflow
5258| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5259| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5260| [44156] Apache Tomcat RequestDispatcher directory traversal
5261| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5262| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5263| [42987] Apache HTTP Server mod_proxy module denial of service
5264| [42915] Apache Tomcat JSP files path disclosure
5265| [42914] Apache Tomcat MS-DOS path disclosure
5266| [42892] Apache Tomcat unspecified unauthorized access
5267| [42816] Apache Tomcat Host Manager cross-site scripting
5268| [42303] Apache 403 error cross-site scripting
5269| [41618] Apache-SSL ExpandCert() authentication bypass
5270| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5271| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5272| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5273| [40562] Apache Geronimo init information disclosure
5274| [40478] Novell Web Manager webadmin-apache.conf security bypass
5275| [40411] Apache Tomcat exception handling information disclosure
5276| [40409] Apache Tomcat native (APR based) connector weak security
5277| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5278| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5279| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5280| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5281| [39804] Apache Tomcat SingleSignOn information disclosure
5282| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5283| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5284| [39608] Apache HTTP Server balancer manager cross-site request forgery
5285| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5286| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5287| [39472] Apache HTTP Server mod_status cross-site scripting
5288| [39201] Apache Tomcat JULI logging weak security
5289| [39158] Apache HTTP Server Windows SMB shares information disclosure
5290| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5291| [38951] Apache::AuthCAS Perl module cookie SQL injection
5292| [38800] Apache HTTP Server 413 error page cross-site scripting
5293| [38211] Apache Geronimo SQLLoginModule authentication bypass
5294| [37243] Apache Tomcat WebDAV directory traversal
5295| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5296| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5297| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5298| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5299| [36782] Apache Geronimo MEJB unauthorized access
5300| [36586] Apache HTTP Server UTF-7 cross-site scripting
5301| [36468] Apache Geronimo LoginModule security bypass
5302| [36467] Apache Tomcat functions.jsp cross-site scripting
5303| [36402] Apache Tomcat calendar cross-site request forgery
5304| [36354] Apache HTTP Server mod_proxy module denial of service
5305| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5306| [36336] Apache Derby lock table privilege escalation
5307| [36335] Apache Derby schema privilege escalation
5308| [36006] Apache Tomcat "
5309| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5310| [35999] Apache Tomcat \"
5311| [35795] Apache Tomcat CookieExample cross-site scripting
5312| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5313| [35384] Apache HTTP Server mod_cache module denial of service
5314| [35097] Apache HTTP Server mod_status module cross-site scripting
5315| [35095] Apache HTTP Server Prefork MPM module denial of service
5316| [34984] Apache HTTP Server recall_headers information disclosure
5317| [34966] Apache HTTP Server MPM content spoofing
5318| [34965] Apache HTTP Server MPM information disclosure
5319| [34963] Apache HTTP Server MPM multiple denial of service
5320| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5321| [34869] Apache Tomcat JSP example Web application cross-site scripting
5322| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5323| [34496] Apache Tomcat JK Connector security bypass
5324| [34377] Apache Tomcat hello.jsp cross-site scripting
5325| [34212] Apache Tomcat SSL configuration security bypass
5326| [34210] Apache Tomcat Accept-Language cross-site scripting
5327| [34209] Apache Tomcat calendar application cross-site scripting
5328| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5329| [34167] Apache Axis WSDL file path disclosure
5330| [34068] Apache Tomcat AJP connector information disclosure
5331| [33584] Apache HTTP Server suEXEC privilege escalation
5332| [32988] Apache Tomcat proxy module directory traversal
5333| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5334| [32708] Debian Apache tty privilege escalation
5335| [32441] ApacheStats extract() PHP call unspecified
5336| [32128] Apache Tomcat default account
5337| [31680] Apache Tomcat RequestParamExample cross-site scripting
5338| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5339| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5340| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5341| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5342| [29550] Apache mod_tcl set_var() format string
5343| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5344| [28357] Apache HTTP Server mod_alias script source information disclosure
5345| [28063] Apache mod_rewrite off-by-one buffer overflow
5346| [27902] Apache Tomcat URL information disclosure
5347| [26786] Apache James SMTP server denial of service
5348| [25680] libapache2 /tmp/svn file upload
5349| [25614] Apache Struts lookupMap cross-site scripting
5350| [25613] Apache Struts ActionForm denial of service
5351| [25612] Apache Struts isCancelled() security bypass
5352| [24965] Apache mod_python FileSession command execution
5353| [24716] Apache James spooler memory leak denial of service
5354| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5355| [24158] Apache Geronimo jsp-examples cross-site scripting
5356| [24030] Apache auth_ldap module multiple format strings
5357| [24008] Apache mod_ssl custom error message denial of service
5358| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5359| [23612] Apache mod_imap referer field cross-site scripting
5360| [23173] Apache Struts error message cross-site scripting
5361| [22942] Apache Tomcat directory listing denial of service
5362| [22858] Apache Multi-Processing Module code allows denial of service
5363| [22602] RHSA-2005:582 updates for Apache httpd not installed
5364| [22520] Apache mod-auth-shadow "
5365| [22466] ApacheTop symlink
5366| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5367| [22006] Apache HTTP Server byte-range filter denial of service
5368| [21567] Apache mod_ssl off-by-one buffer overflow
5369| [21195] Apache HTTP Server header HTTP request smuggling
5370| [20383] Apache HTTP Server htdigest buffer overflow
5371| [19681] Apache Tomcat AJP12 request denial of service
5372| [18993] Apache HTTP server check_forensic symlink attack
5373| [18790] Apache Tomcat Manager cross-site scripting
5374| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5375| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5376| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5377| [17961] Apache Web server ServerTokens has not been set
5378| [17930] Apache HTTP Server HTTP GET request denial of service
5379| [17785] Apache mod_include module buffer overflow
5380| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5381| [17473] Apache HTTP Server Satisfy directive allows access to resources
5382| [17413] Apache htpasswd buffer overflow
5383| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5384| [17382] Apache HTTP Server IPv6 apr_util denial of service
5385| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5386| [17273] Apache HTTP Server speculative mode denial of service
5387| [17200] Apache HTTP Server mod_ssl denial of service
5388| [16890] Apache HTTP Server server-info request has been detected
5389| [16889] Apache HTTP Server server-status request has been detected
5390| [16705] Apache mod_ssl format string attack
5391| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5392| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5393| [16230] Apache HTTP Server PHP denial of service
5394| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5395| [15958] Apache HTTP Server authentication modules memory corruption
5396| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5397| [15540] Apache HTTP Server socket starvation denial of service
5398| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5399| [15422] Apache HTTP Server mod_access information disclosure
5400| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5401| [15293] Apache for Cygwin "
5402| [15065] Apache-SSL has a default password
5403| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5404| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5405| [14751] Apache Mod_python output filter information disclosure
5406| [14125] Apache HTTP Server mod_userdir module information disclosure
5407| [14075] Apache HTTP Server mod_php file descriptor leak
5408| [13703] Apache HTTP Server account
5409| [13689] Apache HTTP Server configuration allows symlinks
5410| [13688] Apache HTTP Server configuration allows SSI
5411| [13687] Apache HTTP Server Server: header value
5412| [13685] Apache HTTP Server ServerTokens value
5413| [13684] Apache HTTP Server ServerSignature value
5414| [13672] Apache HTTP Server config allows directory autoindexing
5415| [13671] Apache HTTP Server default content
5416| [13670] Apache HTTP Server config file directive references outside content root
5417| [13668] Apache HTTP Server httpd not running in chroot environment
5418| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5419| [13664] Apache HTTP Server config file contains ScriptAlias entry
5420| [13663] Apache HTTP Server CGI support modules loaded
5421| [13661] Apache HTTP Server config file contains AddHandler entry
5422| [13660] Apache HTTP Server 500 error page not CGI script
5423| [13659] Apache HTTP Server 413 error page not CGI script
5424| [13658] Apache HTTP Server 403 error page not CGI script
5425| [13657] Apache HTTP Server 401 error page not CGI script
5426| [13552] Apache HTTP Server mod_cgid module information disclosure
5427| [13550] Apache GET request directory traversal
5428| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5429| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5430| [13429] Apache Tomcat non-HTTP request denial of service
5431| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5432| [13295] Apache weak password encryption
5433| [13254] Apache Tomcat .jsp cross-site scripting
5434| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5435| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5436| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5437| [12662] Apache HTTP Server rotatelogs denial of service
5438| [12554] Apache Tomcat stores password in plain text
5439| [12553] Apache HTTP Server redirects and subrequests denial of service
5440| [12552] Apache HTTP Server FTP proxy server denial of service
5441| [12551] Apache HTTP Server prefork MPM denial of service
5442| [12550] Apache HTTP Server weaker than expected encryption
5443| [12549] Apache HTTP Server type-map file denial of service
5444| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5445| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5446| [12091] Apache HTTP Server apr_password_validate denial of service
5447| [12090] Apache HTTP Server apr_psprintf code execution
5448| [11804] Apache HTTP Server mod_access_referer denial of service
5449| [11750] Apache HTTP Server could leak sensitive file descriptors
5450| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5451| [11703] Apache long slash path allows directory listing
5452| [11695] Apache HTTP Server LF (Line Feed) denial of service
5453| [11694] Apache HTTP Server filestat.c denial of service
5454| [11438] Apache HTTP Server MIME message boundaries information disclosure
5455| [11412] Apache HTTP Server error log terminal escape sequence injection
5456| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5457| [11195] Apache Tomcat web.xml could be used to read files
5458| [11194] Apache Tomcat URL appended with a null character could list directories
5459| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5460| [11126] Apache HTTP Server illegal character file disclosure
5461| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5462| [11124] Apache HTTP Server DOS device name denial of service
5463| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5464| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5465| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5466| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5467| [10499] Apache HTTP Server WebDAV HTTP POST view source
5468| [10457] Apache HTTP Server mod_ssl "
5469| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5470| [10414] Apache HTTP Server htdigest multiple buffer overflows
5471| [10413] Apache HTTP Server htdigest temporary file race condition
5472| [10412] Apache HTTP Server htpasswd temporary file race condition
5473| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5474| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5475| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5476| [10280] Apache HTTP Server shared memory scorecard overwrite
5477| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5478| [10241] Apache HTTP Server Host: header cross-site scripting
5479| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5480| [10208] Apache HTTP Server mod_dav denial of service
5481| [10206] HP VVOS Apache mod_ssl denial of service
5482| [10200] Apache HTTP Server stderr denial of service
5483| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5484| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5485| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5486| [10098] Slapper worm targets OpenSSL/Apache systems
5487| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5488| [9875] Apache HTTP Server .var file request could disclose installation path
5489| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5490| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5491| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5492| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5493| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5494| [9396] Apache Tomcat null character to threads denial of service
5495| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5496| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5497| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5498| [8932] Apache Tomcat example class information disclosure
5499| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5500| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5501| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5502| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5503| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5504| [8400] Apache HTTP Server mod_frontpage buffer overflows
5505| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5506| [8308] Apache "
5507| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5508| [8119] Apache and PHP OPTIONS request reveals "
5509| [8054] Apache is running on the system
5510| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5511| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5512| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5513| [7836] Apache HTTP Server log directory denial of service
5514| [7815] Apache for Windows "
5515| [7810] Apache HTTP request could result in unexpected behavior
5516| [7599] Apache Tomcat reveals installation path
5517| [7494] Apache "
5518| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5519| [7363] Apache Web Server hidden HTTP requests
5520| [7249] Apache mod_proxy denial of service
5521| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5522| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5523| [7059] Apache "
5524| [7057] Apache "
5525| [7056] Apache "
5526| [7055] Apache "
5527| [7054] Apache "
5528| [6997] Apache Jakarta Tomcat error message may reveal information
5529| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5530| [6970] Apache crafted HTTP request could reveal the internal IP address
5531| [6921] Apache long slash path allows directory listing
5532| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5533| [6527] Apache Web Server for Windows and OS2 denial of service
5534| [6316] Apache Jakarta Tomcat may reveal JSP source code
5535| [6305] Apache Jakarta Tomcat directory traversal
5536| [5926] Linux Apache symbolic link
5537| [5659] Apache Web server discloses files when used with php script
5538| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5539| [5204] Apache WebDAV directory listings
5540| [5197] Apache Web server reveals CGI script source code
5541| [5160] Apache Jakarta Tomcat default installation
5542| [5099] Trustix Secure Linux installs Apache with world writable access
5543| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5544| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5545| [4931] Apache source.asp example file allows users to write to files
5546| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5547| [4205] Apache Jakarta Tomcat delivers file contents
5548| [2084] Apache on Debian by default serves the /usr/doc directory
5549| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5550| [697] Apache HTTP server beck exploit
5551| [331] Apache cookies buffer overflow
5552|
5553| Exploit-DB - https://www.exploit-db.com:
5554| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5555| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5556| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5557| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5558| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5559| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5560| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5561| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5562| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5563| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5564| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5565| [29859] Apache Roller OGNL Injection
5566| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5567| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5568| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5569| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5570| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5571| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5572| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5573| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5574| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5575| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5576| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5577| [27096] Apache Geronimo 1.0 Error Page XSS
5578| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5579| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5580| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5581| [25986] Plesk Apache Zeroday Remote Exploit
5582| [25980] Apache Struts includeParams Remote Code Execution
5583| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5584| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5585| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5586| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5587| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5588| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5589| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5590| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5591| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5592| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5593| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5594| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5595| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5596| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5597| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5598| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5599| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5600| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5601| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5602| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5603| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5604| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5605| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5606| [21719] Apache 2.0 Path Disclosure Vulnerability
5607| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5608| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5609| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5610| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5611| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5612| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5613| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5614| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5615| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5616| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5617| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5618| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5619| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5620| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5621| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5622| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5623| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5624| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5625| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5626| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5627| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5628| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5629| [20558] Apache 1.2 Web Server DoS Vulnerability
5630| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5631| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5632| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5633| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5634| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5635| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5636| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5637| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5638| [19231] PHP apache_request_headers Function Buffer Overflow
5639| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5640| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5641| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5642| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5643| [18442] Apache httpOnly Cookie Disclosure
5644| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5645| [18221] Apache HTTP Server Denial of Service
5646| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5647| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5648| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5649| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5650| [16782] Apache Win32 Chunked Encoding
5651| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5652| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5653| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5654| [15319] Apache 2.2 (Windows) Local Denial of Service
5655| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5656| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5657| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5658| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5659| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5660| [12330] Apache OFBiz - Multiple XSS
5661| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5662| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5663| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5664| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5665| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5666| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5667| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5668| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5669| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5670| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5671| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5672| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5673| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5674| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5675| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5676| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5677| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5678| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5679| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5680| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5681| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5682| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5683| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5684| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5685| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5686| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5687| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5688| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5689| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5690| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5691| [466] htpasswd Apache 1.3.31 - Local Exploit
5692| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5693| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5694| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5695| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5696| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5697| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5698| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5699| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5700| [9] Apache HTTP Server 2.x Memory Leak Exploit
5701|
5702| OpenVAS (Nessus) - http://www.openvas.org:
5703| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5704| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5705| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5706| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5707| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5708| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5709| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5710| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5711| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5712| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5713| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5714| [900571] Apache APR-Utils Version Detection
5715| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5716| [900496] Apache Tiles Multiple XSS Vulnerability
5717| [900493] Apache Tiles Version Detection
5718| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5719| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5720| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5721| [870175] RedHat Update for apache RHSA-2008:0004-01
5722| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5723| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5724| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5725| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5726| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5727| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5728| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5729| [855821] Solaris Update for Apache 1.3 122912-19
5730| [855812] Solaris Update for Apache 1.3 122911-19
5731| [855737] Solaris Update for Apache 1.3 122911-17
5732| [855731] Solaris Update for Apache 1.3 122912-17
5733| [855695] Solaris Update for Apache 1.3 122911-16
5734| [855645] Solaris Update for Apache 1.3 122912-16
5735| [855587] Solaris Update for kernel update and Apache 108529-29
5736| [855566] Solaris Update for Apache 116973-07
5737| [855531] Solaris Update for Apache 116974-07
5738| [855524] Solaris Update for Apache 2 120544-14
5739| [855494] Solaris Update for Apache 1.3 122911-15
5740| [855478] Solaris Update for Apache Security 114145-11
5741| [855472] Solaris Update for Apache Security 113146-12
5742| [855179] Solaris Update for Apache 1.3 122912-15
5743| [855147] Solaris Update for kernel update and Apache 108528-29
5744| [855077] Solaris Update for Apache 2 120543-14
5745| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5746| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5747| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5748| [841209] Ubuntu Update for apache2 USN-1627-1
5749| [840900] Ubuntu Update for apache2 USN-1368-1
5750| [840798] Ubuntu Update for apache2 USN-1259-1
5751| [840734] Ubuntu Update for apache2 USN-1199-1
5752| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5753| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5754| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5755| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5756| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5757| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5758| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5759| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5760| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5761| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5762| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5763| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5764| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5765| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5766| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5767| [835188] HP-UX Update for Apache HPSBUX02308
5768| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5769| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5770| [835172] HP-UX Update for Apache HPSBUX02365
5771| [835168] HP-UX Update for Apache HPSBUX02313
5772| [835148] HP-UX Update for Apache HPSBUX01064
5773| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5774| [835131] HP-UX Update for Apache HPSBUX00256
5775| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5776| [835104] HP-UX Update for Apache HPSBUX00224
5777| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5778| [835101] HP-UX Update for Apache HPSBUX01232
5779| [835080] HP-UX Update for Apache HPSBUX02273
5780| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5781| [835044] HP-UX Update for Apache HPSBUX01019
5782| [835040] HP-UX Update for Apache PHP HPSBUX00207
5783| [835025] HP-UX Update for Apache HPSBUX00197
5784| [835023] HP-UX Update for Apache HPSBUX01022
5785| [835022] HP-UX Update for Apache HPSBUX02292
5786| [835005] HP-UX Update for Apache HPSBUX02262
5787| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5788| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5789| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5790| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5791| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5792| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5793| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5794| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5795| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5796| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5797| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5798| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5799| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5800| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5801| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5802| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5803| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5804| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5805| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5806| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5807| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5808| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5809| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5810| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5811| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5812| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5813| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5814| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5815| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5816| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5817| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5818| [801942] Apache Archiva Multiple Vulnerabilities
5819| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5820| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5821| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5822| [801284] Apache Derby Information Disclosure Vulnerability
5823| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5824| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5825| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5826| [800680] Apache APR Version Detection
5827| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5828| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5829| [800677] Apache Roller Version Detection
5830| [800279] Apache mod_jk Module Version Detection
5831| [800278] Apache Struts Cross Site Scripting Vulnerability
5832| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5833| [800276] Apache Struts Version Detection
5834| [800271] Apache Struts Directory Traversal Vulnerability
5835| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5836| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5837| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5838| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5839| [103074] Apache Continuum Cross Site Scripting Vulnerability
5840| [103073] Apache Continuum Detection
5841| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5842| [101023] Apache Open For Business Weak Password security check
5843| [101020] Apache Open For Business HTML injection vulnerability
5844| [101019] Apache Open For Business service detection
5845| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5846| [100923] Apache Archiva Detection
5847| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5848| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5849| [100813] Apache Axis2 Detection
5850| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5851| [100795] Apache Derby Detection
5852| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5853| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5854| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5855| [100514] Apache Multiple Security Vulnerabilities
5856| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5857| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5858| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5859| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5860| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5861| [72612] FreeBSD Ports: apache22
5862| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5863| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5864| [71512] FreeBSD Ports: apache
5865| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5866| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5867| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5868| [70737] FreeBSD Ports: apache
5869| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5870| [70600] FreeBSD Ports: apache
5871| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5872| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5873| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5874| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5875| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5876| [67868] FreeBSD Ports: apache
5877| [66816] FreeBSD Ports: apache
5878| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5879| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5880| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5881| [66081] SLES11: Security update for Apache 2
5882| [66074] SLES10: Security update for Apache 2
5883| [66070] SLES9: Security update for Apache 2
5884| [65998] SLES10: Security update for apache2-mod_python
5885| [65893] SLES10: Security update for Apache 2
5886| [65888] SLES10: Security update for Apache 2
5887| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5888| [65510] SLES9: Security update for Apache 2
5889| [65472] SLES9: Security update for Apache
5890| [65467] SLES9: Security update for Apache
5891| [65450] SLES9: Security update for apache2
5892| [65390] SLES9: Security update for Apache2
5893| [65363] SLES9: Security update for Apache2
5894| [65309] SLES9: Security update for Apache and mod_ssl
5895| [65296] SLES9: Security update for webdav apache module
5896| [65283] SLES9: Security update for Apache2
5897| [65249] SLES9: Security update for Apache 2
5898| [65230] SLES9: Security update for Apache 2
5899| [65228] SLES9: Security update for Apache 2
5900| [65212] SLES9: Security update for apache2-mod_python
5901| [65209] SLES9: Security update for apache2-worker
5902| [65207] SLES9: Security update for Apache 2
5903| [65168] SLES9: Security update for apache2-mod_python
5904| [65142] SLES9: Security update for Apache2
5905| [65136] SLES9: Security update for Apache 2
5906| [65132] SLES9: Security update for apache
5907| [65131] SLES9: Security update for Apache 2 oes/CORE
5908| [65113] SLES9: Security update for apache2
5909| [65072] SLES9: Security update for apache and mod_ssl
5910| [65017] SLES9: Security update for Apache 2
5911| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5912| [64783] FreeBSD Ports: apache
5913| [64774] Ubuntu USN-802-2 (apache2)
5914| [64653] Ubuntu USN-813-2 (apache2)
5915| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5916| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5917| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5918| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5919| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5920| [64443] Ubuntu USN-802-1 (apache2)
5921| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5922| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5923| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5924| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5925| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5926| [64201] Ubuntu USN-787-1 (apache2)
5927| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5928| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5929| [63565] FreeBSD Ports: apache
5930| [63562] Ubuntu USN-731-1 (apache2)
5931| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5932| [61185] FreeBSD Ports: apache
5933| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5934| [60387] Slackware Advisory SSA:2008-045-02 apache
5935| [58826] FreeBSD Ports: apache-tomcat
5936| [58825] FreeBSD Ports: apache-tomcat
5937| [58804] FreeBSD Ports: apache
5938| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5939| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5940| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5941| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5942| [57335] Debian Security Advisory DSA 1167-1 (apache)
5943| [57201] Debian Security Advisory DSA 1131-1 (apache)
5944| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5945| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5946| [57145] FreeBSD Ports: apache
5947| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5948| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5949| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5950| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5951| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5952| [56067] FreeBSD Ports: apache
5953| [55803] Slackware Advisory SSA:2005-310-04 apache
5954| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5955| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5956| [55355] FreeBSD Ports: apache
5957| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5958| [55261] Debian Security Advisory DSA 805-1 (apache2)
5959| [55259] Debian Security Advisory DSA 803-1 (apache)
5960| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5961| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5962| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5963| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5964| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5965| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5966| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5967| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5968| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5969| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5970| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5971| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5972| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5973| [54439] FreeBSD Ports: apache
5974| [53931] Slackware Advisory SSA:2004-133-01 apache
5975| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5976| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5977| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5978| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5979| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5980| [53848] Debian Security Advisory DSA 131-1 (apache)
5981| [53784] Debian Security Advisory DSA 021-1 (apache)
5982| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5983| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5984| [53735] Debian Security Advisory DSA 187-1 (apache)
5985| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5986| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5987| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5988| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5989| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5990| [53282] Debian Security Advisory DSA 594-1 (apache)
5991| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5992| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5993| [53215] Debian Security Advisory DSA 525-1 (apache)
5994| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5995| [52529] FreeBSD Ports: apache+ssl
5996| [52501] FreeBSD Ports: apache
5997| [52461] FreeBSD Ports: apache
5998| [52390] FreeBSD Ports: apache
5999| [52389] FreeBSD Ports: apache
6000| [52388] FreeBSD Ports: apache
6001| [52383] FreeBSD Ports: apache
6002| [52339] FreeBSD Ports: apache+mod_ssl
6003| [52331] FreeBSD Ports: apache
6004| [52329] FreeBSD Ports: ru-apache+mod_ssl
6005| [52314] FreeBSD Ports: apache
6006| [52310] FreeBSD Ports: apache
6007| [15588] Detect Apache HTTPS
6008| [15555] Apache mod_proxy content-length buffer overflow
6009| [15554] Apache mod_include priviledge escalation
6010| [14771] Apache <= 1.3.33 htpasswd local overflow
6011| [14177] Apache mod_access rule bypass
6012| [13644] Apache mod_rootme Backdoor
6013| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6014| [12280] Apache Connection Blocking Denial of Service
6015| [12239] Apache Error Log Escape Sequence Injection
6016| [12123] Apache Tomcat source.jsp malformed request information disclosure
6017| [12085] Apache Tomcat servlet/JSP container default files
6018| [11438] Apache Tomcat Directory Listing and File disclosure
6019| [11204] Apache Tomcat Default Accounts
6020| [11092] Apache 2.0.39 Win32 directory traversal
6021| [11046] Apache Tomcat TroubleShooter Servlet Installed
6022| [11042] Apache Tomcat DOS Device Name XSS
6023| [11041] Apache Tomcat /servlet Cross Site Scripting
6024| [10938] Apache Remote Command Execution via .bat files
6025| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6026| [10773] MacOS X Finder reveals contents of Apache Web files
6027| [10766] Apache UserDir Sensitive Information Disclosure
6028| [10756] MacOS X Finder reveals contents of Apache Web directories
6029| [10752] Apache Auth Module SQL Insertion Attack
6030| [10704] Apache Directory Listing
6031| [10678] Apache /server-info accessible
6032| [10677] Apache /server-status accessible
6033| [10440] Check for Apache Multiple / vulnerability
6034|
6035| SecurityTracker - https://www.securitytracker.com:
6036| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6037| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6038| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6039| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6040| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6041| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6042| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6043| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6044| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6045| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6046| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6047| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6048| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6049| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6050| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6051| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6052| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6053| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6054| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6055| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6056| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6057| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6058| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6059| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6060| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6061| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6062| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6063| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6064| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6065| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6066| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6067| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6068| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6069| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6070| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6071| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6072| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6073| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6074| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6075| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6076| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6077| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6078| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6079| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6080| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6081| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6082| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6083| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6084| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6085| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6086| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6087| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6088| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6089| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6090| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6091| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6092| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6093| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6094| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6095| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6096| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6097| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6098| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6099| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6100| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6101| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6102| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6103| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6104| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6105| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6106| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6107| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6108| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6109| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6110| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6111| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6112| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6113| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6114| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6115| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6116| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6117| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6118| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6119| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6120| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6121| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6122| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6123| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6124| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6125| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6126| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6127| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6128| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6129| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6130| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6131| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6132| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6133| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6134| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6135| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6136| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6137| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6138| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6139| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6140| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6141| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6142| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6143| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6144| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6145| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6146| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6147| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6148| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6149| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6150| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6151| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6152| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6153| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6154| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6155| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6156| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6157| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6158| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6159| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6160| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6161| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6162| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6163| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6164| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6165| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6166| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6167| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6168| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6169| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6170| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6171| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6172| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6173| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6174| [1008920] Apache mod_digest May Validate Replayed Client Responses
6175| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6176| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6177| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6178| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6179| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6180| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6181| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6182| [1008029] Apache mod_alias Contains a Buffer Overflow
6183| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6184| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6185| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6186| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6187| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6188| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6189| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6190| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6191| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6192| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6193| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6194| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6195| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6196| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6197| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6198| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6199| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6200| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6201| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6202| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6203| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6204| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6205| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6206| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6207| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6208| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6209| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6210| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6211| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6212| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6213| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6214| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6215| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6216| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6217| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6218| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6219| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6220| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6221| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6222| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6223| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6224| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6225| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6226| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6227| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6228| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6229| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6230| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6231| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6232| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6233| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6234| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6235| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6236| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6237| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6238| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6239|
6240| OSVDB - http://www.osvdb.org:
6241| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6242| [96077] Apache CloudStack Global Settings Multiple Field XSS
6243| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6244| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6245| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6246| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6247| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6248| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6249| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6250| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6251| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6252| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6253| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6254| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6255| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6256| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6257| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6258| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6259| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6260| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6261| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6262| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6263| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6264| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6265| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6266| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6267| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6268| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6269| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6270| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6271| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6272| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6273| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6274| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6275| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6276| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6277| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6278| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6279| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6280| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6281| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6282| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6283| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6284| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6285| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6286| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6287| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6288| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6289| [94279] Apache Qpid CA Certificate Validation Bypass
6290| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6291| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6292| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6293| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6294| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6295| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6296| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6297| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6298| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6299| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6300| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6301| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6302| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6303| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6304| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6305| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6306| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6307| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6308| [93541] Apache Solr json.wrf Callback XSS
6309| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6310| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6311| [93520] Apache CloudStack Default SSL Key Weakness
6312| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6313| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6314| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6315| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6316| [93515] Apache HBase table.jsp name Parameter XSS
6317| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6318| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6319| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6320| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6321| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6322| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6323| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6324| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6325| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6326| [93252] Apache Tomcat FORM Authenticator Session Fixation
6327| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6328| [93171] Apache Sling HtmlResponse Error Message XSS
6329| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6330| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6331| [93168] Apache Click ErrorReport.java id Parameter XSS
6332| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6333| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6334| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6335| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6336| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6337| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6338| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6339| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6340| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6341| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6342| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6343| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6344| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6345| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6346| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6347| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6348| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6349| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6350| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6351| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6352| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6353| [93144] Apache Solr Admin Command Execution CSRF
6354| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6355| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6356| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6357| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6358| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6359| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6360| [92748] Apache CloudStack VM Console Access Restriction Bypass
6361| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6362| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6363| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6364| [92706] Apache ActiveMQ Debug Log Rendering XSS
6365| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6366| [92270] Apache Tomcat Unspecified CSRF
6367| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6368| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6369| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6370| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6371| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6372| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6373| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6374| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6375| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6376| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6377| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6378| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6379| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6380| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6381| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6382| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6383| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6384| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6385| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6386| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6387| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6388| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6389| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6390| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6391| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6392| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6393| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6394| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6395| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6396| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6397| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6398| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6399| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6400| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6401| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6402| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6403| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6404| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6405| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6406| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6407| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6408| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6409| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6410| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6411| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6412| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6413| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6414| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6415| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6416| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6417| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6418| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6419| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6420| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6421| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6422| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6423| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6424| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6425| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6426| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6427| [86901] Apache Tomcat Error Message Path Disclosure
6428| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6429| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6430| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6431| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6432| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6433| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6434| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6435| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6436| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6437| [85430] Apache mod_pagespeed Module Unspecified XSS
6438| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6439| [85249] Apache Wicket Unspecified XSS
6440| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6441| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6442| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6443| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6444| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6445| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6446| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6447| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6448| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6449| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6450| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6451| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6452| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6453| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6454| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6455| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6456| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6457| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6458| [83339] Apache Roller Blogger Roll Unspecified XSS
6459| [83270] Apache Roller Unspecified Admin Action CSRF
6460| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6461| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6462| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6463| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6464| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6465| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6466| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6467| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6468| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6469| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6470| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6471| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6472| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6473| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6474| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6475| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6476| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6477| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6478| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6479| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6480| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6481| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6482| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6483| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6484| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6485| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6486| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6487| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6488| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6489| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6490| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6491| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6492| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6493| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6494| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6495| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6496| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6497| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6498| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6499| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6500| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6501| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6502| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6503| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6504| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6505| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6506| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6507| [77593] Apache Struts Conversion Error OGNL Expression Injection
6508| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6509| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6510| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6511| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6512| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6513| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6514| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6515| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6516| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6517| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6518| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6519| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6520| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6521| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6522| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6523| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6524| [74725] Apache Wicket Multi Window Support Unspecified XSS
6525| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6526| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6527| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6528| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6529| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6530| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6531| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6532| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6533| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6534| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6535| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6536| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6537| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6538| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6539| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6540| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6541| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6542| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6543| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6544| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6545| [73154] Apache Archiva Multiple Unspecified CSRF
6546| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6547| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6548| [72238] Apache Struts Action / Method Names <
6549| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6550| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6551| [71557] Apache Tomcat HTML Manager Multiple XSS
6552| [71075] Apache Archiva User Management Page XSS
6553| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6554| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6555| [70924] Apache Continuum Multiple Admin Function CSRF
6556| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6557| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6558| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6559| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6560| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6561| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6562| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6563| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6564| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6565| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6566| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6567| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6568| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6569| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6570| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6571| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6572| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6573| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6574| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6575| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6576| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6577| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6578| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6579| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6580| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6581| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6582| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6583| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6584| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6585| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6586| [65054] Apache ActiveMQ Jetty Error Handler XSS
6587| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6588| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6589| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6590| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6591| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6592| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6593| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6594| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6595| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6596| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6597| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6598| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6599| [63895] Apache HTTP Server mod_headers Unspecified Issue
6600| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6601| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6602| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6603| [63140] Apache Thrift Service Malformed Data Remote DoS
6604| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6605| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6606| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6607| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6608| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6609| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6610| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6611| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6612| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6613| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6614| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6615| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6616| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6617| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6618| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6619| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6620| [60678] Apache Roller Comment Email Notification Manipulation DoS
6621| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6622| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6623| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6624| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6625| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6626| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6627| [60232] PHP on Apache php.exe Direct Request Remote DoS
6628| [60176] Apache Tomcat Windows Installer Admin Default Password
6629| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6630| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6631| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6632| [59944] Apache Hadoop jobhistory.jsp XSS
6633| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6634| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6635| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6636| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6637| [59019] Apache mod_python Cookie Salting Weakness
6638| [59018] Apache Harmony Error Message Handling Overflow
6639| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6640| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6641| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6642| [59010] Apache Solr get-file.jsp XSS
6643| [59009] Apache Solr action.jsp XSS
6644| [59008] Apache Solr analysis.jsp XSS
6645| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6646| [59006] Apache Beehive select / checkbox Tag XSS
6647| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6648| [59004] Apache Beehive Error Message XSS
6649| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6650| [59002] Apache Jetspeed default-page.psml URI XSS
6651| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6652| [59000] Apache CXF Unsigned Message Policy Bypass
6653| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6654| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6655| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6656| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6657| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6658| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6659| [58993] Apache Hadoop browseBlock.jsp XSS
6660| [58991] Apache Hadoop browseDirectory.jsp XSS
6661| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6662| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6663| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6664| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6665| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6666| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6667| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6668| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6669| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6670| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6671| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6672| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6673| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6674| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6675| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6676| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6677| [58974] Apache Sling /apps Script User Session Management Access Weakness
6678| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6679| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6680| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6681| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6682| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6683| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6684| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6685| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6686| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6687| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6688| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6689| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6690| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6691| [58805] Apache Derby Unauthenticated Database / Admin Access
6692| [58804] Apache Wicket Header Contribution Unspecified Issue
6693| [58803] Apache Wicket Session Fixation
6694| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6695| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6696| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6697| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6698| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6699| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6700| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6701| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6702| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6703| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6704| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6705| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6706| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6707| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6708| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6709| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6710| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6711| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6712| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6713| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6714| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6715| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6716| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6717| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6718| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6719| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6720| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6721| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6722| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6723| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6724| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6725| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6726| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6727| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6728| [58755] Apache Harmony DRLVM Non-public Class Member Access
6729| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6730| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6731| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6732| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6733| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6734| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6735| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6736| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6737| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6738| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6739| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6740| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6741| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6742| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6743| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6744| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6745| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6746| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6747| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6748| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6749| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6750| [58724] Apache Roller Logout Functionality Failure Session Persistence
6751| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6752| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6753| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6754| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6755| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6756| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6757| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6758| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6759| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6760| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6761| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6762| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6763| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6764| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6765| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6766| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6767| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6768| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6769| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6770| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6771| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6772| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6773| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6774| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6775| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6776| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6777| [58687] Apache Axis Invalid wsdl Request XSS
6778| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6779| [58685] Apache Velocity Template Designer Privileged Code Execution
6780| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6781| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6782| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6783| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6784| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6785| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6786| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6787| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6788| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6789| [58667] Apache Roller Database Cleartext Passwords Disclosure
6790| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6791| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6792| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6793| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6794| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6795| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6796| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6797| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6798| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6799| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6800| [56984] Apache Xerces2 Java Malformed XML Input DoS
6801| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6802| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6803| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6804| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6805| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6806| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6807| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6808| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6809| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6810| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6811| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6812| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6813| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6814| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6815| [55056] Apache Tomcat Cross-application TLD File Manipulation
6816| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6817| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6818| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6819| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6820| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6821| [54589] Apache Jserv Nonexistent JSP Request XSS
6822| [54122] Apache Struts s:a / s:url Tag href Element XSS
6823| [54093] Apache ActiveMQ Web Console JMS Message XSS
6824| [53932] Apache Geronimo Multiple Admin Function CSRF
6825| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6826| [53930] Apache Geronimo /console/portal/ URI XSS
6827| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6828| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6829| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6830| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6831| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6832| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6833| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6834| [53380] Apache Struts Unspecified XSS
6835| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6836| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6837| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6838| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6839| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6840| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6841| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6842| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6843| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6844| [51151] Apache Roller Search Function q Parameter XSS
6845| [50482] PHP with Apache php_value Order Unspecified Issue
6846| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6847| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6848| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6849| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6850| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6851| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6852| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6853| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6854| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6855| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6856| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6857| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6858| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6859| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6860| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6861| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6862| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6863| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6864| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6865| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6866| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6867| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6868| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6869| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6870| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6871| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6872| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6873| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6874| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6875| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6876| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6877| [43452] Apache Tomcat HTTP Request Smuggling
6878| [43309] Apache Geronimo LoginModule Login Method Bypass
6879| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6880| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6881| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6882| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6883| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6884| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6885| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6886| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6887| [42091] Apache Maven Site Plugin Installation Permission Weakness
6888| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6889| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6890| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6891| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6892| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6893| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6894| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6895| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6896| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6897| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6898| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6899| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6900| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6901| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6902| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6903| [40262] Apache HTTP Server mod_status refresh XSS
6904| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6905| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6906| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6907| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6908| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6909| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6910| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6911| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6912| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6913| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6914| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6915| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6916| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6917| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6918| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6919| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6920| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6921| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6922| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6923| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6924| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6925| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6926| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6927| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6928| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6929| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6930| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6931| [36079] Apache Tomcat Manager Uploaded Filename XSS
6932| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6933| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6934| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6935| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6936| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6937| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6938| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6939| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6940| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6941| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6942| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6943| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6944| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6945| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6946| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6947| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6948| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6949| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6950| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6951| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6952| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6953| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6954| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6955| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6956| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6957| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6958| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6959| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6960| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6961| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6962| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6963| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6964| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6965| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6966| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6967| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6968| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6969| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6970| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6971| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6972| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6973| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6974| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6975| [24365] Apache Struts Multiple Function Error Message XSS
6976| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6977| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6978| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6979| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6980| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6981| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6982| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6983| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6984| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6985| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6986| [22459] Apache Geronimo Error Page XSS
6987| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6988| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6989| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6990| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6991| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6992| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6993| [21021] Apache Struts Error Message XSS
6994| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6995| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6996| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6997| [20439] Apache Tomcat Directory Listing Saturation DoS
6998| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6999| [20285] Apache HTTP Server Log File Control Character Injection
7000| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7001| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7002| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7003| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7004| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7005| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7006| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7007| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7008| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7009| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7010| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7011| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7012| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7013| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7014| [18233] Apache HTTP Server htdigest user Variable Overfow
7015| [17738] Apache HTTP Server HTTP Request Smuggling
7016| [16586] Apache HTTP Server Win32 GET Overflow DoS
7017| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7018| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7019| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7020| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7021| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7022| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7023| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7024| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7025| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7026| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7027| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7028| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7029| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7030| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7031| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7032| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7033| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7034| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7035| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7036| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7037| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7038| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7039| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7040| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7041| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7042| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7043| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7044| [13304] Apache Tomcat realPath.jsp Path Disclosure
7045| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7046| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7047| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7048| [12848] Apache HTTP Server htdigest realm Variable Overflow
7049| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7050| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7051| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7052| [12557] Apache HTTP Server prefork MPM accept Error DoS
7053| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7054| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7055| [12231] Apache Tomcat web.xml Arbitrary File Access
7056| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7057| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7058| [12178] Apache Jakarta Lucene results.jsp XSS
7059| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7060| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7061| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7062| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7063| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7064| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7065| [10471] Apache Xerces-C++ XML Parser DoS
7066| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7067| [10068] Apache HTTP Server htpasswd Local Overflow
7068| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7069| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7070| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7071| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7072| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7073| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7074| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7075| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7076| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7077| [9714] Apache Authentication Module Threaded MPM DoS
7078| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7079| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7080| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7081| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7082| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7083| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7084| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7085| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7086| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7087| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7088| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7089| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7090| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7091| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7092| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7093| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7094| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7095| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7096| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7097| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7098| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7099| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7100| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7101| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7102| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7103| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7104| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7105| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7106| [9208] Apache Tomcat .jsp Encoded Newline XSS
7107| [9204] Apache Tomcat ROOT Application XSS
7108| [9203] Apache Tomcat examples Application XSS
7109| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7110| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7111| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7112| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7113| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7114| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7115| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7116| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7117| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7118| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7119| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7120| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7121| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7122| [7611] Apache HTTP Server mod_alias Local Overflow
7123| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7124| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7125| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7126| [6882] Apache mod_python Malformed Query String Variant DoS
7127| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7128| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7129| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7130| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7131| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7132| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7133| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7134| [5278] Apache Tomcat web.xml Restriction Bypass
7135| [5051] Apache Tomcat Null Character DoS
7136| [4973] Apache Tomcat servlet Mapping XSS
7137| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7138| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7139| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7140| [4568] mod_survey For Apache ENV Tags SQL Injection
7141| [4553] Apache HTTP Server ApacheBench Overflow DoS
7142| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7143| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7144| [4383] Apache HTTP Server Socket Race Condition DoS
7145| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7146| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7147| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7148| [4231] Apache Cocoon Error Page Server Path Disclosure
7149| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7150| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7151| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7152| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7153| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7154| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7155| [3322] mod_php for Apache HTTP Server Process Hijack
7156| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7157| [2885] Apache mod_python Malformed Query String DoS
7158| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7159| [2733] Apache HTTP Server mod_rewrite Local Overflow
7160| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7161| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7162| [2149] Apache::Gallery Privilege Escalation
7163| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7164| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7165| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7166| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7167| [872] Apache Tomcat Multiple Default Accounts
7168| [862] Apache HTTP Server SSI Error Page XSS
7169| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7170| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7171| [845] Apache Tomcat MSDOS Device XSS
7172| [844] Apache Tomcat Java Servlet Error Page XSS
7173| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7174| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7175| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7176| [775] Apache mod_python Module Importing Privilege Function Execution
7177| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7178| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7179| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7180| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7181| [637] Apache HTTP Server UserDir Directive Username Enumeration
7182| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7183| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7184| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7185| [561] Apache Web Servers mod_status /server-status Information Disclosure
7186| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7187| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7188| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7189| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7190| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7191| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7192| [376] Apache Tomcat contextAdmin Arbitrary File Access
7193| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7194| [222] Apache HTTP Server test-cgi Arbitrary File Access
7195| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7196| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7197|_
7198Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7199Device type: general purpose|storage-misc|firewall
7200Running (JUST GUESSING): Linux 2.6.X|3.X (90%), Synology DiskStation Manager 5.X (88%), WatchGuard Fireware 11.X (87%)
7201OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8
7202Aggressive OS guesses: Linux 2.6.32 (90%), Linux 2.6.39 (90%), Linux 3.10 (89%), Linux 3.4 (89%), Linux 3.1 - 3.2 (89%), Synology DiskStation Manager 5.1 (88%), Linux 2.6.32 or 3.10 (87%), WatchGuard Fireware 11.8 (87%), Linux 2.6.32 - 2.6.39 (85%)
7203No exact OS matches for host (test conditions non-ideal).
7204Uptime guess: 29.661 days (since Wed Nov 20 14:52:49 2019)
7205Network Distance: 28 hops
7206TCP Sequence Prediction: Difficulty=263 (Good luck!)
7207IP ID Sequence Generation: All zeros
7208
7209TRACEROUTE (using port 80/tcp)
7210HOP RTT ADDRESS
72111 609.52 ms 10.248.204.1
72122 609.58 ms salmondeal.com.0.116.160.in-addr.arpa (160.116.0.161)
72133 609.60 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
72144 609.63 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
72155 609.66 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
72166 609.74 ms ae55.edge3.London1.Level3.net (212.113.15.77)
72177 609.79 ms 4.68.72.90
72188 609.82 ms ae25-0.icr01.lon22.ntwk.msn.net (104.44.239.101)
72199 830.09 ms be-102-0.ibr01.lon22.ntwk.msn.net (104.44.21.89)
722010 609.82 ms 4.68.72.90
722111 879.62 ms be-100-0.ibr01.lon22.ntwk.msn.net (104.44.21.87)
722212 879.44 ms be-6-0.ibr01.gru30.ntwk.msn.net (104.44.19.171)
722313 879.50 ms be-4-0.ibr01.cpq20.ntwk.msn.net (104.44.16.202)
722414 879.47 ms be-4-0.ibr01.cpq20.ntwk.msn.net (104.44.16.202)
722515 879.45 ms be-6-0.ibr01.gru30.ntwk.msn.net (104.44.19.171)
722616 879.49 ms ae120-0.icr01.cpq02.ntwk.msn.net (104.44.22.58)
722717 ... 27
722828 737.06 ms 191.234.162.247
7229
7230NSE: Script Post-scanning.
7231Initiating NSE at 06:44
7232Completed NSE at 06:44, 0.00s elapsed
7233Initiating NSE at 06:44
7234Completed NSE at 06:44, 0.00s elapsed
7235#######################################################################################################################################
7236------------------------------------------------------------------------------------------------------------------------
7237
7238[ ! ] Starting SCANNER INURLBR 2.1 at [20-12-2019 06:45:27]
7239[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
7240It is the end user's responsibility to obey all applicable local, state and federal laws.
7241Developers assume no liability and are not responsible for any misuse or damage caused by this program
7242
7243[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.escueladesuboficiales.cl/output/inurlbr-www.escueladesuboficiales.cl ]
7244[ INFO ][ DORK ]::[ site:www.escueladesuboficiales.cl ]
7245[ INFO ][ SEARCHING ]:: {
7246[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.mx ]
7247
7248[ INFO ][ SEARCHING ]::
7249-[:::]
7250[ INFO ][ ENGINE ]::[ GOOGLE API ]
7251
7252[ INFO ][ SEARCHING ]::
7253-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7254[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.cl ID: 007843865286850066037:b0heuatvay8 ]
7255
7256[ INFO ][ SEARCHING ]::
7257-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7258
7259[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
7260
7261
7262 _[ - ]::--------------------------------------------------------------------------------------------------------------
7263|_[ + ] [ 0 / 100 ]-[06:45:58] [ - ]
7264|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/ ]
7265|_[ + ] Exploit::
7266|_[ + ] Information Server:: , , IP:191.234.162.247:443
7267|_[ + ] More details:: / - / , ISP:
7268|_[ + ] Found:: UNIDENTIFIED
7269
7270 _[ - ]::--------------------------------------------------------------------------------------------------------------
7271|_[ + ] [ 1 / 100 ]-[06:46:02] [ - ]
7272|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/banda.html ]
7273|_[ + ] Exploit::
7274|_[ + ] Information Server:: , , IP:191.234.162.247:443
7275|_[ + ] More details:: / - / , ISP:
7276|_[ + ] Found:: UNIDENTIFIED
7277
7278 _[ - ]::--------------------------------------------------------------------------------------------------------------
7279|_[ + ] [ 2 / 100 ]-[06:46:06] [ - ]
7280|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_09.html ]
7281|_[ + ] Exploit::
7282|_[ + ] Information Server:: , , IP:191.234.162.247:443
7283|_[ + ] More details:: / - / , ISP:
7284|_[ + ] Found:: UNIDENTIFIED
7285
7286 _[ - ]::--------------------------------------------------------------------------------------------------------------
7287|_[ + ] [ 3 / 100 ]-[06:46:09] [ - ]
7288|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_04_2019.html ]
7289|_[ + ] Exploit::
7290|_[ + ] Information Server:: , , IP:191.234.162.247:443
7291|_[ + ] More details:: / - / , ISP:
7292|_[ + ] Found:: UNIDENTIFIED
7293
7294 _[ - ]::--------------------------------------------------------------------------------------------------------------
7295|_[ + ] [ 4 / 100 ]-[06:46:12] [ - ]
7296|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/cprasa.html ]
7297|_[ + ] Exploit::
7298|_[ + ] Information Server:: , , IP:191.234.162.247:443
7299|_[ + ] More details:: / - / , ISP:
7300|_[ + ] Found:: UNIDENTIFIED
7301
7302 _[ - ]::--------------------------------------------------------------------------------------------------------------
7303|_[ + ] [ 5 / 100 ]-[06:46:16] [ - ]
7304|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/faq.html ]
7305|_[ + ] Exploit::
7306|_[ + ] Information Server:: , , IP:191.234.162.247:443
7307|_[ + ] More details:: / - / , ISP:
7308|_[ + ] Found:: UNIDENTIFIED
7309
7310 _[ - ]::--------------------------------------------------------------------------------------------------------------
7311|_[ + ] [ 6 / 100 ]-[06:46:20] [ - ]
7312|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_13.html ]
7313|_[ + ] Exploit::
7314|_[ + ] Information Server:: , , IP:191.234.162.247:443
7315|_[ + ] More details:: / - / , ISP:
7316|_[ + ] Found:: UNIDENTIFIED
7317
7318 _[ - ]::--------------------------------------------------------------------------------------------------------------
7319|_[ + ] [ 7 / 100 ]-[06:46:23] [ - ]
7320|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias.html ]
7321|_[ + ] Exploit::
7322|_[ + ] Information Server:: , , IP:191.234.162.247:443
7323|_[ + ] More details:: / - / , ISP:
7324|_[ + ] Found:: UNIDENTIFIED
7325
7326 _[ - ]::--------------------------------------------------------------------------------------------------------------
7327|_[ + ] [ 8 / 100 ]-[06:46:27] [ - ]
7328|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_02.html ]
7329|_[ + ] Exploit::
7330|_[ + ] Information Server:: , , IP:191.234.162.247:443
7331|_[ + ] More details:: / - / , ISP:
7332|_[ + ] Found:: UNIDENTIFIED
7333
7334 _[ - ]::--------------------------------------------------------------------------------------------------------------
7335|_[ + ] [ 9 / 100 ]-[06:46:31] [ - ]
7336|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/soltrop.html ]
7337|_[ + ] Exploit::
7338|_[ + ] Information Server:: , , IP:191.234.162.247:443
7339|_[ + ] More details:: / - / , ISP:
7340|_[ + ] Found:: UNIDENTIFIED
7341
7342 _[ - ]::--------------------------------------------------------------------------------------------------------------
7343|_[ + ] [ 10 / 100 ]-[06:46:35] [ - ]
7344|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_06.html ]
7345|_[ + ] Exploit::
7346|_[ + ] Information Server:: , , IP:191.234.162.247:443
7347|_[ + ] More details:: / - / , ISP:
7348|_[ + ] Found:: UNIDENTIFIED
7349
7350 _[ - ]::--------------------------------------------------------------------------------------------------------------
7351|_[ + ] [ 11 / 100 ]-[06:46:38] [ - ]
7352|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_03_2019.html ]
7353|_[ + ] Exploit::
7354|_[ + ] Information Server:: , , IP:191.234.162.247:443
7355|_[ + ] More details:: / - / , ISP:
7356|_[ + ] Found:: UNIDENTIFIED
7357
7358 _[ - ]::--------------------------------------------------------------------------------------------------------------
7359|_[ + ] [ 12 / 100 ]-[06:46:42] [ - ]
7360|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_20_2019.html ]
7361|_[ + ] Exploit::
7362|_[ + ] Information Server:: , , IP:191.234.162.247:443
7363|_[ + ] More details:: / - / , ISP:
7364|_[ + ] Found:: UNIDENTIFIED
7365
7366 _[ - ]::--------------------------------------------------------------------------------------------------------------
7367|_[ + ] [ 13 / 100 ]-[06:46:46] [ - ]
7368|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_20.html ]
7369|_[ + ] Exploit::
7370|_[ + ] Information Server:: , , IP:191.234.162.247:443
7371|_[ + ] More details:: / - / , ISP:
7372|_[ + ] Found:: UNIDENTIFIED
7373
7374 _[ - ]::--------------------------------------------------------------------------------------------------------------
7375|_[ + ] [ 14 / 100 ]-[06:46:50] [ - ]
7376|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/tecnico.html ]
7377|_[ + ] Exploit::
7378|_[ + ] Information Server:: , , IP:191.234.162.247:443
7379|_[ + ] More details:: / - / , ISP:
7380|_[ + ] Found:: UNIDENTIFIED
7381
7382 _[ - ]::--------------------------------------------------------------------------------------------------------------
7383|_[ + ] [ 15 / 100 ]-[06:46:53] [ - ]
7384|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/comun.html ]
7385|_[ + ] Exploit::
7386|_[ + ] Information Server:: , , IP:191.234.162.247:443
7387|_[ + ] More details:: / - / , ISP:
7388|_[ + ] Found:: UNIDENTIFIED
7389
7390 _[ - ]::--------------------------------------------------------------------------------------------------------------
7391|_[ + ] [ 16 / 100 ]-[06:46:57] [ - ]
7392|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_11_08.html ]
7393|_[ + ] Exploit::
7394|_[ + ] Information Server:: , , IP:191.234.162.247:443
7395|_[ + ] More details:: / - / , ISP:
7396|_[ + ] Found:: UNIDENTIFIED
7397
7398 _[ - ]::--------------------------------------------------------------------------------------------------------------
7399|_[ + ] [ 17 / 100 ]-[06:47:01] [ - ]
7400|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_05_2019.html ]
7401|_[ + ] Exploit::
7402|_[ + ] Information Server:: , , IP:191.234.162.247:443
7403|_[ + ] More details:: / - / , ISP:
7404|_[ + ] Found:: UNIDENTIFIED
7405
7406 _[ - ]::--------------------------------------------------------------------------------------------------------------
7407|_[ + ] [ 18 / 100 ]-[06:47:04] [ - ]
7408|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_06.html ]
7409|_[ + ] Exploit::
7410|_[ + ] Information Server:: , , IP:191.234.162.247:443
7411|_[ + ] More details:: / - / , ISP:
7412|_[ + ] Found:: UNIDENTIFIED
7413
7414 _[ - ]::--------------------------------------------------------------------------------------------------------------
7415|_[ + ] [ 19 / 100 ]-[06:47:08] [ - ]
7416|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_19.html ]
7417|_[ + ] Exploit::
7418|_[ + ] Information Server:: , , IP:191.234.162.247:443
7419|_[ + ] More details:: / - / , ISP:
7420|_[ + ] Found:: UNIDENTIFIED
7421
7422 _[ - ]::--------------------------------------------------------------------------------------------------------------
7423|_[ + ] [ 20 / 100 ]-[06:47:11] [ - ]
7424|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/of_enlace.html ]
7425|_[ + ] Exploit::
7426|_[ + ] Information Server:: , , IP:191.234.162.247:443
7427|_[ + ] More details:: / - / , ISP:
7428|_[ + ] Found:: UNIDENTIFIED
7429
7430 _[ - ]::--------------------------------------------------------------------------------------------------------------
7431|_[ + ] [ 21 / 100 ]-[06:47:14] [ - ]
7432|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_04_2019.html ]
7433|_[ + ] Exploit::
7434|_[ + ] Information Server:: , , IP:191.234.162.247:443
7435|_[ + ] More details:: / - / , ISP:
7436|_[ + ] Found:: UNIDENTIFIED
7437
7438 _[ - ]::--------------------------------------------------------------------------------------------------------------
7439|_[ + ] [ 22 / 100 ]-[06:47:18] [ - ]
7440|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_15_2019.html ]
7441|_[ + ] Exploit::
7442|_[ + ] Information Server:: , , IP:191.234.162.247:443
7443|_[ + ] More details:: / - / , ISP:
7444|_[ + ] Found:: UNIDENTIFIED
7445
7446 _[ - ]::--------------------------------------------------------------------------------------------------------------
7447|_[ + ] [ 23 / 100 ]-[06:47:22] [ - ]
7448|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_05.html ]
7449|_[ + ] Exploit::
7450|_[ + ] Information Server:: , , IP:191.234.162.247:443
7451|_[ + ] More details:: / - / , ISP:
7452|_[ + ] Found:: UNIDENTIFIED
7453
7454 _[ - ]::--------------------------------------------------------------------------------------------------------------
7455|_[ + ] [ 24 / 100 ]-[06:47:25] [ - ]
7456|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_01_12.html ]
7457|_[ + ] Exploit::
7458|_[ + ] Information Server:: , , IP:191.234.162.247:443
7459|_[ + ] More details:: / - / , ISP:
7460|_[ + ] Found:: UNIDENTIFIED
7461
7462 _[ - ]::--------------------------------------------------------------------------------------------------------------
7463|_[ + ] [ 25 / 100 ]-[06:47:29] [ - ]
7464|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias_yatagan.html ]
7465|_[ + ] Exploit::
7466|_[ + ] Information Server:: , , IP:191.234.162.247:443
7467|_[ + ] More details:: / - / , ISP:
7468|_[ + ] Found:: UNIDENTIFIED
7469
7470 _[ - ]::--------------------------------------------------------------------------------------------------------------
7471|_[ + ] [ 26 / 100 ]-[06:47:33] [ - ]
7472|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_10.html ]
7473|_[ + ] Exploit::
7474|_[ + ] Information Server:: , , IP:191.234.162.247:443
7475|_[ + ] More details:: / - / , ISP:
7476|_[ + ] Found:: UNIDENTIFIED
7477
7478 _[ - ]::--------------------------------------------------------------------------------------------------------------
7479|_[ + ] [ 27 / 100 ]-[06:47:37] [ - ]
7480|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_13.html ]
7481|_[ + ] Exploit::
7482|_[ + ] Information Server:: , , IP:191.234.162.247:443
7483|_[ + ] More details:: / - / , ISP:
7484|_[ + ] Found:: UNIDENTIFIED
7485
7486 _[ - ]::--------------------------------------------------------------------------------------------------------------
7487|_[ + ] [ 28 / 100 ]-[06:47:41] [ - ]
7488|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_03.html ]
7489|_[ + ] Exploit::
7490|_[ + ] Information Server:: , , IP:191.234.162.247:443
7491|_[ + ] More details:: / - / , ISP:
7492|_[ + ] Found:: UNIDENTIFIED
7493
7494 _[ - ]::--------------------------------------------------------------------------------------------------------------
7495|_[ + ] [ 29 / 100 ]-[06:47:44] [ - ]
7496|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_27.html ]
7497|_[ + ] Exploit::
7498|_[ + ] Information Server:: , , IP:191.234.162.247:443
7499|_[ + ] More details:: / - / , ISP:
7500|_[ + ] Found:: UNIDENTIFIED
7501
7502 _[ - ]::--------------------------------------------------------------------------------------------------------------
7503|_[ + ] [ 30 / 100 ]-[06:47:47] [ - ]
7504|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticia_graduacion_sg2_banda.html ]
7505|_[ + ] Exploit::
7506|_[ + ] Information Server:: , , IP:191.234.162.247:443
7507|_[ + ] More details:: / - / , ISP:
7508|_[ + ] Found:: UNIDENTIFIED
7509
7510 _[ - ]::--------------------------------------------------------------------------------------------------------------
7511|_[ + ] [ 31 / 100 ]-[06:47:51] [ - ]
7512|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_26.html ]
7513|_[ + ] Exploit::
7514|_[ + ] Information Server:: , , IP:191.234.162.247:443
7515|_[ + ] More details:: / - / , ISP:
7516|_[ + ] Found:: UNIDENTIFIED
7517
7518 _[ - ]::--------------------------------------------------------------------------------------------------------------
7519|_[ + ] [ 32 / 100 ]-[06:47:55] [ - ]
7520|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_12.html ]
7521|_[ + ] Exploit::
7522|_[ + ] Information Server:: , , IP:191.234.162.247:443
7523|_[ + ] More details:: / - / , ISP:
7524|_[ + ] Found:: UNIDENTIFIED
7525
7526 _[ - ]::--------------------------------------------------------------------------------------------------------------
7527|_[ + ] [ 33 / 100 ]-[06:47:58] [ - ]
7528|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/historia.html ]
7529|_[ + ] Exploit::
7530|_[ + ] Information Server:: , , IP:191.234.162.247:443
7531|_[ + ] More details:: / - / , ISP:
7532|_[ + ] Found:: UNIDENTIFIED
7533
7534 _[ - ]::--------------------------------------------------------------------------------------------------------------
7535|_[ + ] [ 34 / 100 ]-[06:48:01] [ - ]
7536|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_05.html ]
7537|_[ + ] Exploit::
7538|_[ + ] Information Server:: , , IP:191.234.162.247:443
7539|_[ + ] More details:: / - / , ISP:
7540|_[ + ] Found:: UNIDENTIFIED
7541
7542 _[ - ]::--------------------------------------------------------------------------------------------------------------
7543|_[ + ] [ 35 / 100 ]-[06:48:04] [ - ]
7544|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/instruccion.html ]
7545|_[ + ] Exploit::
7546|_[ + ] Information Server:: , , IP:191.234.162.247:443
7547|_[ + ] More details:: / - / , ISP:
7548|_[ + ] Found:: UNIDENTIFIED
7549
7550 _[ - ]::--------------------------------------------------------------------------------------------------------------
7551|_[ + ] [ 36 / 100 ]-[06:48:08] [ - ]
7552|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_21.html ]
7553|_[ + ] Exploit::
7554|_[ + ] Information Server:: , , IP:191.234.162.247:443
7555|_[ + ] More details:: / - / , ISP:
7556|_[ + ] Found:: UNIDENTIFIED
7557
7558 _[ - ]::--------------------------------------------------------------------------------------------------------------
7559|_[ + ] [ 37 / 100 ]-[06:48:11] [ - ]
7560|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_01.html ]
7561|_[ + ] Exploit::
7562|_[ + ] Information Server:: , , IP:191.234.162.247:443
7563|_[ + ] More details:: / - / , ISP:
7564|_[ + ] Found:: UNIDENTIFIED
7565
7566 _[ - ]::--------------------------------------------------------------------------------------------------------------
7567|_[ + ] [ 38 / 100 ]-[06:48:15] [ - ]
7568|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/docencia.html ]
7569|_[ + ] Exploit::
7570|_[ + ] Information Server:: , , IP:191.234.162.247:443
7571|_[ + ] More details:: / - / , ISP:
7572|_[ + ] Found:: UNIDENTIFIED
7573
7574 _[ - ]::--------------------------------------------------------------------------------------------------------------
7575|_[ + ] [ 39 / 100 ]-[06:48:18] [ - ]
7576|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias_alegoria_2019.html ]
7577|_[ + ] Exploit::
7578|_[ + ] Information Server:: , , IP:191.234.162.247:443
7579|_[ + ] More details:: / - / , ISP:
7580|_[ + ] Found:: UNIDENTIFIED
7581
7582 _[ - ]::--------------------------------------------------------------------------------------------------------------
7583|_[ + ] [ 40 / 100 ]-[06:48:21] [ - ]
7584|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_02.html ]
7585|_[ + ] Exploit::
7586|_[ + ] Information Server:: , , IP:191.234.162.247:443
7587|_[ + ] More details:: / - / , ISP:
7588|_[ + ] Found:: UNIDENTIFIED
7589
7590 _[ - ]::--------------------------------------------------------------------------------------------------------------
7591|_[ + ] [ 41 / 100 ]-[06:48:24] [ - ]
7592|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_03.html ]
7593|_[ + ] Exploit::
7594|_[ + ] Information Server:: , , IP:191.234.162.247:443
7595|_[ + ] More details:: / - / , ISP:
7596|_[ + ] Found:: UNIDENTIFIED
7597
7598 _[ - ]::--------------------------------------------------------------------------------------------------------------
7599|_[ + ] [ 42 / 100 ]-[06:48:27] [ - ]
7600|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_08_01.html ]
7601|_[ + ] Exploit::
7602|_[ + ] Information Server:: , , IP:191.234.162.247:443
7603|_[ + ] More details:: / - / , ISP:
7604|_[ + ] Found:: UNIDENTIFIED
7605
7606 _[ - ]::--------------------------------------------------------------------------------------------------------------
7607|_[ + ] [ 43 / 100 ]-[06:48:31] [ - ]
7608|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_08_16.html ]
7609|_[ + ] Exploit::
7610|_[ + ] Information Server:: , , IP:191.234.162.247:443
7611|_[ + ] More details:: / - / , ISP:
7612|_[ + ] Found:: UNIDENTIFIED
7613
7614 _[ - ]::--------------------------------------------------------------------------------------------------------------
7615|_[ + ] [ 44 / 100 ]-[06:48:35] [ - ]
7616|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_01.html ]
7617|_[ + ] Exploit::
7618|_[ + ] Information Server:: , , IP:191.234.162.247:443
7619|_[ + ] More details:: / - / , ISP:
7620|_[ + ] Found:: UNIDENTIFIED
7621
7622 _[ - ]::--------------------------------------------------------------------------------------------------------------
7623|_[ + ] [ 45 / 100 ]-[06:48:38] [ - ]
7624|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/deporte.html ]
7625|_[ + ] Exploit::
7626|_[ + ] Information Server:: , , IP:191.234.162.247:443
7627|_[ + ] More details:: / - / , ISP:
7628|_[ + ] Found:: UNIDENTIFIED
7629
7630 _[ - ]::--------------------------------------------------------------------------------------------------------------
7631|_[ + ] [ 46 / 100 ]-[06:48:42] [ - ]
7632|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_11_07.html ]
7633|_[ + ] Exploit::
7634|_[ + ] Information Server:: , , IP:191.234.162.247:443
7635|_[ + ] More details:: / - / , ISP:
7636|_[ + ] Found:: UNIDENTIFIED
7637
7638 _[ - ]::--------------------------------------------------------------------------------------------------------------
7639|_[ + ] [ 47 / 100 ]-[06:48:45] [ - ]
7640|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_10_05.html ]
7641|_[ + ] Exploit::
7642|_[ + ] Information Server:: , , IP:191.234.162.247:443
7643|_[ + ] More details:: / - / , ISP:
7644|_[ + ] Found:: UNIDENTIFIED
7645
7646 _[ - ]::--------------------------------------------------------------------------------------------------------------
7647|_[ + ] [ 48 / 100 ]-[06:48:48] [ - ]
7648|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/bandas.html ]
7649|_[ + ] Exploit::
7650|_[ + ] Information Server:: , , IP:191.234.162.247:443
7651|_[ + ] More details:: / - / , ISP:
7652|_[ + ] Found:: UNIDENTIFIED
7653
7654 _[ - ]::--------------------------------------------------------------------------------------------------------------
7655|_[ + ] [ 49 / 100 ]-[06:48:51] [ - ]
7656|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_08.html ]
7657|_[ + ] Exploit::
7658|_[ + ] Information Server:: , , IP:191.234.162.247:443
7659|_[ + ] More details:: / - / , ISP:
7660|_[ + ] Found:: UNIDENTIFIED
7661
7662 _[ - ]::--------------------------------------------------------------------------------------------------------------
7663|_[ + ] [ 50 / 100 ]-[06:48:54] [ - ]
7664|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_29.html ]
7665|_[ + ] Exploit::
7666|_[ + ] Information Server:: , , IP:191.234.162.247:443
7667|_[ + ] More details:: / - / , ISP:
7668|_[ + ] Found:: UNIDENTIFIED
7669
7670 _[ - ]::--------------------------------------------------------------------------------------------------------------
7671|_[ + ] [ 51 / 100 ]-[06:48:57] [ - ]
7672|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_12.html ]
7673|_[ + ] Exploit::
7674|_[ + ] Information Server:: , , IP:191.234.162.247:443
7675|_[ + ] More details:: / - / , ISP:
7676|_[ + ] Found:: UNIDENTIFIED
7677
7678 _[ - ]::--------------------------------------------------------------------------------------------------------------
7679|_[ + ] [ 52 / 100 ]-[06:49:01] [ - ]
7680|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/dragoneante.html ]
7681|_[ + ] Exploit::
7682|_[ + ] Information Server:: , , IP:191.234.162.247:443
7683|_[ + ] More details:: / - / , ISP:
7684|_[ + ] Found:: UNIDENTIFIED
7685
7686 _[ - ]::--------------------------------------------------------------------------------------------------------------
7687|_[ + ] [ 53 / 100 ]-[06:49:04] [ - ]
7688|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_01.html ]
7689|_[ + ] Exploit::
7690|_[ + ] Information Server:: , , IP:191.234.162.247:443
7691|_[ + ] More details:: / - / , ISP:
7692|_[ + ] Found:: UNIDENTIFIED
7693
7694 _[ - ]::--------------------------------------------------------------------------------------------------------------
7695|_[ + ] [ 54 / 100 ]-[06:49:07] [ - ]
7696|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/saludo.html ]
7697|_[ + ] Exploit::
7698|_[ + ] Information Server:: , , IP:191.234.162.247:443
7699|_[ + ] More details:: / - / , ISP:
7700|_[ + ] Found:: UNIDENTIFIED
7701
7702 _[ - ]::--------------------------------------------------------------------------------------------------------------
7703|_[ + ] [ 55 / 100 ]-[06:49:11] [ - ]
7704|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_01_18_2019.html ]
7705|_[ + ] Exploit::
7706|_[ + ] Information Server:: , , IP:191.234.162.247:443
7707|_[ + ] More details:: / - / , ISP:
7708|_[ + ] Found:: UNIDENTIFIED
7709
7710 _[ - ]::--------------------------------------------------------------------------------------------------------------
7711|_[ + ] [ 56 / 100 ]-[06:49:14] [ - ]
7712|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias_dia_som.html ]
7713|_[ + ] Exploit::
7714|_[ + ] Information Server:: , , IP:191.234.162.247:443
7715|_[ + ] More details:: / - / , ISP:
7716|_[ + ] Found:: UNIDENTIFIED
7717
7718 _[ - ]::--------------------------------------------------------------------------------------------------------------
7719|_[ + ] [ 57 / 100 ]-[06:49:17] [ - ]
7720|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_07_30.html ]
7721|_[ + ] Exploit::
7722|_[ + ] Information Server:: , , IP:191.234.162.247:443
7723|_[ + ] More details:: / - / , ISP:
7724|_[ + ] Found:: UNIDENTIFIED
7725
7726 _[ - ]::--------------------------------------------------------------------------------------------------------------
7727|_[ + ] [ 58 / 100 ]-[06:49:20] [ - ]
7728|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_12.html ]
7729|_[ + ] Exploit::
7730|_[ + ] Information Server:: , , IP:191.234.162.247:443
7731|_[ + ] More details:: / - / , ISP:
7732|_[ + ] Found:: UNIDENTIFIED
7733
7734 _[ - ]::--------------------------------------------------------------------------------------------------------------
7735|_[ + ] [ 59 / 100 ]-[06:49:23] [ - ]
7736|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_08_07.html ]
7737|_[ + ] Exploit::
7738|_[ + ] Information Server:: , , IP:191.234.162.247:443
7739|_[ + ] More details:: / - / , ISP:
7740|_[ + ] Found:: UNIDENTIFIED
7741
7742 _[ - ]::--------------------------------------------------------------------------------------------------------------
7743|_[ + ] [ 60 / 100 ]-[06:49:25] [ - ]
7744|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_12.html ]
7745|_[ + ] Exploit::
7746|_[ + ] Information Server:: , , IP:191.234.162.247:443
7747|_[ + ] More details:: / - / , ISP:
7748|_[ + ] Found:: UNIDENTIFIED
7749
7750 _[ - ]::--------------------------------------------------------------------------------------------------------------
7751|_[ + ] [ 61 / 100 ]-[06:49:28] [ - ]
7752|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_01.html ]
7753|_[ + ] Exploit::
7754|_[ + ] Information Server:: , , IP:191.234.162.247:443
7755|_[ + ] More details:: / - / , ISP:
7756|_[ + ] Found:: UNIDENTIFIED
7757
7758 _[ - ]::--------------------------------------------------------------------------------------------------------------
7759|_[ + ] [ 62 / 100 ]-[06:49:32] [ - ]
7760|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticia_finaliza_inscripcion.html ]
7761|_[ + ] Exploit::
7762|_[ + ] Information Server:: , , IP:191.234.162.247:443
7763|_[ + ] More details:: / - / , ISP:
7764|_[ + ] Found:: UNIDENTIFIED
7765
7766 _[ - ]::--------------------------------------------------------------------------------------------------------------
7767|_[ + ] [ 63 / 100 ]-[06:49:35] [ - ]
7768|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_17.html ]
7769|_[ + ] Exploit::
7770|_[ + ] Information Server:: , , IP:191.234.162.247:443
7771|_[ + ] More details:: / - / , ISP:
7772|_[ + ] Found:: UNIDENTIFIED
7773
7774 _[ - ]::--------------------------------------------------------------------------------------------------------------
7775|_[ + ] [ 64 / 100 ]-[06:49:38] [ - ]
7776|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_03.html ]
7777|_[ + ] Exploit::
7778|_[ + ] Information Server:: , , IP:191.234.162.247:443
7779|_[ + ] More details:: / - / , ISP:
7780|_[ + ] Found:: UNIDENTIFIED
7781
7782 _[ - ]::--------------------------------------------------------------------------------------------------------------
7783|_[ + ] [ 65 / 100 ]-[06:49:42] [ - ]
7784|_[ + ] Target:: [ http://www.escueladesuboficiales.cl/pdf/TECNICOS/ ]
7785|_[ + ] Exploit::
7786|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Apache , IP:191.234.162.247:80
7787|_[ + ] More details:: / - / , ISP:
7788|_[ + ] Found:: UNIDENTIFIED
7789
7790 _[ - ]::--------------------------------------------------------------------------------------------------------------
7791|_[ + ] [ 66 / 100 ]-[06:49:45] [ - ]
7792|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/admision.html ]
7793|_[ + ] Exploit::
7794|_[ + ] Information Server:: , , IP:191.234.162.247:443
7795|_[ + ] More details:: / - / , ISP:
7796|_[ + ] Found:: UNIDENTIFIED
7797
7798 _[ - ]::--------------------------------------------------------------------------------------------------------------
7799|_[ + ] [ 67 / 100 ]-[06:49:49] [ - ]
7800|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/vision_mision.html ]
7801|_[ + ] Exploit::
7802|_[ + ] Information Server:: , , IP:191.234.162.247:443
7803|_[ + ] More details:: / - / , ISP:
7804|_[ + ] Found:: UNIDENTIFIED
7805
7806 _[ - ]::--------------------------------------------------------------------------------------------------------------
7807|_[ + ] [ 68 / 100 ]-[06:49:52] [ - ]
7808|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/contacto.html ]
7809|_[ + ] Exploit::
7810|_[ + ] Information Server:: , , IP:191.234.162.247:443
7811|_[ + ] More details:: / - / , ISP:
7812|_[ + ] Found:: UNIDENTIFIED
7813
7814 _[ - ]::--------------------------------------------------------------------------------------------------------------
7815|_[ + ] [ 69 / 100 ]-[06:49:55] [ - ]
7816|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/resultados.html ]
7817|_[ + ] Exploit::
7818|_[ + ] Information Server:: , , IP:191.234.162.247:443
7819|_[ + ] More details:: / - / , ISP:
7820|_[ + ] Found:: UNIDENTIFIED
7821
7822 _[ - ]::--------------------------------------------------------------------------------------------------------------
7823|_[ + ] [ 70 / 100 ]-[06:49:59] [ - ]
7824|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/mision_vision.html ]
7825|_[ + ] Exploit::
7826|_[ + ] Information Server:: , , IP:191.234.162.247:443
7827|_[ + ] More details:: / - / , ISP:
7828|_[ + ] Found:: UNIDENTIFIED
7829
7830 _[ - ]::--------------------------------------------------------------------------------------------------------------
7831|_[ + ] [ 71 / 100 ]-[06:50:03] [ - ]
7832|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/soltrop_damas_varones_med2.pdf ]
7833|_[ + ] Exploit::
7834|_[ + ] Information Server:: , , IP:191.234.162.247:443
7835|_[ + ] More details:: / - / , ISP:
7836|_[ + ] Found:: UNIDENTIFIED
7837
7838 _[ - ]::--------------------------------------------------------------------------------------------------------------
7839|_[ + ] [ 72 / 100 ]-[06:50:06] [ - ]
7840|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_tecnicos_2019.pdf ]
7841|_[ + ] Exploit::
7842|_[ + ] Information Server:: , , IP:191.234.162.247:443
7843|_[ + ] More details:: / - / , ISP:
7844|_[ + ] Found:: UNIDENTIFIED
7845
7846 _[ - ]::--------------------------------------------------------------------------------------------------------------
7847|_[ + ] [ 73 / 100 ]-[06:50:09] [ - ]
7848|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_sltp_2019.pdf ]
7849|_[ + ] Exploit::
7850|_[ + ] Information Server:: , , IP:191.234.162.247:443
7851|_[ + ] More details:: / - / , ISP:
7852|_[ + ] Found:: UNIDENTIFIED
7853
7854 _[ - ]::--------------------------------------------------------------------------------------------------------------
7855|_[ + ] [ 74 / 100 ]-[06:50:13] [ - ]
7856|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/el_dragoneante.html ]
7857|_[ + ] Exploit::
7858|_[ + ] Information Server:: , , IP:191.234.162.247:443
7859|_[ + ] More details:: / - / , ISP:
7860|_[ + ] Found:: UNIDENTIFIED
7861
7862 _[ - ]::--------------------------------------------------------------------------------------------------------------
7863|_[ + ] [ 75 / 100 ]-[06:50:16] [ - ]
7864|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario_2019_provincia_legal.pdf ]
7865|_[ + ] Exploit::
7866|_[ + ] Information Server:: , , IP:191.234.162.247:443
7867|_[ + ] More details:: / - / , ISP:
7868|_[ + ] Found:: UNIDENTIFIED
7869
7870 _[ - ]::--------------------------------------------------------------------------------------------------------------
7871|_[ + ] [ 76 / 100 ]-[06:50:20] [ - ]
7872|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_regular_2019.pdf ]
7873|_[ + ] Exploit::
7874|_[ + ] Information Server:: , , IP:191.234.162.247:443
7875|_[ + ] More details:: / - / , ISP:
7876|_[ + ] Found:: UNIDENTIFIED
7877
7878 _[ - ]::--------------------------------------------------------------------------------------------------------------
7879|_[ + ] [ 77 / 100 ]-[06:50:23] [ - ]
7880|_[ + ] Target:: [ http://www.escueladesuboficiales.cl/assets/hoja_respuestas_2017.pdf ]
7881|_[ + ] Exploit::
7882|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Apache , IP:191.234.162.247:80
7883|_[ + ] More details:: / - / , ISP:
7884|_[ + ] Found:: UNIDENTIFIED
7885
7886 _[ - ]::--------------------------------------------------------------------------------------------------------------
7887|_[ + ] [ 78 / 100 ]-[06:50:26] [ - ]
7888|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/regular2.pdf ]
7889|_[ + ] Exploit::
7890|_[ + ] Information Server:: , , IP:191.234.162.247:443
7891|_[ + ] More details:: / - / , ISP:
7892|_[ + ] Found:: UNIDENTIFIED
7893
7894 _[ - ]::--------------------------------------------------------------------------------------------------------------
7895|_[ + ] [ 79 / 100 ]-[06:50:29] [ - ]
7896|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/nuestra_escuela.html ]
7897|_[ + ] Exploit::
7898|_[ + ] Information Server:: , , IP:191.234.162.247:443
7899|_[ + ] More details:: / - / , ISP:
7900|_[ + ] Found:: UNIDENTIFIED
7901
7902 _[ - ]::--------------------------------------------------------------------------------------------------------------
7903|_[ + ] [ 80 / 100 ]-[06:50:33] [ - ]
7904|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/tecnicos_damas_varones_med2.pdf ]
7905|_[ + ] Exploit::
7906|_[ + ] Information Server:: , , IP:191.234.162.247:443
7907|_[ + ] More details:: / - / , ISP:
7908|_[ + ] Found:: UNIDENTIFIED
7909
7910 _[ - ]::--------------------------------------------------------------------------------------------------------------
7911|_[ + ] [ 81 / 100 ]-[06:50:36] [ - ]
7912|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_cprasa_2019.pdf ]
7913|_[ + ] Exploit::
7914|_[ + ] Information Server:: , , IP:191.234.162.247:443
7915|_[ + ] More details:: / - / , ISP:
7916|_[ + ] Found:: UNIDENTIFIED
7917
7918 _[ - ]::--------------------------------------------------------------------------------------------------------------
7919|_[ + ] [ 82 / 100 ]-[06:50:39] [ - ]
7920|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/mayordomo.html ]
7921|_[ + ] Exploit::
7922|_[ + ] Information Server:: , , IP:191.234.162.247:443
7923|_[ + ] More details:: / - / , ISP:
7924|_[ + ] Found:: UNIDENTIFIED
7925
7926 _[ - ]::--------------------------------------------------------------------------------------------------------------
7927|_[ + ] [ 83 / 100 ]-[06:50:42] [ - ]
7928|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario_2019_santiago_legal.pdf ]
7929|_[ + ] Exploit::
7930|_[ + ] Information Server:: , , IP:191.234.162.247:443
7931|_[ + ] More details:: / - / , ISP:
7932|_[ + ] Found:: UNIDENTIFIED
7933
7934 _[ - ]::--------------------------------------------------------------------------------------------------------------
7935|_[ + ] [ 84 / 100 ]-[06:50:46] [ - ]
7936|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_regular2.pdf ]
7937|_[ + ] Exploit::
7938|_[ + ] Information Server:: , , IP:191.234.162.247:443
7939|_[ + ] More details:: / - / , ISP:
7940|_[ + ] Found:: UNIDENTIFIED
7941
7942 _[ - ]::--------------------------------------------------------------------------------------------------------------
7943|_[ + ] [ 85 / 100 ]-[06:50:50] [ - ]
7944|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_cprasa.pdf ]
7945|_[ + ] Exploit::
7946|_[ + ] Information Server:: , , IP:191.234.162.247:443
7947|_[ + ] More details:: / - / , ISP:
7948|_[ + ] Found:: UNIDENTIFIED
7949
7950 _[ - ]::--------------------------------------------------------------------------------------------------------------
7951|_[ + ] [ 86 / 100 ]-[06:50:53] [ - ]
7952|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_tec.pdf ]
7953|_[ + ] Exploit::
7954|_[ + ] Information Server:: , , IP:191.234.162.247:443
7955|_[ + ] More details:: / - / , ISP:
7956|_[ + ] Found:: UNIDENTIFIED
7957
7958 _[ - ]::--------------------------------------------------------------------------------------------------------------
7959|_[ + ] [ 87 / 100 ]-[06:50:56] [ - ]
7960|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_soltrop.pdf ]
7961|_[ + ] Exploit::
7962|_[ + ] Information Server:: , , IP:191.234.162.247:443
7963|_[ + ] More details:: / - / , ISP:
7964|_[ + ] Found:: UNIDENTIFIED
7965
7966 _[ - ]::--------------------------------------------------------------------------------------------------------------
7967|_[ + ] [ 88 / 100 ]-[06:50:59] [ - ]
7968|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/biblioteca/patronimico.html ]
7969|_[ + ] Exploit::
7970|_[ + ] Information Server:: , , IP:191.234.162.247:443
7971|_[ + ] More details:: / - / , ISP:
7972|_[ + ] Found:: UNIDENTIFIED
7973
7974 _[ - ]::--------------------------------------------------------------------------------------------------------------
7975|_[ + ] [ 89 / 100 ]-[06:51:02] [ - ]
7976|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/cprasa_varones_y_damas2.pdf ]
7977|_[ + ] Exploit::
7978|_[ + ] Information Server:: , , IP:191.234.162.247:443
7979|_[ + ] More details:: / - / , ISP:
7980|_[ + ] Found:: UNIDENTIFIED
7981
7982 _[ - ]::--------------------------------------------------------------------------------------------------------------
7983|_[ + ] [ 90 / 100 ]-[06:51:05] [ - ]
7984|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/biblioteca/index.html ]
7985|_[ + ] Exploit::
7986|_[ + ] Information Server:: , , IP:191.234.162.247:443
7987|_[ + ] More details:: / - / , ISP:
7988|_[ + ] Found:: UNIDENTIFIED
7989
7990 _[ - ]::--------------------------------------------------------------------------------------------------------------
7991|_[ + ] [ 91 / 100 ]-[06:51:08] [ - ]
7992|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/fechas.html ]
7993|_[ + ] Exploit::
7994|_[ + ] Information Server:: , , IP:191.234.162.247:443
7995|_[ + ] More details:: / - / , ISP:
7996|_[ + ] Found:: UNIDENTIFIED
7997
7998 _[ - ]::--------------------------------------------------------------------------------------------------------------
7999|_[ + ] [ 92 / 100 ]-[06:51:11] [ - ]
8000|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario-regiones.pdf ]
8001|_[ + ] Exploit::
8002|_[ + ] Information Server:: , , IP:191.234.162.247:443
8003|_[ + ] More details:: / - / , ISP:
8004|_[ + ] Found:: UNIDENTIFIED
8005
8006 _[ - ]::--------------------------------------------------------------------------------------------------------------
8007|_[ + ] [ 93 / 100 ]-[06:51:13] [ - ]
8008|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/index.html ]
8009|_[ + ] Exploit::
8010|_[ + ] Information Server:: , , IP:191.234.162.247:443
8011|_[ + ] More details:: / - / , ISP:
8012|_[ + ] Found:: UNIDENTIFIED
8013
8014 _[ - ]::--------------------------------------------------------------------------------------------------------------
8015|_[ + ] [ 94 / 100 ]-[06:51:16] [ - ]
8016|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_05,-copias.html ]
8017|_[ + ] Exploit::
8018|_[ + ] Information Server:: , , IP:191.234.162.247:443
8019|_[ + ] More details:: / - / , ISP:
8020|_[ + ] Found:: UNIDENTIFIED
8021
8022 _[ - ]::--------------------------------------------------------------------------------------------------------------
8023|_[ + ] [ 95 / 100 ]-[06:51:20] [ - ]
8024|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_29,-copias.html ]
8025|_[ + ] Exploit::
8026|_[ + ] Information Server:: , , IP:191.234.162.247:443
8027|_[ + ] More details:: / - / , ISP:
8028|_[ + ] Found:: UNIDENTIFIED
8029
8030 _[ - ]::--------------------------------------------------------------------------------------------------------------
8031|_[ + ] [ 96 / 100 ]-[06:51:23] [ - ]
8032|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_10,-copias.html ]
8033|_[ + ] Exploit::
8034|_[ + ] Information Server:: , , IP:191.234.162.247:443
8035|_[ + ] More details:: / - / , ISP:
8036|_[ + ] Found:: UNIDENTIFIED
8037
8038 _[ - ]::--------------------------------------------------------------------------------------------------------------
8039|_[ + ] [ 97 / 100 ]-[06:51:27] [ - ]
8040|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_28_2019,-copias.html ]
8041|_[ + ] Exploit::
8042|_[ + ] Information Server:: , , IP:191.234.162.247:443
8043|_[ + ] More details:: / - / , ISP:
8044|_[ + ] Found:: UNIDENTIFIED
8045
8046 _[ - ]::--------------------------------------------------------------------------------------------------------------
8047|_[ + ] [ 98 / 100 ]-[06:51:30] [ - ]
8048|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticia_finaliza_inscripcion---copia.html ]
8049|_[ + ] Exploit::
8050|_[ + ] Information Server:: , , IP:191.234.162.247:443
8051|_[ + ] More details:: / - / , ISP:
8052|_[ + ] Found:: UNIDENTIFIED
8053
8054 _[ - ]::--------------------------------------------------------------------------------------------------------------
8055|_[ + ] [ 99 / 100 ]-[06:51:34] [ - ]
8056|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario-santiago-legal.pdf ]
8057|_[ + ] Exploit::
8058|_[ + ] Information Server:: , , IP:191.234.162.247:443
8059|_[ + ] More details:: / - / , ISP:
8060|_[ + ] Found:: UNIDENTIFIED
8061
8062[ INFO ] [ Shutting down ]
8063[ INFO ] [ End of process INURLBR at [20-12-2019 06:51:34]
8064[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
8065[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.escueladesuboficiales.cl/output/inurlbr-www.escueladesuboficiales.cl ]
8066|_________________________________________________________________________________________
8067
8068\_________________________________________________________________________________________/
8069#######################################################################################################################################
8070-www.escueladesuboficiales.cl-port443: Aucun fichier ou dossier de ce type
8071Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-20 06:51 EST
8072NSE: Loaded 163 scripts for scanning.
8073NSE: Script Pre-scanning.
8074Initiating NSE at 06:51
8075Completed NSE at 06:51, 0.00s elapsed
8076Initiating NSE at 06:51
8077Completed NSE at 06:51, 0.00s elapsed
8078Initiating Parallel DNS resolution of 1 host. at 06:51
8079Completed Parallel DNS resolution of 1 host. at 06:51, 0.05s elapsed
8080Initiating SYN Stealth Scan at 06:51
8081Scanning www.escueladesuboficiales.cl (191.234.162.247) [1 port]
8082Discovered open port 443/tcp on 191.234.162.247
8083Completed SYN Stealth Scan at 06:51, 0.48s elapsed (1 total ports)
8084Initiating Service scan at 06:51
8085Scanning 1 service on www.escueladesuboficiales.cl (191.234.162.247)
8086Completed Service scan at 06:52, 15.02s elapsed (1 service on 1 host)
8087Initiating OS detection (try #1) against www.escueladesuboficiales.cl (191.234.162.247)
8088Retrying OS detection (try #2) against www.escueladesuboficiales.cl (191.234.162.247)
8089Initiating Traceroute at 06:52
8090Completed Traceroute at 06:52, 4.04s elapsed
8091Initiating Parallel DNS resolution of 16 hosts. at 06:52
8092Completed Parallel DNS resolution of 16 hosts. at 06:52, 1.17s elapsed
8093NSE: Script scanning 191.234.162.247.
8094Initiating NSE at 06:52
8095Completed NSE at 07:00, 486.26s elapsed
8096Initiating NSE at 07:00
8097Completed NSE at 07:00, 5.96s elapsed
8098Nmap scan report for www.escueladesuboficiales.cl (191.234.162.247)
8099Host is up (0.55s latency).
8100
8101PORT STATE SERVICE VERSION
8102443/tcp open ssl/https?
8103|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
8104| http-brute:
8105|_ Path "/" does not require authentication
8106|_http-chrono: Request times for /; avg: 10030.75ms; min: 9885.51ms; max: 10210.53ms
8107|_http-csrf: Couldn't find any CSRF vulnerabilities.
8108|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
8109|_http-dombased-xss: Couldn't find any DOM based XSS.
8110|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
8111|_http-errors: ERROR: Script execution failed (use -d to debug)
8112|_http-feed: Couldn't find any feeds.
8113|_http-fetch: Please enter the complete path of the directory to save data in.
8114|_http-jsonp-detection: Couldn't find any JSONP endpoints.
8115|_http-mobileversion-checker: No mobile version detected.
8116| http-security-headers:
8117| Strict_Transport_Security:
8118|_ HSTS not configured in HTTPS Server
8119| http-sitemap-generator:
8120| Directory structure:
8121| Longest directory structure:
8122| Depth: 0
8123| Dir: /
8124| Total files found (by extension):
8125|_
8126|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
8127| http-vhosts:
8128|_127 names had status ERROR
8129|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
8130|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
8131|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
8132|_http-xssed: No previously reported XSS vuln.
8133Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8134Device type: general purpose|firewall|storage-misc
8135Running (JUST GUESSING): Linux 2.6.X|3.X (89%), WatchGuard Fireware 11.X (89%), Synology DiskStation Manager 5.X (88%)
8136OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
8137Aggressive OS guesses: Linux 2.6.32 (89%), Linux 2.6.32 or 3.10 (89%), WatchGuard Fireware 11.8 (89%), Synology DiskStation Manager 5.1 (88%), Linux 2.6.39 (87%), Linux 3.10 (87%), Linux 3.1 - 3.2 (87%), Linux 3.4 (86%), Linux 2.6.32 - 2.6.39 (85%)
8138No exact OS matches for host (test conditions non-ideal).
8139Uptime guess: 29.672 days (since Wed Nov 20 14:53:00 2019)
8140Network Distance: 28 hops
8141TCP Sequence Prediction: Difficulty=255 (Good luck!)
8142IP ID Sequence Generation: All zeros
8143
8144TRACEROUTE (using port 443/tcp)
8145HOP RTT ADDRESS
81461 388.77 ms 10.248.204.1
81472 388.87 ms salmondeal.com.0.116.160.in-addr.arpa (160.116.0.161)
81483 388.83 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
81494 388.87 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
81505 549.12 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
81516 388.87 ms bzq-179-124-86.cust.bezeqint.net (212.179.124.86)
81527 388.95 ms bzq-219-189-10.dsl.bezeqint.net (62.219.189.10)
81538 388.94 ms ae55.edge3.London1.Level3.net (212.113.15.77)
81549 388.99 ms ae55.edge3.London1.Level3.net (212.113.15.77)
815510 220.19 ms ae25-0.icr02.lon22.ntwk.msn.net (104.44.239.103)
815611 493.01 ms be-100-0.ibr01.lon22.ntwk.msn.net (104.44.21.87)
815712 635.93 ms be-100-0.ibr01.lon22.ntwk.msn.net (104.44.21.87)
815813 635.93 ms be-6-0.ibr02.gru30.ntwk.msn.net (104.44.19.169)
815914 635.96 ms be-3-0.ibr02.ewr30.ntwk.msn.net (104.44.7.105)
816015 477.93 ms ae100-0.icr01.cpq20.ntwk.msn.net (104.44.22.70)
816116 635.90 ms ae120-0.icr01.cpq02.ntwk.msn.net (104.44.22.58)
816217 477.94 ms ae102-0.icr02.cpq20.ntwk.msn.net (104.44.22.72)
816318 ... 27
816428 521.07 ms 191.234.162.247
8165
8166NSE: Script Post-scanning.
8167Initiating NSE at 07:00
8168Completed NSE at 07:00, 0.00s elapsed
8169Initiating NSE at 07:00
8170Completed NSE at 07:00, 0.00s elapsed
8171#######################################################################################################################################
8172Version: 1.11.13-static
8173OpenSSL 1.0.2-chacha (1.0.2g-dev)
8174
8175Connected to 191.234.162.247
8176
8177Testing SSL server www.escueladesuboficiales.cl on port 443 using SNI name www.escueladesuboficiales.cl
8178
8179 TLS Fallback SCSV:
8180Server supports TLS Fallback SCSV
8181
8182 TLS renegotiation:
8183Secure session renegotiation supported
8184
8185 TLS Compression:
8186Compression disabled
8187
8188 Heartbleed:
8189TLS 1.2 not vulnerable to heartbleed
8190TLS 1.1 not vulnerable to heartbleed
8191TLS 1.0 not vulnerable to heartbleed
8192
8193 Supported Server Cipher(s):
8194Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
8195Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
8196Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8197Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
8198Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
8199Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8200Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8201Accepted TLSv1.2 256 bits AES256-GCM-SHA384
8202Accepted TLSv1.2 256 bits AES256-SHA256
8203Accepted TLSv1.2 256 bits AES256-SHA
8204Accepted TLSv1.2 256 bits CAMELLIA256-SHA
8205Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
8206Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
8207Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8208Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
8209Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
8210Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8211Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
8212Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8213Accepted TLSv1.2 128 bits AES128-GCM-SHA256
8214Accepted TLSv1.2 128 bits AES128-SHA256
8215Accepted TLSv1.2 128 bits AES128-SHA
8216Accepted TLSv1.2 128 bits SEED-SHA
8217Accepted TLSv1.2 128 bits CAMELLIA128-SHA
8218Accepted TLSv1.2 128 bits IDEA-CBC-SHA
8219Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
8220Accepted TLSv1.2 128 bits RC4-SHA
8221Accepted TLSv1.2 128 bits RC4-MD5
8222Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
8223Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
8224Accepted TLSv1.2 112 bits DES-CBC3-SHA
8225Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8226Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8227Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8228Accepted TLSv1.1 256 bits AES256-SHA
8229Accepted TLSv1.1 256 bits CAMELLIA256-SHA
8230Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8231Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8232Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
8233Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8234Accepted TLSv1.1 128 bits AES128-SHA
8235Accepted TLSv1.1 128 bits SEED-SHA
8236Accepted TLSv1.1 128 bits CAMELLIA128-SHA
8237Accepted TLSv1.1 128 bits IDEA-CBC-SHA
8238Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
8239Accepted TLSv1.1 128 bits RC4-SHA
8240Accepted TLSv1.1 128 bits RC4-MD5
8241Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
8242Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
8243Accepted TLSv1.1 112 bits DES-CBC3-SHA
8244Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8245Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8246Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8247Accepted TLSv1.0 256 bits AES256-SHA
8248Accepted TLSv1.0 256 bits CAMELLIA256-SHA
8249Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8250Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8251Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
8252Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8253Accepted TLSv1.0 128 bits AES128-SHA
8254Accepted TLSv1.0 128 bits SEED-SHA
8255Accepted TLSv1.0 128 bits CAMELLIA128-SHA
8256Accepted TLSv1.0 128 bits IDEA-CBC-SHA
8257Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
8258Accepted TLSv1.0 128 bits RC4-SHA
8259Accepted TLSv1.0 128 bits RC4-MD5
8260Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
8261Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
8262Accepted TLSv1.0 112 bits DES-CBC3-SHA
8263Preferred SSLv3 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8264Accepted SSLv3 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8265Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8266Accepted SSLv3 256 bits AES256-SHA
8267Accepted SSLv3 256 bits CAMELLIA256-SHA
8268Accepted SSLv3 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8269Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8270Accepted SSLv3 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8271Accepted SSLv3 128 bits AES128-SHA
8272Accepted SSLv3 128 bits CAMELLIA128-SHA
8273Accepted SSLv3 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
8274Accepted SSLv3 128 bits RC4-SHA
8275Accepted SSLv3 128 bits RC4-MD5
8276Accepted SSLv3 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
8277Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
8278Accepted SSLv3 112 bits DES-CBC3-SHA
8279
8280 SSL Certificate:
8281Signature Algorithm: sha256WithRSAEncryption
8282RSA Key Strength: 2048
8283
8284Subject: www.escueladesuboficiales.cl
8285Altnames: DNS:www.escueladesuboficiales.cl, DNS:escueladesuboficiales.cl, DNS:admision.escueladesuboficiales.cl, DNS:www.cesim.cl, DNS:portal.escueladesuboficiales.cl
8286Issuer: Go Daddy Secure Certificate Authority - G2
8287
8288Not valid before: Jun 21 00:09:29 2019 GMT
8289Not valid after: Jan 12 02:34:00 2020 GMT
8290#######################################################################################################################################
8291------------------------------------------------------------------------------------------------------------------------
8292
8293[ ! ] Starting SCANNER INURLBR 2.1 at [20-12-2019 07:04:28]
8294[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
8295It is the end user's responsibility to obey all applicable local, state and federal laws.
8296Developers assume no liability and are not responsible for any misuse or damage caused by this program
8297
8298[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.escueladesuboficiales.cl/output/inurlbr-www.escueladesuboficiales.cl ]
8299[ INFO ][ DORK ]::[ site:www.escueladesuboficiales.cl ]
8300[ INFO ][ SEARCHING ]:: {
8301[ INFO ][ ENGINE ]::[ GOOGLE - www.google.me ]
8302
8303[ INFO ][ SEARCHING ]::
8304-[:::]
8305[ INFO ][ ENGINE ]::[ GOOGLE API ]
8306
8307[ INFO ][ SEARCHING ]::
8308-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
8309[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.mg ID: 012984904789461885316:oy3-mu17hxk ]
8310
8311[ INFO ][ SEARCHING ]::
8312-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
8313
8314[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
8315
8316
8317 _[ - ]::--------------------------------------------------------------------------------------------------------------
8318|_[ + ] [ 0 / 100 ]-[07:04:54] [ - ]
8319|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/ ]
8320|_[ + ] Exploit::
8321|_[ + ] Information Server:: , , IP:191.234.162.247:443
8322|_[ + ] More details:: / - / , ISP:
8323|_[ + ] Found:: UNIDENTIFIED
8324
8325 _[ - ]::--------------------------------------------------------------------------------------------------------------
8326|_[ + ] [ 1 / 100 ]-[07:04:57] [ - ]
8327|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/banda.html ]
8328|_[ + ] Exploit::
8329|_[ + ] Information Server:: , , IP:191.234.162.247:443
8330|_[ + ] More details:: / - / , ISP:
8331|_[ + ] Found:: UNIDENTIFIED
8332
8333 _[ - ]::--------------------------------------------------------------------------------------------------------------
8334|_[ + ] [ 2 / 100 ]-[07:05:00] [ - ]
8335|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_09.html ]
8336|_[ + ] Exploit::
8337|_[ + ] Information Server:: , , IP:191.234.162.247:443
8338|_[ + ] More details:: / - / , ISP:
8339|_[ + ] Found:: UNIDENTIFIED
8340
8341 _[ - ]::--------------------------------------------------------------------------------------------------------------
8342|_[ + ] [ 3 / 100 ]-[07:05:03] [ - ]
8343|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_04_2019.html ]
8344|_[ + ] Exploit::
8345|_[ + ] Information Server:: , , IP:191.234.162.247:443
8346|_[ + ] More details:: / - / , ISP:
8347|_[ + ] Found:: UNIDENTIFIED
8348
8349 _[ - ]::--------------------------------------------------------------------------------------------------------------
8350|_[ + ] [ 4 / 100 ]-[07:05:06] [ - ]
8351|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/cprasa.html ]
8352|_[ + ] Exploit::
8353|_[ + ] Information Server:: , , IP:191.234.162.247:443
8354|_[ + ] More details:: / - / , ISP:
8355|_[ + ] Found:: UNIDENTIFIED
8356
8357 _[ - ]::--------------------------------------------------------------------------------------------------------------
8358|_[ + ] [ 5 / 100 ]-[07:05:09] [ - ]
8359|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/faq.html ]
8360|_[ + ] Exploit::
8361|_[ + ] Information Server:: , , IP:191.234.162.247:443
8362|_[ + ] More details:: / - / , ISP:
8363|_[ + ] Found:: UNIDENTIFIED
8364
8365 _[ - ]::--------------------------------------------------------------------------------------------------------------
8366|_[ + ] [ 6 / 100 ]-[07:05:12] [ - ]
8367|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_13.html ]
8368|_[ + ] Exploit::
8369|_[ + ] Information Server:: , , IP:191.234.162.247:443
8370|_[ + ] More details:: / - / , ISP:
8371|_[ + ] Found:: UNIDENTIFIED
8372
8373 _[ - ]::--------------------------------------------------------------------------------------------------------------
8374|_[ + ] [ 7 / 100 ]-[07:05:15] [ - ]
8375|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias.html ]
8376|_[ + ] Exploit::
8377|_[ + ] Information Server:: , , IP:191.234.162.247:443
8378|_[ + ] More details:: / - / , ISP:
8379|_[ + ] Found:: UNIDENTIFIED
8380
8381 _[ - ]::--------------------------------------------------------------------------------------------------------------
8382|_[ + ] [ 8 / 100 ]-[07:05:18] [ - ]
8383|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_02.html ]
8384|_[ + ] Exploit::
8385|_[ + ] Information Server:: , , IP:191.234.162.247:443
8386|_[ + ] More details:: / - / , ISP:
8387|_[ + ] Found:: UNIDENTIFIED
8388
8389 _[ - ]::--------------------------------------------------------------------------------------------------------------
8390|_[ + ] [ 9 / 100 ]-[07:05:21] [ - ]
8391|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/soltrop.html ]
8392|_[ + ] Exploit::
8393|_[ + ] Information Server:: , , IP:191.234.162.247:443
8394|_[ + ] More details:: / - / , ISP:
8395|_[ + ] Found:: UNIDENTIFIED
8396
8397 _[ - ]::--------------------------------------------------------------------------------------------------------------
8398|_[ + ] [ 10 / 100 ]-[07:05:24] [ - ]
8399|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_06.html ]
8400|_[ + ] Exploit::
8401|_[ + ] Information Server:: , , IP:191.234.162.247:443
8402|_[ + ] More details:: / - / , ISP:
8403|_[ + ] Found:: UNIDENTIFIED
8404
8405 _[ - ]::--------------------------------------------------------------------------------------------------------------
8406|_[ + ] [ 11 / 100 ]-[07:05:27] [ - ]
8407|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_03_2019.html ]
8408|_[ + ] Exploit::
8409|_[ + ] Information Server:: , , IP:191.234.162.247:443
8410|_[ + ] More details:: / - / , ISP:
8411|_[ + ] Found:: UNIDENTIFIED
8412
8413 _[ - ]::--------------------------------------------------------------------------------------------------------------
8414|_[ + ] [ 12 / 100 ]-[07:05:31] [ - ]
8415|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_20_2019.html ]
8416|_[ + ] Exploit::
8417|_[ + ] Information Server:: , , IP:191.234.162.247:443
8418|_[ + ] More details:: / - / , ISP:
8419|_[ + ] Found:: UNIDENTIFIED
8420
8421 _[ - ]::--------------------------------------------------------------------------------------------------------------
8422|_[ + ] [ 13 / 100 ]-[07:05:34] [ - ]
8423|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_20.html ]
8424|_[ + ] Exploit::
8425|_[ + ] Information Server:: , , IP:191.234.162.247:443
8426|_[ + ] More details:: / - / , ISP:
8427|_[ + ] Found:: UNIDENTIFIED
8428
8429 _[ - ]::--------------------------------------------------------------------------------------------------------------
8430|_[ + ] [ 14 / 100 ]-[07:05:37] [ - ]
8431|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/tecnico.html ]
8432|_[ + ] Exploit::
8433|_[ + ] Information Server:: , , IP:191.234.162.247:443
8434|_[ + ] More details:: / - / , ISP:
8435|_[ + ] Found:: UNIDENTIFIED
8436
8437 _[ - ]::--------------------------------------------------------------------------------------------------------------
8438|_[ + ] [ 15 / 100 ]-[07:05:40] [ - ]
8439|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/comun.html ]
8440|_[ + ] Exploit::
8441|_[ + ] Information Server:: , , IP:191.234.162.247:443
8442|_[ + ] More details:: / - / , ISP:
8443|_[ + ] Found:: UNIDENTIFIED
8444
8445 _[ - ]::--------------------------------------------------------------------------------------------------------------
8446|_[ + ] [ 16 / 100 ]-[07:05:43] [ - ]
8447|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_11_08.html ]
8448|_[ + ] Exploit::
8449|_[ + ] Information Server:: , , IP:191.234.162.247:443
8450|_[ + ] More details:: / - / , ISP:
8451|_[ + ] Found:: UNIDENTIFIED
8452
8453 _[ - ]::--------------------------------------------------------------------------------------------------------------
8454|_[ + ] [ 17 / 100 ]-[07:05:46] [ - ]
8455|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_05_2019.html ]
8456|_[ + ] Exploit::
8457|_[ + ] Information Server:: , , IP:191.234.162.247:443
8458|_[ + ] More details:: / - / , ISP:
8459|_[ + ] Found:: UNIDENTIFIED
8460
8461 _[ - ]::--------------------------------------------------------------------------------------------------------------
8462|_[ + ] [ 18 / 100 ]-[07:05:49] [ - ]
8463|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_06.html ]
8464|_[ + ] Exploit::
8465|_[ + ] Information Server:: , , IP:191.234.162.247:443
8466|_[ + ] More details:: / - / , ISP:
8467|_[ + ] Found:: UNIDENTIFIED
8468
8469 _[ - ]::--------------------------------------------------------------------------------------------------------------
8470|_[ + ] [ 19 / 100 ]-[07:05:52] [ - ]
8471|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_19.html ]
8472|_[ + ] Exploit::
8473|_[ + ] Information Server:: , , IP:191.234.162.247:443
8474|_[ + ] More details:: / - / , ISP:
8475|_[ + ] Found:: UNIDENTIFIED
8476
8477 _[ - ]::--------------------------------------------------------------------------------------------------------------
8478|_[ + ] [ 20 / 100 ]-[07:05:55] [ - ]
8479|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/of_enlace.html ]
8480|_[ + ] Exploit::
8481|_[ + ] Information Server:: , , IP:191.234.162.247:443
8482|_[ + ] More details:: / - / , ISP:
8483|_[ + ] Found:: UNIDENTIFIED
8484
8485 _[ - ]::--------------------------------------------------------------------------------------------------------------
8486|_[ + ] [ 21 / 100 ]-[07:05:59] [ - ]
8487|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_04_2019.html ]
8488|_[ + ] Exploit::
8489|_[ + ] Information Server:: , , IP:191.234.162.247:443
8490|_[ + ] More details:: / - / , ISP:
8491|_[ + ] Found:: UNIDENTIFIED
8492
8493 _[ - ]::--------------------------------------------------------------------------------------------------------------
8494|_[ + ] [ 22 / 100 ]-[07:06:01] [ - ]
8495|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_15_2019.html ]
8496|_[ + ] Exploit::
8497|_[ + ] Information Server:: , , IP:191.234.162.247:443
8498|_[ + ] More details:: / - / , ISP:
8499|_[ + ] Found:: UNIDENTIFIED
8500
8501 _[ - ]::--------------------------------------------------------------------------------------------------------------
8502|_[ + ] [ 23 / 100 ]-[07:06:05] [ - ]
8503|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_05.html ]
8504|_[ + ] Exploit::
8505|_[ + ] Information Server:: , , IP:191.234.162.247:443
8506|_[ + ] More details:: / - / , ISP:
8507|_[ + ] Found:: UNIDENTIFIED
8508
8509 _[ - ]::--------------------------------------------------------------------------------------------------------------
8510|_[ + ] [ 24 / 100 ]-[07:06:08] [ - ]
8511|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_01_12.html ]
8512|_[ + ] Exploit::
8513|_[ + ] Information Server:: , , IP:191.234.162.247:443
8514|_[ + ] More details:: / - / , ISP:
8515|_[ + ] Found:: UNIDENTIFIED
8516
8517 _[ - ]::--------------------------------------------------------------------------------------------------------------
8518|_[ + ] [ 25 / 100 ]-[07:06:10] [ - ]
8519|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias_yatagan.html ]
8520|_[ + ] Exploit::
8521|_[ + ] Information Server:: , , IP:191.234.162.247:443
8522|_[ + ] More details:: / - / , ISP:
8523|_[ + ] Found:: UNIDENTIFIED
8524
8525 _[ - ]::--------------------------------------------------------------------------------------------------------------
8526|_[ + ] [ 26 / 100 ]-[07:06:13] [ - ]
8527|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_10.html ]
8528|_[ + ] Exploit::
8529|_[ + ] Information Server:: , , IP:191.234.162.247:443
8530|_[ + ] More details:: / - / , ISP:
8531|_[ + ] Found:: UNIDENTIFIED
8532
8533 _[ - ]::--------------------------------------------------------------------------------------------------------------
8534|_[ + ] [ 27 / 100 ]-[07:06:16] [ - ]
8535|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_13.html ]
8536|_[ + ] Exploit::
8537|_[ + ] Information Server:: , , IP:191.234.162.247:443
8538|_[ + ] More details:: / - / , ISP:
8539|_[ + ] Found:: UNIDENTIFIED
8540
8541 _[ - ]::--------------------------------------------------------------------------------------------------------------
8542|_[ + ] [ 28 / 100 ]-[07:06:19] [ - ]
8543|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_03.html ]
8544|_[ + ] Exploit::
8545|_[ + ] Information Server:: , , IP:191.234.162.247:443
8546|_[ + ] More details:: / - / , ISP:
8547|_[ + ] Found:: UNIDENTIFIED
8548
8549 _[ - ]::--------------------------------------------------------------------------------------------------------------
8550|_[ + ] [ 29 / 100 ]-[07:06:22] [ - ]
8551|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_27.html ]
8552|_[ + ] Exploit::
8553|_[ + ] Information Server:: , , IP:191.234.162.247:443
8554|_[ + ] More details:: / - / , ISP:
8555|_[ + ] Found:: UNIDENTIFIED
8556
8557 _[ - ]::--------------------------------------------------------------------------------------------------------------
8558|_[ + ] [ 30 / 100 ]-[07:06:25] [ - ]
8559|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticia_graduacion_sg2_banda.html ]
8560|_[ + ] Exploit::
8561|_[ + ] Information Server:: , , IP:191.234.162.247:443
8562|_[ + ] More details:: / - / , ISP:
8563|_[ + ] Found:: UNIDENTIFIED
8564
8565 _[ - ]::--------------------------------------------------------------------------------------------------------------
8566|_[ + ] [ 31 / 100 ]-[07:06:28] [ - ]
8567|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_26.html ]
8568|_[ + ] Exploit::
8569|_[ + ] Information Server:: , , IP:191.234.162.247:443
8570|_[ + ] More details:: / - / , ISP:
8571|_[ + ] Found:: UNIDENTIFIED
8572
8573 _[ - ]::--------------------------------------------------------------------------------------------------------------
8574|_[ + ] [ 32 / 100 ]-[07:06:31] [ - ]
8575|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_12.html ]
8576|_[ + ] Exploit::
8577|_[ + ] Information Server:: , , IP:191.234.162.247:443
8578|_[ + ] More details:: / - / , ISP:
8579|_[ + ] Found:: UNIDENTIFIED
8580
8581 _[ - ]::--------------------------------------------------------------------------------------------------------------
8582|_[ + ] [ 33 / 100 ]-[07:06:33] [ - ]
8583|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/historia.html ]
8584|_[ + ] Exploit::
8585|_[ + ] Information Server:: , , IP:191.234.162.247:443
8586|_[ + ] More details:: / - / , ISP:
8587|_[ + ] Found:: UNIDENTIFIED
8588
8589 _[ - ]::--------------------------------------------------------------------------------------------------------------
8590|_[ + ] [ 34 / 100 ]-[07:06:36] [ - ]
8591|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_05.html ]
8592|_[ + ] Exploit::
8593|_[ + ] Information Server:: , , IP:191.234.162.247:443
8594|_[ + ] More details:: / - / , ISP:
8595|_[ + ] Found:: UNIDENTIFIED
8596
8597 _[ - ]::--------------------------------------------------------------------------------------------------------------
8598|_[ + ] [ 35 / 100 ]-[07:06:39] [ - ]
8599|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/instruccion.html ]
8600|_[ + ] Exploit::
8601|_[ + ] Information Server:: , , IP:191.234.162.247:443
8602|_[ + ] More details:: / - / , ISP:
8603|_[ + ] Found:: UNIDENTIFIED
8604
8605 _[ - ]::--------------------------------------------------------------------------------------------------------------
8606|_[ + ] [ 36 / 100 ]-[07:06:42] [ - ]
8607|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_21.html ]
8608|_[ + ] Exploit::
8609|_[ + ] Information Server:: , , IP:191.234.162.247:443
8610|_[ + ] More details:: / - / , ISP:
8611|_[ + ] Found:: UNIDENTIFIED
8612
8613 _[ - ]::--------------------------------------------------------------------------------------------------------------
8614|_[ + ] [ 37 / 100 ]-[07:06:45] [ - ]
8615|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_01.html ]
8616|_[ + ] Exploit::
8617|_[ + ] Information Server:: , , IP:191.234.162.247:443
8618|_[ + ] More details:: / - / , ISP:
8619|_[ + ] Found:: UNIDENTIFIED
8620
8621 _[ - ]::--------------------------------------------------------------------------------------------------------------
8622|_[ + ] [ 38 / 100 ]-[07:06:47] [ - ]
8623|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/docencia.html ]
8624|_[ + ] Exploit::
8625|_[ + ] Information Server:: , , IP:191.234.162.247:443
8626|_[ + ] More details:: / - / , ISP:
8627|_[ + ] Found:: UNIDENTIFIED
8628
8629 _[ - ]::--------------------------------------------------------------------------------------------------------------
8630|_[ + ] [ 39 / 100 ]-[07:06:50] [ - ]
8631|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias_alegoria_2019.html ]
8632|_[ + ] Exploit::
8633|_[ + ] Information Server:: , , IP:191.234.162.247:443
8634|_[ + ] More details:: / - / , ISP:
8635|_[ + ] Found:: UNIDENTIFIED
8636
8637 _[ - ]::--------------------------------------------------------------------------------------------------------------
8638|_[ + ] [ 40 / 100 ]-[07:06:52] [ - ]
8639|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_02.html ]
8640|_[ + ] Exploit::
8641|_[ + ] Information Server:: , , IP:191.234.162.247:443
8642|_[ + ] More details:: / - / , ISP:
8643|_[ + ] Found:: UNIDENTIFIED
8644
8645 _[ - ]::--------------------------------------------------------------------------------------------------------------
8646|_[ + ] [ 41 / 100 ]-[07:06:55] [ - ]
8647|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_03.html ]
8648|_[ + ] Exploit::
8649|_[ + ] Information Server:: , , IP:191.234.162.247:443
8650|_[ + ] More details:: / - / , ISP:
8651|_[ + ] Found:: UNIDENTIFIED
8652
8653 _[ - ]::--------------------------------------------------------------------------------------------------------------
8654|_[ + ] [ 42 / 100 ]-[07:06:58] [ - ]
8655|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_08_01.html ]
8656|_[ + ] Exploit::
8657|_[ + ] Information Server:: , , IP:191.234.162.247:443
8658|_[ + ] More details:: / - / , ISP:
8659|_[ + ] Found:: UNIDENTIFIED
8660
8661 _[ - ]::--------------------------------------------------------------------------------------------------------------
8662|_[ + ] [ 43 / 100 ]-[07:07:00] [ - ]
8663|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_08_16.html ]
8664|_[ + ] Exploit::
8665|_[ + ] Information Server:: , , IP:191.234.162.247:443
8666|_[ + ] More details:: / - / , ISP:
8667|_[ + ] Found:: UNIDENTIFIED
8668
8669 _[ - ]::--------------------------------------------------------------------------------------------------------------
8670|_[ + ] [ 44 / 100 ]-[07:07:03] [ - ]
8671|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_01.html ]
8672|_[ + ] Exploit::
8673|_[ + ] Information Server:: , , IP:191.234.162.247:443
8674|_[ + ] More details:: / - / , ISP:
8675|_[ + ] Found:: UNIDENTIFIED
8676
8677 _[ - ]::--------------------------------------------------------------------------------------------------------------
8678|_[ + ] [ 45 / 100 ]-[07:07:06] [ - ]
8679|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/deporte.html ]
8680|_[ + ] Exploit::
8681|_[ + ] Information Server:: , , IP:191.234.162.247:443
8682|_[ + ] More details:: / - / , ISP:
8683|_[ + ] Found:: UNIDENTIFIED
8684
8685 _[ - ]::--------------------------------------------------------------------------------------------------------------
8686|_[ + ] [ 46 / 100 ]-[07:07:09] [ - ]
8687|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_11_07.html ]
8688|_[ + ] Exploit::
8689|_[ + ] Information Server:: , , IP:191.234.162.247:443
8690|_[ + ] More details:: / - / , ISP:
8691|_[ + ] Found:: UNIDENTIFIED
8692
8693 _[ - ]::--------------------------------------------------------------------------------------------------------------
8694|_[ + ] [ 47 / 100 ]-[07:07:11] [ - ]
8695|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_10_05.html ]
8696|_[ + ] Exploit::
8697|_[ + ] Information Server:: , , IP:191.234.162.247:443
8698|_[ + ] More details:: / - / , ISP:
8699|_[ + ] Found:: UNIDENTIFIED
8700
8701 _[ - ]::--------------------------------------------------------------------------------------------------------------
8702|_[ + ] [ 48 / 100 ]-[07:07:14] [ - ]
8703|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/bandas.html ]
8704|_[ + ] Exploit::
8705|_[ + ] Information Server:: , , IP:191.234.162.247:443
8706|_[ + ] More details:: / - / , ISP:
8707|_[ + ] Found:: UNIDENTIFIED
8708
8709 _[ - ]::--------------------------------------------------------------------------------------------------------------
8710|_[ + ] [ 49 / 100 ]-[07:07:17] [ - ]
8711|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_08.html ]
8712|_[ + ] Exploit::
8713|_[ + ] Information Server:: , , IP:191.234.162.247:443
8714|_[ + ] More details:: / - / , ISP:
8715|_[ + ] Found:: UNIDENTIFIED
8716
8717 _[ - ]::--------------------------------------------------------------------------------------------------------------
8718|_[ + ] [ 50 / 100 ]-[07:07:19] [ - ]
8719|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_29.html ]
8720|_[ + ] Exploit::
8721|_[ + ] Information Server:: , , IP:191.234.162.247:443
8722|_[ + ] More details:: / - / , ISP:
8723|_[ + ] Found:: UNIDENTIFIED
8724
8725 _[ - ]::--------------------------------------------------------------------------------------------------------------
8726|_[ + ] [ 51 / 100 ]-[07:07:22] [ - ]
8727|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_12.html ]
8728|_[ + ] Exploit::
8729|_[ + ] Information Server:: , , IP:191.234.162.247:443
8730|_[ + ] More details:: / - / , ISP:
8731|_[ + ] Found:: UNIDENTIFIED
8732
8733 _[ - ]::--------------------------------------------------------------------------------------------------------------
8734|_[ + ] [ 52 / 100 ]-[07:07:25] [ - ]
8735|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/dragoneante.html ]
8736|_[ + ] Exploit::
8737|_[ + ] Information Server:: , , IP:191.234.162.247:443
8738|_[ + ] More details:: / - / , ISP:
8739|_[ + ] Found:: UNIDENTIFIED
8740
8741 _[ - ]::--------------------------------------------------------------------------------------------------------------
8742|_[ + ] [ 53 / 100 ]-[07:07:27] [ - ]
8743|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_01.html ]
8744|_[ + ] Exploit::
8745|_[ + ] Information Server:: , , IP:191.234.162.247:443
8746|_[ + ] More details:: / - / , ISP:
8747|_[ + ] Found:: UNIDENTIFIED
8748
8749 _[ - ]::--------------------------------------------------------------------------------------------------------------
8750|_[ + ] [ 54 / 100 ]-[07:07:30] [ - ]
8751|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/saludo.html ]
8752|_[ + ] Exploit::
8753|_[ + ] Information Server:: , , IP:191.234.162.247:443
8754|_[ + ] More details:: / - / , ISP:
8755|_[ + ] Found:: UNIDENTIFIED
8756
8757 _[ - ]::--------------------------------------------------------------------------------------------------------------
8758|_[ + ] [ 55 / 100 ]-[07:07:33] [ - ]
8759|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_01_18_2019.html ]
8760|_[ + ] Exploit::
8761|_[ + ] Information Server:: , , IP:191.234.162.247:443
8762|_[ + ] More details:: / - / , ISP:
8763|_[ + ] Found:: UNIDENTIFIED
8764
8765 _[ - ]::--------------------------------------------------------------------------------------------------------------
8766|_[ + ] [ 56 / 100 ]-[07:07:36] [ - ]
8767|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticias_dia_som.html ]
8768|_[ + ] Exploit::
8769|_[ + ] Information Server:: , , IP:191.234.162.247:443
8770|_[ + ] More details:: / - / , ISP:
8771|_[ + ] Found:: UNIDENTIFIED
8772
8773 _[ - ]::--------------------------------------------------------------------------------------------------------------
8774|_[ + ] [ 57 / 100 ]-[07:07:38] [ - ]
8775|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_07_30.html ]
8776|_[ + ] Exploit::
8777|_[ + ] Information Server:: , , IP:191.234.162.247:443
8778|_[ + ] More details:: / - / , ISP:
8779|_[ + ] Found:: UNIDENTIFIED
8780
8781 _[ - ]::--------------------------------------------------------------------------------------------------------------
8782|_[ + ] [ 58 / 100 ]-[07:07:41] [ - ]
8783|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_12.html ]
8784|_[ + ] Exploit::
8785|_[ + ] Information Server:: , , IP:191.234.162.247:443
8786|_[ + ] More details:: / - / , ISP:
8787|_[ + ] Found:: UNIDENTIFIED
8788
8789 _[ - ]::--------------------------------------------------------------------------------------------------------------
8790|_[ + ] [ 59 / 100 ]-[07:07:44] [ - ]
8791|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_08_07.html ]
8792|_[ + ] Exploit::
8793|_[ + ] Information Server:: , , IP:191.234.162.247:443
8794|_[ + ] More details:: / - / , ISP:
8795|_[ + ] Found:: UNIDENTIFIED
8796
8797 _[ - ]::--------------------------------------------------------------------------------------------------------------
8798|_[ + ] [ 60 / 100 ]-[07:07:46] [ - ]
8799|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_04_12.html ]
8800|_[ + ] Exploit::
8801|_[ + ] Information Server:: , , IP:191.234.162.247:443
8802|_[ + ] More details:: / - / , ISP:
8803|_[ + ] Found:: UNIDENTIFIED
8804
8805 _[ - ]::--------------------------------------------------------------------------------------------------------------
8806|_[ + ] [ 61 / 100 ]-[07:07:49] [ - ]
8807|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_12_01.html ]
8808|_[ + ] Exploit::
8809|_[ + ] Information Server:: , , IP:191.234.162.247:443
8810|_[ + ] More details:: / - / , ISP:
8811|_[ + ] Found:: UNIDENTIFIED
8812
8813 _[ - ]::--------------------------------------------------------------------------------------------------------------
8814|_[ + ] [ 62 / 100 ]-[07:07:52] [ - ]
8815|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticia_finaliza_inscripcion.html ]
8816|_[ + ] Exploit::
8817|_[ + ] Information Server:: , , IP:191.234.162.247:443
8818|_[ + ] More details:: / - / , ISP:
8819|_[ + ] Found:: UNIDENTIFIED
8820
8821 _[ - ]::--------------------------------------------------------------------------------------------------------------
8822|_[ + ] [ 63 / 100 ]-[07:07:54] [ - ]
8823|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_17.html ]
8824|_[ + ] Exploit::
8825|_[ + ] Information Server:: , , IP:191.234.162.247:443
8826|_[ + ] More details:: / - / , ISP:
8827|_[ + ] Found:: UNIDENTIFIED
8828
8829 _[ - ]::--------------------------------------------------------------------------------------------------------------
8830|_[ + ] [ 64 / 100 ]-[07:07:57] [ - ]
8831|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_09_03.html ]
8832|_[ + ] Exploit::
8833|_[ + ] Information Server:: , , IP:191.234.162.247:443
8834|_[ + ] More details:: / - / , ISP:
8835|_[ + ] Found:: UNIDENTIFIED
8836
8837 _[ - ]::--------------------------------------------------------------------------------------------------------------
8838|_[ + ] [ 65 / 100 ]-[07:08:00] [ - ]
8839|_[ + ] Target:: [ http://www.escueladesuboficiales.cl/pdf/TECNICOS/ ]
8840|_[ + ] Exploit::
8841|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Apache , IP:191.234.162.247:80
8842|_[ + ] More details:: / - / , ISP:
8843|_[ + ] Found:: UNIDENTIFIED
8844
8845 _[ - ]::--------------------------------------------------------------------------------------------------------------
8846|_[ + ] [ 66 / 100 ]-[07:08:03] [ - ]
8847|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/admision.html ]
8848|_[ + ] Exploit::
8849|_[ + ] Information Server:: , , IP:191.234.162.247:443
8850|_[ + ] More details:: / - / , ISP:
8851|_[ + ] Found:: UNIDENTIFIED
8852
8853 _[ - ]::--------------------------------------------------------------------------------------------------------------
8854|_[ + ] [ 67 / 100 ]-[07:08:06] [ - ]
8855|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/vision_mision.html ]
8856|_[ + ] Exploit::
8857|_[ + ] Information Server:: , , IP:191.234.162.247:443
8858|_[ + ] More details:: / - / , ISP:
8859|_[ + ] Found:: UNIDENTIFIED
8860
8861 _[ - ]::--------------------------------------------------------------------------------------------------------------
8862|_[ + ] [ 68 / 100 ]-[07:08:08] [ - ]
8863|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/contacto.html ]
8864|_[ + ] Exploit::
8865|_[ + ] Information Server:: , , IP:191.234.162.247:443
8866|_[ + ] More details:: / - / , ISP:
8867|_[ + ] Found:: UNIDENTIFIED
8868
8869 _[ - ]::--------------------------------------------------------------------------------------------------------------
8870|_[ + ] [ 69 / 100 ]-[07:08:11] [ - ]
8871|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/resultados.html ]
8872|_[ + ] Exploit::
8873|_[ + ] Information Server:: , , IP:191.234.162.247:443
8874|_[ + ] More details:: / - / , ISP:
8875|_[ + ] Found:: UNIDENTIFIED
8876
8877 _[ - ]::--------------------------------------------------------------------------------------------------------------
8878|_[ + ] [ 70 / 100 ]-[07:08:14] [ - ]
8879|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/mision_vision.html ]
8880|_[ + ] Exploit::
8881|_[ + ] Information Server:: , , IP:191.234.162.247:443
8882|_[ + ] More details:: / - / , ISP:
8883|_[ + ] Found:: UNIDENTIFIED
8884
8885 _[ - ]::--------------------------------------------------------------------------------------------------------------
8886|_[ + ] [ 71 / 100 ]-[07:08:17] [ - ]
8887|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/soltrop_damas_varones_med2.pdf ]
8888|_[ + ] Exploit::
8889|_[ + ] Information Server:: , , IP:191.234.162.247:443
8890|_[ + ] More details:: / - / , ISP:
8891|_[ + ] Found:: UNIDENTIFIED
8892
8893 _[ - ]::--------------------------------------------------------------------------------------------------------------
8894|_[ + ] [ 72 / 100 ]-[07:08:20] [ - ]
8895|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_tecnicos_2019.pdf ]
8896|_[ + ] Exploit::
8897|_[ + ] Information Server:: , , IP:191.234.162.247:443
8898|_[ + ] More details:: / - / , ISP:
8899|_[ + ] Found:: UNIDENTIFIED
8900
8901 _[ - ]::--------------------------------------------------------------------------------------------------------------
8902|_[ + ] [ 73 / 100 ]-[07:08:22] [ - ]
8903|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_sltp_2019.pdf ]
8904|_[ + ] Exploit::
8905|_[ + ] Information Server:: , , IP:191.234.162.247:443
8906|_[ + ] More details:: / - / , ISP:
8907|_[ + ] Found:: UNIDENTIFIED
8908
8909 _[ - ]::--------------------------------------------------------------------------------------------------------------
8910|_[ + ] [ 74 / 100 ]-[07:08:25] [ - ]
8911|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/el_dragoneante.html ]
8912|_[ + ] Exploit::
8913|_[ + ] Information Server:: , , IP:191.234.162.247:443
8914|_[ + ] More details:: / - / , ISP:
8915|_[ + ] Found:: UNIDENTIFIED
8916
8917 _[ - ]::--------------------------------------------------------------------------------------------------------------
8918|_[ + ] [ 75 / 100 ]-[07:08:28] [ - ]
8919|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario_2019_provincia_legal.pdf ]
8920|_[ + ] Exploit::
8921|_[ + ] Information Server:: , , IP:191.234.162.247:443
8922|_[ + ] More details:: / - / , ISP:
8923|_[ + ] Found:: UNIDENTIFIED
8924
8925 _[ - ]::--------------------------------------------------------------------------------------------------------------
8926|_[ + ] [ 76 / 100 ]-[07:08:31] [ - ]
8927|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_regular_2019.pdf ]
8928|_[ + ] Exploit::
8929|_[ + ] Information Server:: , , IP:191.234.162.247:443
8930|_[ + ] More details:: / - / , ISP:
8931|_[ + ] Found:: UNIDENTIFIED
8932
8933 _[ - ]::--------------------------------------------------------------------------------------------------------------
8934|_[ + ] [ 77 / 100 ]-[07:08:34] [ - ]
8935|_[ + ] Target:: [ http://www.escueladesuboficiales.cl/assets/hoja_respuestas_2017.pdf ]
8936|_[ + ] Exploit::
8937|_[ + ] Information Server:: HTTP/1.1 301 Moved Permanently, Server: Apache , IP:191.234.162.247:80
8938|_[ + ] More details:: / - / , ISP:
8939|_[ + ] Found:: UNIDENTIFIED
8940
8941 _[ - ]::--------------------------------------------------------------------------------------------------------------
8942|_[ + ] [ 78 / 100 ]-[07:08:36] [ - ]
8943|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/regular2.pdf ]
8944|_[ + ] Exploit::
8945|_[ + ] Information Server:: , , IP:191.234.162.247:443
8946|_[ + ] More details:: / - / , ISP:
8947|_[ + ] Found:: UNIDENTIFIED
8948
8949 _[ - ]::--------------------------------------------------------------------------------------------------------------
8950|_[ + ] [ 79 / 100 ]-[07:08:39] [ - ]
8951|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/nuestra_escuela.html ]
8952|_[ + ] Exploit::
8953|_[ + ] Information Server:: , , IP:191.234.162.247:443
8954|_[ + ] More details:: / - / , ISP:
8955|_[ + ] Found:: UNIDENTIFIED
8956
8957 _[ - ]::--------------------------------------------------------------------------------------------------------------
8958|_[ + ] [ 80 / 100 ]-[07:08:42] [ - ]
8959|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/tecnicos_damas_varones_med2.pdf ]
8960|_[ + ] Exploit::
8961|_[ + ] Information Server:: , , IP:191.234.162.247:443
8962|_[ + ] More details:: / - / , ISP:
8963|_[ + ] Found:: UNIDENTIFIED
8964
8965 _[ - ]::--------------------------------------------------------------------------------------------------------------
8966|_[ + ] [ 81 / 100 ]-[07:08:44] [ - ]
8967|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/aptos_psicologicos_cprasa_2019.pdf ]
8968|_[ + ] Exploit::
8969|_[ + ] Information Server:: , , IP:191.234.162.247:443
8970|_[ + ] More details:: / - / , ISP:
8971|_[ + ] Found:: UNIDENTIFIED
8972
8973 _[ - ]::--------------------------------------------------------------------------------------------------------------
8974|_[ + ] [ 82 / 100 ]-[07:08:47] [ - ]
8975|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/mayordomo.html ]
8976|_[ + ] Exploit::
8977|_[ + ] Information Server:: , , IP:191.234.162.247:443
8978|_[ + ] More details:: / - / , ISP:
8979|_[ + ] Found:: UNIDENTIFIED
8980
8981 _[ - ]::--------------------------------------------------------------------------------------------------------------
8982|_[ + ] [ 83 / 100 ]-[07:08:50] [ - ]
8983|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario_2019_santiago_legal.pdf ]
8984|_[ + ] Exploit::
8985|_[ + ] Information Server:: , , IP:191.234.162.247:443
8986|_[ + ] More details:: / - / , ISP:
8987|_[ + ] Found:: UNIDENTIFIED
8988
8989 _[ - ]::--------------------------------------------------------------------------------------------------------------
8990|_[ + ] [ 84 / 100 ]-[07:08:53] [ - ]
8991|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_regular2.pdf ]
8992|_[ + ] Exploit::
8993|_[ + ] Information Server:: , , IP:191.234.162.247:443
8994|_[ + ] More details:: / - / , ISP:
8995|_[ + ] Found:: UNIDENTIFIED
8996
8997 _[ - ]::--------------------------------------------------------------------------------------------------------------
8998|_[ + ] [ 85 / 100 ]-[07:08:55] [ - ]
8999|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_cprasa.pdf ]
9000|_[ + ] Exploit::
9001|_[ + ] Information Server:: , , IP:191.234.162.247:443
9002|_[ + ] More details:: / - / , ISP:
9003|_[ + ] Found:: UNIDENTIFIED
9004
9005 _[ - ]::--------------------------------------------------------------------------------------------------------------
9006|_[ + ] [ 86 / 100 ]-[07:08:58] [ - ]
9007|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_tec.pdf ]
9008|_[ + ] Exploit::
9009|_[ + ] Information Server:: , , IP:191.234.162.247:443
9010|_[ + ] More details:: / - / , ISP:
9011|_[ + ] Found:: UNIDENTIFIED
9012
9013 _[ - ]::--------------------------------------------------------------------------------------------------------------
9014|_[ + ] [ 87 / 100 ]-[07:09:00] [ - ]
9015|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/malla_soltrop.pdf ]
9016|_[ + ] Exploit::
9017|_[ + ] Information Server:: , , IP:191.234.162.247:443
9018|_[ + ] More details:: / - / , ISP:
9019|_[ + ] Found:: UNIDENTIFIED
9020
9021 _[ - ]::--------------------------------------------------------------------------------------------------------------
9022|_[ + ] [ 88 / 100 ]-[07:09:03] [ - ]
9023|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/biblioteca/patronimico.html ]
9024|_[ + ] Exploit::
9025|_[ + ] Information Server:: , , IP:191.234.162.247:443
9026|_[ + ] More details:: / - / , ISP:
9027|_[ + ] Found:: UNIDENTIFIED
9028
9029 _[ - ]::--------------------------------------------------------------------------------------------------------------
9030|_[ + ] [ 89 / 100 ]-[07:09:06] [ - ]
9031|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/cprasa_varones_y_damas2.pdf ]
9032|_[ + ] Exploit::
9033|_[ + ] Information Server:: , , IP:191.234.162.247:443
9034|_[ + ] More details:: / - / , ISP:
9035|_[ + ] Found:: UNIDENTIFIED
9036
9037 _[ - ]::--------------------------------------------------------------------------------------------------------------
9038|_[ + ] [ 90 / 100 ]-[07:09:09] [ - ]
9039|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/biblioteca/index.html ]
9040|_[ + ] Exploit::
9041|_[ + ] Information Server:: , , IP:191.234.162.247:443
9042|_[ + ] More details:: / - / , ISP:
9043|_[ + ] Found:: UNIDENTIFIED
9044
9045 _[ - ]::--------------------------------------------------------------------------------------------------------------
9046|_[ + ] [ 91 / 100 ]-[07:09:11] [ - ]
9047|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/fechas.html ]
9048|_[ + ] Exploit::
9049|_[ + ] Information Server:: , , IP:191.234.162.247:443
9050|_[ + ] More details:: / - / , ISP:
9051|_[ + ] Found:: UNIDENTIFIED
9052
9053 _[ - ]::--------------------------------------------------------------------------------------------------------------
9054|_[ + ] [ 92 / 100 ]-[07:09:14] [ - ]
9055|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario-regiones.pdf ]
9056|_[ + ] Exploit::
9057|_[ + ] Information Server:: , , IP:191.234.162.247:443
9058|_[ + ] More details:: / - / , ISP:
9059|_[ + ] Found:: UNIDENTIFIED
9060
9061 _[ - ]::--------------------------------------------------------------------------------------------------------------
9062|_[ + ] [ 93 / 100 ]-[07:09:17] [ - ]
9063|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/phone/index.html ]
9064|_[ + ] Exploit::
9065|_[ + ] Information Server:: , , IP:191.234.162.247:443
9066|_[ + ] More details:: / - / , ISP:
9067|_[ + ] Found:: UNIDENTIFIED
9068
9069 _[ - ]::--------------------------------------------------------------------------------------------------------------
9070|_[ + ] [ 94 / 100 ]-[07:09:19] [ - ]
9071|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_05_05,-copias.html ]
9072|_[ + ] Exploit::
9073|_[ + ] Information Server:: , , IP:191.234.162.247:443
9074|_[ + ] More details:: / - / , ISP:
9075|_[ + ] Found:: UNIDENTIFIED
9076
9077 _[ - ]::--------------------------------------------------------------------------------------------------------------
9078|_[ + ] [ 95 / 100 ]-[07:09:22] [ - ]
9079|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_06_29,-copias.html ]
9080|_[ + ] Exploit::
9081|_[ + ] Information Server:: , , IP:191.234.162.247:443
9082|_[ + ] More details:: / - / , ISP:
9083|_[ + ] Found:: UNIDENTIFIED
9084
9085 _[ - ]::--------------------------------------------------------------------------------------------------------------
9086|_[ + ] [ 96 / 100 ]-[07:09:25] [ - ]
9087|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_03_10,-copias.html ]
9088|_[ + ] Exploit::
9089|_[ + ] Information Server:: , , IP:191.234.162.247:443
9090|_[ + ] More details:: / - / , ISP:
9091|_[ + ] Found:: UNIDENTIFIED
9092
9093 _[ - ]::--------------------------------------------------------------------------------------------------------------
9094|_[ + ] [ 97 / 100 ]-[07:09:27] [ - ]
9095|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noti_02_28_2019,-copias.html ]
9096|_[ + ] Exploit::
9097|_[ + ] Information Server:: , , IP:191.234.162.247:443
9098|_[ + ] More details:: / - / , ISP:
9099|_[ + ] Found:: UNIDENTIFIED
9100
9101 _[ - ]::--------------------------------------------------------------------------------------------------------------
9102|_[ + ] [ 98 / 100 ]-[07:09:30] [ - ]
9103|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/noticia_finaliza_inscripcion---copia.html ]
9104|_[ + ] Exploit::
9105|_[ + ] Information Server:: , , IP:191.234.162.247:443
9106|_[ + ] More details:: / - / , ISP:
9107|_[ + ] Found:: UNIDENTIFIED
9108
9109 _[ - ]::--------------------------------------------------------------------------------------------------------------
9110|_[ + ] [ 99 / 100 ]-[07:09:33] [ - ]
9111|_[ + ] Target:: [ https://www.escueladesuboficiales.cl/assets/calendario-santiago-legal.pdf ]
9112|_[ + ] Exploit::
9113|_[ + ] Information Server:: , , IP:191.234.162.247:443
9114|_[ + ] More details:: / - / , ISP:
9115|_[ + ] Found:: UNIDENTIFIED
9116
9117[ INFO ] [ Shutting down ]
9118[ INFO ] [ End of process INURLBR at [20-12-2019 07:09:33]
9119[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
9120[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.escueladesuboficiales.cl/output/inurlbr-www.escueladesuboficiales.cl ]
9121|_________________________________________________________________________________________
9122
9123\_________________________________________________________________________________________/
9124#######################################################################################################################################
9125--------------------------------------------------------
9126<<<Yasuo discovered following vulnerable applications>>>
9127--------------------------------------------------------
9128+------------+-----------------------------------------+--------------------------------------------------+----------+----------+
9129| App Name | URL to Application | Potential Exploit | Username | Password |
9130+------------+-----------------------------------------+--------------------------------------------------+----------+----------+
9131| phpMyAdmin | https://191.234.162.247:443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
9132+------------+-----------------------------------------+--------------------------------------------------+----------+----------+
9133#######################################################################################################################################
9134#######################################################################################################################################
9135 Anonymous JTSEC #OpChili Full Recon #20