· 5 years ago · Feb 07, 2020, 01:49 PM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname www.islam-iea.com ISP LLC Server v arendy
4Continent Europe Flag
5RU
6Country Russian Federation Country Code RU
7Region Unknown Local time 07 Feb 2020 14:25 MSK
8City Unknown Postal Code Unknown
9IP Address 141.105.65.111 Latitude 55.739
10 Longitude 37.607
11======================================================================================================================================
12###################################################################################################################################
13> www.islam-iea.com
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.islam-iea.com
19Address: 141.105.65.111
20>
21###################################################################################################################################
22 Domain Name: ISLAM-IEA.COM
23 Registry Domain ID: 1668656588_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.namecheap.com
25 Registrar URL: http://www.namecheap.com
26 Updated Date: 2019-07-04T10:20:57Z
27 Creation Date: 2011-07-25T03:10:23Z
28 Registry Expiry Date: 2020-07-25T03:10:23Z
29 Registrar: NameCheap, Inc.
30 Registrar IANA ID: 1068
31 Registrar Abuse Contact Email: abuse@namecheap.com
32 Registrar Abuse Contact Phone: +1.6613102107
33 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
34 Name Server: NS1.AFRAID.ORG
35 Name Server: NS2.AFRAID.ORG
36 DNSSEC: unsigned
37##################################################################################################################################
38Domain name: islam-iea.com
39Registry Domain ID: 1668656588_DOMAIN_COM-VRSN
40Registrar WHOIS Server: whois.namecheap.com
41Registrar URL: http://www.namecheap.com
42Updated Date: 2019-07-04T10:20:57.50Z
43Creation Date: 2011-07-25T03:10:23.00Z
44Registrar Registration Expiration Date: 2020-07-25T03:10:23.00Z
45Registrar: NAMECHEAP INC
46Registrar IANA ID: 1068
47Registrar Abuse Contact Email: abuse@namecheap.com
48Registrar Abuse Contact Phone: +1.6613102107
49Reseller: NAMECHEAP INC
50Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
51Registry Registrant ID:
52Registrant Name: WhoisGuard Protected
53Registrant Organization: WhoisGuard, Inc.
54Registrant Street: P.O. Box 0823-03411
55Registrant City: Panama
56Registrant State/Province: Panama
57Registrant Postal Code: 00000
58Registrant Country: PA
59Registrant Phone: +507.8365503
60Registrant Phone Ext:
61Registrant Fax: +51.17057182
62Registrant Fax Ext:
63Registrant Email: 505a8dba090f4a98a0add83d457db804.protect@whoisguard.com
64Registry Admin ID:
65Admin Name: WhoisGuard Protected
66Admin Organization: WhoisGuard, Inc.
67Admin Street: P.O. Box 0823-03411
68Admin City: Panama
69Admin State/Province: Panama
70Admin Postal Code: 00000
71Admin Country: PA
72Admin Phone: +507.8365503
73Admin Phone Ext:
74Admin Fax: +51.17057182
75Admin Fax Ext:
76Admin Email: 505a8dba090f4a98a0add83d457db804.protect@whoisguard.com
77Registry Tech ID:
78Tech Name: WhoisGuard Protected
79Tech Organization: WhoisGuard, Inc.
80Tech Street: P.O. Box 0823-03411
81Tech City: Panama
82Tech State/Province: Panama
83Tech Postal Code: 00000
84Tech Country: PA
85Tech Phone: +507.8365503
86Tech Phone Ext:
87Tech Fax: +51.17057182
88Tech Fax Ext:
89Tech Email: 505a8dba090f4a98a0add83d457db804.protect@whoisguard.com
90Name Server: ns1.afraid.org
91Name Server: ns2.afraid.org
92DNSSEC: unsigned
93###################################################################################################################################
94[+] Target : www.islam-iea.com
95
96[+] IP Address : 141.105.65.111
97
98[+] Headers :
99
100[+] Date : Fri, 07 Feb 2020 11:43:19 GMT
101[+] Server : Apache
102[+] Link : <http://alemarahislam.com/wp-json/>; rel="https://api.w.org/"
103[+] Keep-Alive : timeout=5, max=100
104[+] Connection : Keep-Alive
105[+] Transfer-Encoding : chunked
106[+] Content-Type : text/html; charset=UTF-8
107
108[+] SSL Certificate Information :
109
110[+] commonName : alemaraharabi.com
111[+] countryName : US
112[+] stateOrProvinceName : TX
113[+] localityName : Houston
114[+] organizationName : cPanel, Inc.
115[+] commonName : cPanel, Inc. Certification Authority
116[+] Version : 3
117[+] Serial Number : 36E68C35FE06DFEE12EFB198FED4ECF8
118[+] Not Before : Mar 21 00:00:00 2019 GMT
119[+] Not After : Jun 19 23:59:59 2019 GMT
120[+] OCSP : ('http://ocsp.comodoca.com',)
121[+] subject Alt Name : (('DNS', 'alemaraharabi.com'), ('DNS', 'mail.alemaraharabi.com'), ('DNS', 'www.alemaraharabi.com'))
122[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
123[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
124
125[+] Whois Lookup :
126
127[+] NIR : None
128[+] ASN Registry : ripencc
129[+] ASN : 49335
130[+] ASN CIDR : 141.105.65.0/24
131[+] ASN Country Code : RU
132[+] ASN Date : 2011-06-27
133[+] ASN Description : NCONNECT-AS, RU
134[+] cidr : 141.105.65.0/24
135[+] name : HOSTKEY-RU
136[+] handle : AS36383-RIPE
137[+] range : 141.105.65.0 - 141.105.65.255
138[+] description : None
139[+] country : RU
140[+] state : None
141[+] city : None
142[+] address : Barabannyi line , 4/4
143107023
144Moscow
145RUSSIAN FEDERATION
146[+] postal_code : None
147[+] emails : None
148[+] created : 2019-06-26T14:09:47Z
149[+] updated : 2019-06-26T14:09:47Z
150
151[+] Crawling Target...
152
153[+] Looking for robots.txt........[ Found ]
154[+] Extracting robots Links.......[ 2 ]
155[+] Looking for sitemap.xml.......[ Not Found ]
156[+] Extracting CSS Links..........[ 3 ]
157[+] Extracting Javascript Links...[ 5 ]
158[+] Extracting Internal Links.....[ 0 ]
159[+] Extracting External Links.....[ 146 ]
160[+] Extracting Images.............[ 81 ]
161
162[+] Total Links Extracted : 237
163
164[+] Dumping Links in /opt/FinalRecon/dumps/www.islam-iea.com.dump
165[+] Completed!
166###################################################################################################################################
167[i] Scanning Site: http://www.islam-iea.com
168
169
170
171B A S I C I N F O
172====================
173
174
175[+] Site Title: اسلام ویب پاڼه – دافغانستان اسلامي امارت
176[+] IP address: 141.105.65.111
177[+] Web Server: Apache
178[+] CMS: WordPress
179[+] Cloudflare: Not Detected
180[+] Robots File: Found
181
182-------------[ contents ]----------------
183User-agent: *
184Disallow: /wp-admin/
185Allow: /wp-admin/admin-ajax.php
186
187-----------[end of contents]-------------
188
189
190
191W H O I S L O O K U P
192========================
193
194 Domain Name: ISLAM-IEA.COM
195 Registry Domain ID: 1668656588_DOMAIN_COM-VRSN
196 Registrar WHOIS Server: whois.namecheap.com
197 Registrar URL: http://www.namecheap.com
198 Updated Date: 2019-07-04T10:20:57Z
199 Creation Date: 2011-07-25T03:10:23Z
200 Registry Expiry Date: 2020-07-25T03:10:23Z
201 Registrar: NameCheap, Inc.
202 Registrar IANA ID: 1068
203 Registrar Abuse Contact Email: abuse@namecheap.com
204 Registrar Abuse Contact Phone: +1.6613102107
205 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
206 Name Server: NS1.AFRAID.ORG
207 Name Server: NS2.AFRAID.ORG
208 DNSSEC: unsigned
209 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
210>>> Last update of whois database: 2020-02-07T11:43:27Z <<<
211
212For more information on Whois status codes, please visit https://icann.org/epp
213
214
215
216The Registry database contains ONLY .COM, .NET, .EDU domains and
217Registrars.
218
219
220
221
222G E O I P L O O K U P
223=========================
224
225[i] IP Address: 141.105.65.111
226[i] Country: Russia
227[i] State:
228[i] City:
229[i] Latitude: 55.7386
230[i] Longitude: 37.6068
231
232
233
234
235H T T P H E A D E R S
236=======================
237
238
239[i] HTTP/1.1 200 OK
240[i] Date: Fri, 07 Feb 2020 11:43:46 GMT
241[i] Server: Apache
242[i] Link: <http://alemarahislam.com/wp-json/>; rel="https://api.w.org/"
243[i] Connection: close
244[i] Content-Type: text/html; charset=UTF-8
245
246
247
248
249D N S L O O K U P
250===================
251
252islam-iea.com. 3599 IN A 141.105.65.111
253islam-iea.com. 3599 IN SOA ns1.afraid.org. dnsadmin.afraid.org. 1906160001 86400 7200 2419200 3600
254islam-iea.com. 3599 IN NS ns1.afraid.org.
255islam-iea.com. 3599 IN NS ns4.afraid.org.
256islam-iea.com. 3599 IN NS ns2.afraid.org.
257islam-iea.com. 3599 IN NS ns3.afraid.org.
258
259
260
261
262S U B N E T C A L C U L A T I O N
263====================================
264
265Address = 141.105.65.111
266Network = 141.105.65.111 / 32
267Netmask = 255.255.255.255
268Broadcast = not needed on Point-to-Point links
269Wildcard Mask = 0.0.0.0
270Hosts Bits = 0
271Max. Hosts = 1 (2^0 - 0)
272Host Range = { 141.105.65.111 - 141.105.65.111 }
273
274
275
276N M A P P O R T S C A N
277============================
278
279Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-07 11:43 UTC
280Nmap scan report for islam-iea.com (141.105.65.111)
281Host is up (0.12s latency).
282
283PORT STATE SERVICE
28421/tcp open ftp
28522/tcp closed ssh
28623/tcp filtered telnet
28780/tcp open http
288110/tcp open pop3
289143/tcp open imap
290443/tcp open https
2913389/tcp filtered ms-wbt-server
292
293Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds
294###################################################################################################################################
295[+] Starting At 2020-02-07 06:44:39.263664
296[+] Collecting Information On: http://www.islam-iea.com/
297[#] Status: 200
298--------------------------------------------------
299[#] Web Server Detected: Apache
300[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
301- Date: Fri, 07 Feb 2020 11:44:28 GMT
302- Server: Apache
303- Link: <http://alemarahislam.com/wp-json/>; rel="https://api.w.org/"
304- Keep-Alive: timeout=5, max=100
305- Connection: Keep-Alive
306- Transfer-Encoding: chunked
307- Content-Type: text/html; charset=UTF-8
308--------------------------------------------------
309[#] Finding Location..!
310[#] status: success
311[#] country: Russia
312[#] countryCode: RU
313[#] region: MOW
314[#] regionName: Moscow
315[#] city: Moscow
316[#] zip: 144700
317[#] lat: 55.7558
318[#] lon: 37.6173
319[#] timezone: Europe/Moscow
320[#] isp: LLC "Server v arendy"
321[#] org: Hostkey
322[#] as: AS49335 LLC "Server v arendy"
323[#] query: 141.105.65.111
324--------------------------------------------------
325[x] Didn't Detect WAF Presence on: http://www.islam-iea.com/
326--------------------------------------------------
327[#] Starting Reverse DNS
328[-] Failed ! Fail
329--------------------------------------------------
330[!] Scanning Open Port
331[#] 21/tcp open ftp
332[#] 53/tcp open domain
333[#] 80/tcp open http
334[#] 110/tcp open pop3
335[#] 143/tcp open imap
336[#] 443/tcp open https
337[#] 465/tcp open smtps
338[#] 587/tcp open submission
339[#] 993/tcp open imaps
340[#] 995/tcp open pop3s
341--------------------------------------------------
342[+] Getting SSL Info
343[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)
344--------------------------------------------------
345[+] Collecting Information Disclosure!
346[#] Detecting sitemap.xml file
347[-] sitemap.xml file not Found!?
348[#] Detecting robots.txt file
349[!] robots.txt File Found: http://www.islam-iea.com//robots.txt
350[#] Detecting GNU Mailman
351[!] GNU Mailman App Detected: http://www.islam-iea.com//mailman/admin
352[!] version: 2.1.29
353--------------------------------------------------
354[+] Crawling Url Parameter On: http://www.islam-iea.com/
355--------------------------------------------------
356[#] Searching Html Form !
357[+] Html Form Discovered
358[#] action: http://alemarahislam.com/
359[#] class: None
360[#] id: searchform
361[#] method: get
362--------------------------------------------------
363[!] Found 10 dom parameter
364[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/#respond
365[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/#respond
366[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/#respond
367[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/#respond
368[#] http://www.islam-iea.com//#
369[#] http://www.islam-iea.com//#
370[#] http://www.islam-iea.com//#
371[#] http://www.islam-iea.com//#
372[#] http://www.islam-iea.com//#
373[#] http://www.islam-iea.com//#
374--------------------------------------------------
375[-] No internal Dynamic Parameter Found!?
376--------------------------------------------------
377[!] 1 External Dynamic Parameter Discovered
378[#] http://alemarahislam.com/xmlrpc.php?rsd
379--------------------------------------------------
380[!] 1 Internal links Discovered
381[+] http://islam-iea.com/
382--------------------------------------------------
383[!] 325 External links Discovered
384[#] http://gmpg.org/xfn/11
385[#] http://alemarahislam.com/xmlrpc.php
386[#] http://alemarahislam.com/feed/
387[#] http://alemarahislam.com/comments/feed/
388[#] http://alemarahislam.com/wp-includes/wlwmanifest.xml
389[#] http://alemarahislam.com/wp-content/themes/jarida/rtl.css
390[#] http://islam-iea.net/favicon/
391[#] http://alemarahislam.com/wp-content/themes/jarida/css/ie8.css
392[#] http://alemarahislam.com/feed/
393[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
394[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
395[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
396[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
397[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
398[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
399[#] http://alemarahislam.com/
400[#] http://alemarahislam.com
401[#] http://alemarahislam.com/category/%d8%af%d8%b1%d8%b3-%d8%a7%d9%84%d9%82%d8%b1%d8%a2%d9%86/
402[#] http://alemarahislam.com/category/%d8%af%d8%b1%d8%b3-%d8%a7%d9%84%d8%ad%d8%af%d9%8a%d8%ab/
403[#] http://alemarahislam.com/category/%d8%af%d8%a7%d8%b1-%d8%a7%d9%84%d8%a7%d9%81%d8%aa%d8%a7%d8%a1/
404[#] http://alemarahislam.com/category/%d8%b9%d8%b5%d8%b1%d9%8a-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
405[#] http://alemarahislam.com/category/%d8%b1%d9%88%da%98%d9%87/
406[#] http://alemarahislam.com/category/%d8%ac%d9%80%d9%80%d9%80%d9%80%d9%80%d9%87%d8%a7%d8%af/
407[#] http://alemarahislam.com/category/%d9%86%d8%a8%d9%88%d9%8a-%d8%b3%db%8c%d8%b1%d8%aa/
408[#] http://alemarahislam.com/category/%d8%af-%d8%b5%d8%ad%d8%a7%d8%a8%d9%87-%d8%a4-%d8%b3%db%8c%d8%b1%d8%aa/
409[#] http://alemarahislam.com/category/%d8%af%d9%85%db%90%d8%b1%d9%85%d9%86%d9%88-%d8%a7%d8%b3%d9%84%d8%a7%d9%85/
410[#] http://alemarahislam.com/category/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d8%a7%d8%b3%d9%84%d8%a7%d9%85/
411[#] http://alemarahislam.com/category/%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88-%d8%b3%d8%a7%db%8c%d9%86%d8%b3/
412[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
413[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
414[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
415[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
416[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
417[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
418[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
419[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
420[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
421[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
422[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
423[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
424[#] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
425[#] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
426[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
427[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
428[#] http://alemarahislam.com/category/%d8%af%d8%b1%d8%b3-%d8%a7%d9%84%d9%82%d8%b1%d8%a2%d9%86/
429[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
430[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
431[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/#respond
432[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
433[#] http://alemarahislam.com/2019/12/20/%d8%ac%d9%87%d8%a7%d8%af-%d8%a8%d9%87-%d8%b1%da%9a%d8%aa%d9%88%d9%86%d9%8a-%d9%85%d8%a4%d9%85%d9%86%d8%a7%d9%86-%da%a9%d9%88%d9%8a/
434[#] http://alemarahislam.com/2019/12/20/%d8%ac%d9%87%d8%a7%d8%af-%d8%a8%d9%87-%d8%b1%da%9a%d8%aa%d9%88%d9%86%d9%8a-%d9%85%d8%a4%d9%85%d9%86%d8%a7%d9%86-%da%a9%d9%88%d9%8a/
435[#] http://alemarahislam.com/category/%d8%af%d8%b1%d8%b3-%d8%a7%d9%84%d8%ad%d8%af%d9%8a%d8%ab/
436[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
437[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
438[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/#respond
439[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
440[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
441[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
442[#] http://alemarahislam.com/category/%d8%b9%d8%b5%d8%b1%d9%8a-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
443[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
444[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
445[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/#respond
446[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
447[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
448[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
449[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/#respond
450[#] http://alemarahislam.com/2020/01/10/%d9%be%d9%87-%d8%af%d9%88%da%a9%d8%a7%d9%86-%da%a9%db%90-%d8%af-dummy-%db%8c%d8%a7-%d9%85%d8%ac%d8%b3%d9%85%db%90-%d8%a7%d8%b3%d8%aa%d8%b9%d9%85%d8%a7%d9%84/
451[#] http://alemarahislam.com/2020/01/10/%d9%be%d9%87-%d8%af%d9%88%da%a9%d8%a7%d9%86-%da%a9%db%90-%d8%af-dummy-%db%8c%d8%a7-%d9%85%d8%ac%d8%b3%d9%85%db%90-%d8%a7%d8%b3%d8%aa%d8%b9%d9%85%d8%a7%d9%84/
452[#] http://alemarahislam.com/2020/01/03/%d8%af-housngscheme-%d9%be%d9%87-%d8%b0%d8%b1%db%8c%d8%b9%d9%87-%da%a9%d9%88%d8%b1%d9%88%d9%86%d9%87-%d8%a7%d8%ae%d8%b3%d8%aa%d9%84%d8%9f/
453[#] http://alemarahislam.com/2020/01/03/%d8%af-housngscheme-%d9%be%d9%87-%d8%b0%d8%b1%db%8c%d8%b9%d9%87-%da%a9%d9%88%d8%b1%d9%88%d9%86%d9%87-%d8%a7%d8%ae%d8%b3%d8%aa%d9%84%d8%9f/
454[#] http://alemarahislam.com/2019/12/29/%d8%af%d8%a8%d8%b1%d9%82%d9%8a-%d8%a2%d9%84%d8%a7%d8%aa%d9%88/
455[#] http://alemarahislam.com/2019/12/29/%d8%af%d8%a8%d8%b1%d9%82%d9%8a-%d8%a2%d9%84%d8%a7%d8%aa%d9%88/
456[#] http://alemarahislam.com/category/%d8%a8%db%90%d9%84%d8%a7-%d8%a8%db%90%d9%84%d9%8a-%d9%84%db%8c%da%a9%d9%86%d9%8a/
457[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
458[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
459[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
460[#] http://alemarahislam.com/2019/12/28/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
461[#] http://alemarahislam.com/2019/12/28/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
462[#] http://alemarahislam.com/2019/12/25/%da%a9%d9%84%d9%87-%da%86%db%90-%d9%84%d9%85%d8%b1-%d8%aa%d9%86%d8%af%d8%b1-%d9%88%d9%86%db%8c%d8%b3%d9%8a/
463[#] http://alemarahislam.com/2019/12/25/%da%a9%d9%84%d9%87-%da%86%db%90-%d9%84%d9%85%d8%b1-%d8%aa%d9%86%d8%af%d8%b1-%d9%88%d9%86%db%8c%d8%b3%d9%8a/
464[#] http://alemarahislam.com/2019/12/21/%d8%a7%d8%b2%d9%85%d9%88%d9%8a%d9%86%db%90-%d8%a7%d9%88-%d9%be%d8%a7%d9%8a%d9%84%db%90/
465[#] http://alemarahislam.com/2019/12/21/%d8%a7%d8%b2%d9%85%d9%88%d9%8a%d9%86%db%90-%d8%a7%d9%88-%d9%be%d8%a7%d9%8a%d9%84%db%90/
466[#] http://alemarahislam.com/2019/12/20/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
467[#] http://alemarahislam.com/2019/12/20/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
468[#] http://alemarahislam.com/2019/12/13/%d8%a7%d9%88%d9%8a%d8%b3-%d9%82%d8%b1%d9%86%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%86%db%90-%d8%af-%d9%85%d9%88%d8%b1-%d8%ae%d8%af%d9%85%d8%aa-%da%a9%d9%88%d9%84%d9%88-%d9%88/
469[#] http://alemarahislam.com/2019/12/13/%d8%a7%d9%88%d9%8a%d8%b3-%d9%82%d8%b1%d9%86%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%86%db%90-%d8%af-%d9%85%d9%88%d8%b1-%d8%ae%d8%af%d9%85%d8%aa-%da%a9%d9%88%d9%84%d9%88-%d9%88/
470[#] http://alemarahislam.com/category/%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%d9%85%d9%88-%d8%b1%d8%a7%d9%88%d9%84%db%8c%da%96%d8%a6/
471[#] http://alemarahislam.com/category/%d8%af%d8%b1%d8%b3-%d8%a7%d9%84%d9%82%d8%b1%d8%a2%d9%86/
472[#] http://alemarahislam.com/category/%d8%af%d8%b1%d8%b3-%d8%a7%d9%84%d8%ad%d8%af%d9%8a%d8%ab/
473[#] http://alemarahislam.com/category/%d8%af%d8%a7%d8%b1-%d8%a7%d9%84%d8%a7%d9%81%d8%aa%d8%a7%d8%a1/
474[#] http://alemarahislam.com/category/%d8%b9%d8%b5%d8%b1%d9%8a-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
475[#] http://alemarahislam.com/category/%d8%b1%d9%88%da%98%d9%87/
476[#] http://alemarahislam.com/category/%d8%aa%d8%b1%d8%a7%d9%88%d9%8a%d8%ad/
477[#] http://alemarahislam.com/category/%d8%b1%d9%88%da%98%d9%87/%d8%a7%d9%81%d8%b7%d8%a7%d8%b1-%d8%b1%d9%88%da%98%d9%87-%d9%85%d8%a7%d8%aa/
478[#] http://alemarahislam.com/category/%d8%aa%d8%b3%d8%ad%d8%b1-%d9%be%db%90%d8%b4%d9%84%d9%85%db%8c/
479[#] http://alemarahislam.com/category/%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1/
480[#] http://alemarahislam.com/category/%d8%a7%d8%b9%d8%aa%da%a9%d8%a7%d9%81/
481[#] http://alemarahislam.com/category/%d9%84%db%8c%d9%84%d8%a9-%d8%a7%d9%84%d9%82%d8%af%d8%b1/
482[#] http://alemarahislam.com/category/%d9%84%d9%85%d9%88%d9%86%da%81/
483[#] http://alemarahislam.com/category/%d8%b2%da%a9%d8%a7%d8%aa/
484[#] http://alemarahislam.com/category/%d8%ad%d8%ac/
485[#] http://alemarahislam.com/category/%d8%ac%d9%80%d9%80%d9%80%d9%80%d9%80%d9%87%d8%a7%d8%af/
486[#] http://alemarahislam.com/category/%d9%86%d8%a8%d9%88%d9%8a-%d8%b3%db%8c%d8%b1%d8%aa/
487[#] http://alemarahislam.com/category/%d8%af-%d8%b5%d8%ad%d8%a7%d8%a8%d9%87-%d8%a4-%d8%b3%db%8c%d8%b1%d8%aa/
488[#] http://alemarahislam.com/category/%d8%a8%db%90%d9%84%d8%a7-%d8%a8%db%90%d9%84%d9%8a-%d9%84%db%8c%da%a9%d9%86%d9%8a/
489[#] http://alemarahislam.com/category/%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88-%d8%b3%d8%a7%db%8c%d9%86%d8%b3/
490[#] http://alemara1.org/
491[#] http://www.shahamat-farsi.com/
492[#] http://www.shahamat-arabic.com/
493[#] http://www.shahamat-urdu.com/
494[#] http://alemarahislam.com/2019/12/07/%d8%af%d8%b4%d8%a7%d9%85-%d9%88%d8%a7%d9%84%d9%8a%d8%a7-%d8%a8%d9%86-%d8%ac%d8%b1%d8%a7%d8%ac-%d8%b1%d8%b6%d9%8a-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%d9%8a-%d8%b9%d9%86%d9%87/
495[#] http://alemarahislam.com/2019/12/07/%d8%af%d8%b4%d8%a7%d9%85-%d9%88%d8%a7%d9%84%d9%8a%d8%a7-%d8%a8%d9%86-%d8%ac%d8%b1%d8%a7%d8%ac-%d8%b1%d8%b6%d9%8a-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%d9%8a-%d8%b9%d9%86%d9%87/
496[#] http://alemarahislam.com/2019/09/30/%d8%af%d8%a7%d8%ad%d8%af%d9%84%d9%85%da%93%db%8c-%d8%b4%d9%87%db%8c%d8%af/
497[#] http://alemarahislam.com/2019/09/30/%d8%af%d8%a7%d8%ad%d8%af%d9%84%d9%85%da%93%db%8c-%d8%b4%d9%87%db%8c%d8%af/
498[#] http://alemarahislam.com/2019/09/27/%d8%ad%d8%b6%d8%b1%d8%aa-%d8%ad%d8%b0%db%8c%d9%81%d8%a9-%d8%a7%d9%88%d8%b9%d8%a8%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%b1%d8%b6-%da%86%db%90-%d9%84%d8%a7%d8%a7%d9%88%d8%b3-%d9%87%d9%85-%d8%b1%d9%88/
499[#] http://alemarahislam.com/2019/09/27/%d8%ad%d8%b6%d8%b1%d8%aa-%d8%ad%d8%b0%db%8c%d9%81%d8%a9-%d8%a7%d9%88%d8%b9%d8%a8%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%b1%d8%b6-%da%86%db%90-%d9%84%d8%a7%d8%a7%d9%88%d8%b3-%d9%87%d9%85-%d8%b1%d9%88/
500[#] http://alemarahislam.com/2019/09/19/%d8%af%d8%a7%d8%a8%d9%86-%d8%b9%d9%88%d9%81-%d8%b1%d8%b6%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%b9%d9%86%d9%87-%d8%af%da%98%d9%88%d9%86%d8%af%da%85%d9%88%d8%b9%d8%ac%db%8c/
501[#] http://alemarahislam.com/2019/09/19/%d8%af%d8%a7%d8%a8%d9%86-%d8%b9%d9%88%d9%81-%d8%b1%d8%b6%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%b9%d9%86%d9%87-%d8%af%da%98%d9%88%d9%86%d8%af%da%85%d9%88%d8%b9%d8%ac%db%8c/
502[#] http://alemarahislam.com/2018/12/14/%d9%87%d8%ba%d9%87-%d8%aa%d9%86-%da%86%db%90-%d9%84%d9%87-%d8%b2%d8%b1%d9%88%d8%aa%d9%86%d9%88%d8%a8%d9%87%d8%aa%d8%b1%d8%af%d9%87/
503[#] http://alemarahislam.com/2018/12/14/%d9%87%d8%ba%d9%87-%d8%aa%d9%86-%da%86%db%90-%d9%84%d9%87-%d8%b2%d8%b1%d9%88%d8%aa%d9%86%d9%88%d8%a8%d9%87%d8%aa%d8%b1%d8%af%d9%87/
504[#] http://alemarahislam.com/wp-login.php
505[#] http://alemarahislam.com/feed/
506[#] http://alemarahislam.com/comments/feed/
507[#] https://wordpress.org
508[#] http://alemarahislam.com/2020/01/03/%d8%a2%db%8c%d8%a7-%d8%af%da%9a%da%81%d9%88-%d9%be%da%9a%db%90-%d8%a7%d9%88%d9%84%d8%a7%d8%b3%d9%88%d9%86%d9%87-%d9%be%d9%87-%d8%b3%d8%aa%d8%b1%da%a9%db%90-%d8%af%d8%a7%d8%ae%d9%84-%d8%af%d9%8a%d8%9f/
509[#] http://alemarahislam.com/2020/01/03/%d8%a2%db%8c%d8%a7-%d8%af%da%9a%da%81%d9%88-%d9%be%da%9a%db%90-%d8%a7%d9%88%d9%84%d8%a7%d8%b3%d9%88%d9%86%d9%87-%d9%be%d9%87-%d8%b3%d8%aa%d8%b1%da%a9%db%90-%d8%af%d8%a7%d8%ae%d9%84-%d8%af%d9%8a%d8%9f/
510[#] http://alemarahislam.com/2019/10/08/%d8%ae%d9%88%db%8c%d9%86%d8%af%d9%8a-%d8%af%d9%8a-%d9%88%d9%be%d9%88%d9%87%db%8c%da%96%d9%8a-%da%86%d9%8a-%da%85%d9%88%da%a9-%db%8c%d9%88-%d8%a7%d9%88-%d8%af%da%85%d9%87-%d9%84%d9%be%d8%a7%d8%b1/
511[#] http://alemarahislam.com/2019/10/08/%d8%ae%d9%88%db%8c%d9%86%d8%af%d9%8a-%d8%af%d9%8a-%d9%88%d9%be%d9%88%d9%87%db%8c%da%96%d9%8a-%da%86%d9%8a-%da%85%d9%88%da%a9-%db%8c%d9%88-%d8%a7%d9%88-%d8%af%da%85%d9%87-%d9%84%d9%be%d8%a7%d8%b1/
512[#] http://alemarahislam.com/2019/05/05/%d8%af%da%9a%da%81%d9%88%d8%af%d9%84%d9%85%d8%a7%d9%86%da%81%d9%87-%d8%b7%d8%b1%db%8c%d9%82%d9%87/
513[#] http://alemarahislam.com/2019/05/05/%d8%af%da%9a%da%81%d9%88%d8%af%d9%84%d9%85%d8%a7%d9%86%da%81%d9%87-%d8%b7%d8%b1%db%8c%d9%82%d9%87/
514[#] http://alemarahislam.com/2019/04/22/%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%da%a9%db%90-%d8%af%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%88-%d8%ad%db%8c%d8%ab%db%8c%d8%aa/
515[#] http://alemarahislam.com/2019/04/22/%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%da%a9%db%90-%d8%af%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%88-%d8%ad%db%8c%d8%ab%db%8c%d8%aa/
516[#] http://alemarahislam.com/2019/04/21/%da%9a%da%81%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%da%a9%db%90/
517[#] http://alemarahislam.com/2019/04/21/%da%9a%da%81%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%da%a9%db%90/
518[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
519[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
520[#] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
521[#] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
522[#] http://alemarahislam.com/2020/01/10/%d8%a2%db%8c%d8%a7-%d8%b9%d9%82%db%8c%d9%82%d8%a9-%d9%84%d9%87-%d8%a7%d9%88%d9%85%db%90-%d9%88%d8%b1%da%81%db%90-%d9%88%da%93%d8%a7%d9%86%d8%af%d9%8a-%da%a9%db%8c%d8%af%d9%84%d8%a7%db%8c-%d8%b4%d9%8a/
523[#] http://alemarahislam.com/2020/01/10/%d8%a2%db%8c%d8%a7-%d8%b9%d9%82%db%8c%d9%82%d8%a9-%d9%84%d9%87-%d8%a7%d9%88%d9%85%db%90-%d9%88%d8%b1%da%81%db%90-%d9%88%da%93%d8%a7%d9%86%d8%af%d9%8a-%da%a9%db%8c%d8%af%d9%84%d8%a7%db%8c-%d8%b4%d9%8a/
524[#] http://alemarahislam.com/2020/01/10/%d8%af%d8%a7%d8%b0%d8%a7%d9%86-%d9%be%d9%87-%d8%a7%da%93%d9%87-%db%8c%d9%88%d9%87-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87/
525[#] http://alemarahislam.com/2020/01/10/%d8%af%d8%a7%d8%b0%d8%a7%d9%86-%d9%be%d9%87-%d8%a7%da%93%d9%87-%db%8c%d9%88%d9%87-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87/
526[#] http://alemarahislam.com/2020/01/03/%d8%a7%db%8c%d8%a7-%d8%af%d8%ad%da%a9%d9%88%d9%85%d8%aa-%d8%af%da%a9%d9%88%d9%85-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d9%be%d9%87-%db%8c%d9%88%d9%87-%d8%b4%d8%b9%d8%a8%d9%87-%da%a9%db%90-%da%a9%d8%a7/
527[#] http://alemarahislam.com/2020/01/03/%d8%a7%db%8c%d8%a7-%d8%af%d8%ad%da%a9%d9%88%d9%85%d8%aa-%d8%af%da%a9%d9%88%d9%85-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d9%be%d9%87-%db%8c%d9%88%d9%87-%d8%b4%d8%b9%d8%a8%d9%87-%da%a9%db%90-%da%a9%d8%a7/
528[#] http://alemarahislam.com/2019/12/28/%da%a9%d9%87-%db%8c%d9%88%da%85%d9%88%da%a9-%d9%84%d9%87-%db%8c%d8%b1%d8%ba%d9%84%da%ab%d8%b1%d9%88-%da%85%d8%ae%d9%87-%db%8c%d9%88%d8%b4%db%8c-%d9%88%d8%aa%da%9a%d8%aa%d9%88%d9%8a/
529[#] http://alemarahislam.com/2019/12/28/%da%a9%d9%87-%db%8c%d9%88%da%85%d9%88%da%a9-%d9%84%d9%87-%db%8c%d8%b1%d8%ba%d9%84%da%ab%d8%b1%d9%88-%da%85%d8%ae%d9%87-%db%8c%d9%88%d8%b4%db%8c-%d9%88%d8%aa%da%9a%d8%aa%d9%88%d9%8a/
530[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
531[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
532[#] http://alemarahislam.com/2019/12/28/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
533[#] http://alemarahislam.com/2019/12/28/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
534[#] http://alemarahislam.com/2019/12/25/%da%a9%d9%84%d9%87-%da%86%db%90-%d9%84%d9%85%d8%b1-%d8%aa%d9%86%d8%af%d8%b1-%d9%88%d9%86%db%8c%d8%b3%d9%8a/
535[#] http://alemarahislam.com/2019/12/25/%da%a9%d9%84%d9%87-%da%86%db%90-%d9%84%d9%85%d8%b1-%d8%aa%d9%86%d8%af%d8%b1-%d9%88%d9%86%db%8c%d8%b3%d9%8a/
536[#] http://alemarahislam.com/2019/12/21/%d8%a7%d8%b2%d9%85%d9%88%d9%8a%d9%86%db%90-%d8%a7%d9%88-%d9%be%d8%a7%d9%8a%d9%84%db%90/
537[#] http://alemarahislam.com/2019/12/21/%d8%a7%d8%b2%d9%85%d9%88%d9%8a%d9%86%db%90-%d8%a7%d9%88-%d9%be%d8%a7%d9%8a%d9%84%db%90/
538[#] http://alemarahislam.com/2019/12/20/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
539[#] http://alemarahislam.com/2019/12/20/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
540[#] http://alemarahislam.com/2019/12/13/%d8%a7%d9%88%d9%8a%d8%b3-%d9%82%d8%b1%d9%86%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%86%db%90-%d8%af-%d9%85%d9%88%d8%b1-%d8%ae%d8%af%d9%85%d8%aa-%da%a9%d9%88%d9%84%d9%88-%d9%88/
541[#] http://alemarahislam.com/2019/12/13/%d8%a7%d9%88%d9%8a%d8%b3-%d9%82%d8%b1%d9%86%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%86%db%90-%d8%af-%d9%85%d9%88%d8%b1-%d8%ae%d8%af%d9%85%d8%aa-%da%a9%d9%88%d9%84%d9%88-%d9%88/
542[#] http://alemarahislam.com/2019/12/01/%d8%af-%d8%a7%d9%86%d8%b3%d8%a7%d9%86-%d9%be%d9%87-%da%98%d9%88%d9%86%d8%af-%da%a9%d9%8a-%d8%af-%d9%88%d8%ae%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
543[#] http://alemarahislam.com/2019/12/01/%d8%af-%d8%a7%d9%86%d8%b3%d8%a7%d9%86-%d9%be%d9%87-%da%98%d9%88%d9%86%d8%af-%da%a9%d9%8a-%d8%af-%d9%88%d8%ae%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
544[#] http://alemarahislam.com/2019/11/23/%d8%af%d8%aa%d8%b9%d9%88%d8%b0-%d8%a7%d8%ad%da%a9%d8%a7%d9%85/
545[#] http://alemarahislam.com/2019/11/23/%d8%af%d8%aa%d8%b9%d9%88%d8%b0-%d8%a7%d8%ad%da%a9%d8%a7%d9%85/
546[#] http://alemarahislam.com/2019/11/10/%d8%af%d9%82%d9%84%d9%85-%d9%be%d9%87-%d8%a7%da%93%d9%87-%d9%84%d8%a7%d8%b1%da%9a%d9%88%d9%88%d9%86%d9%8a-%d8%a7%d9%88%d8%a7%d8%af%d8%a7%d8%a8/
547[#] http://alemarahislam.com/2019/11/10/%d8%af%d9%82%d9%84%d9%85-%d9%be%d9%87-%d8%a7%da%93%d9%87-%d9%84%d8%a7%d8%b1%da%9a%d9%88%d9%88%d9%86%d9%8a-%d8%a7%d9%88%d8%a7%d8%af%d8%a7%d8%a8/
548[#] http://alemarahislam.com/2019/10/04/%d8%af%d8%b5%d9%81%d8%b1%d9%8a-%d9%85%db%8c%d8%a7%d8%b4%d8%aa-%d8%a7%d9%88-%d8%b4%d8%b1%d8%b9%d9%8a-%d9%85%d8%b3%d8%a7%db%8c%d9%84-%db%8c%db%90/
549[#] http://alemarahislam.com/2019/10/04/%d8%af%d8%b5%d9%81%d8%b1%d9%8a-%d9%85%db%8c%d8%a7%d8%b4%d8%aa-%d8%a7%d9%88-%d8%b4%d8%b1%d8%b9%d9%8a-%d9%85%d8%b3%d8%a7%db%8c%d9%84-%db%8c%db%90/
550[#] http://alemarahislam.com/2017/01/01/%d8%af-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88-%d8%b3%d9%84%d9%85-%d9%be%d9%87-%d8%ba%d8%b2%d8%a7%da%ab%d8%a7/
551[#] http://alemarahislam.com/2017/01/01/%d8%af-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88-%d8%b3%d9%84%d9%85-%d9%be%d9%87-%d8%ba%d8%b2%d8%a7%da%ab%d8%a7/
552[#] http://alemarahislam.com/2016/10/15/%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88%d8%b3%d9%84%d9%85-%d9%be%d9%87-%d9%85%d8%af%db%8c%d9%86%d9%87-%da%a9%db%90/
553[#] http://alemarahislam.com/2016/01/23/%d8%b3%db%8c%d8%b1%d8%aa-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88%d8%b3%d9%84-20/
554[#] http://alemarahislam.com/2016/01/23/%d8%b3%db%8c%d8%b1%d8%aa-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88%d8%b3%d9%84-20/
555[#] http://alemarahislam.com/2016/01/23/%d8%b3%db%8c%d8%b1%d8%aa-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88%d8%b3%d9%84-19/
556[#] http://alemarahislam.com/2016/01/05/1419/
557[#] http://alemarahislam.com/2016/01/04/1414/
558[#] http://alemarahislam.com/2016/01/03/1412/
559[#] http://alemarahislam.com/2015/12/31/1405/
560[#] http://alemarahislam.com/2015/12/26/1387/
561[#] http://alemarahislam.com/2015/12/26/1385/
562[#] http://alemarahislam.com/2015/12/17/1379/
563[#] http://alemarahislam.com/2015/12/16/%d8%b3%db%8c%d8%b1%d8%aa-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88%d8%b3%d9%84-18/
564[#] http://alemarahislam.com/category/%d8%b9%d9%84%d9%85%d9%8a-%d8%b4%d8%ae%d8%b5%db%8c%d8%a7%d8%aa/
565[#] http://alemarahislam.com/2019/05/16/%d8%af%d9%81%d9%82%d9%87-%d8%ad%d9%86%d9%81%d9%8a-%d8%af-%d8%b3%d8%aa%d8%b1-%d8%a7%d9%88-%d9%85%d8%ad%d9%82%d9%82-%d8%b9%d8%a7%d9%84%d9%85-%d8%a7%d8%a8%d9%86-%da%a9%d9%85%d8%a7%d9%84-%d8%a8/
566[#] http://alemarahislam.com/2019/05/16/%d8%af%d9%81%d9%82%d9%87-%d8%ad%d9%86%d9%81%d9%8a-%d8%af-%d8%b3%d8%aa%d8%b1-%d8%a7%d9%88-%d9%85%d8%ad%d9%82%d9%82-%d8%b9%d8%a7%d9%84%d9%85-%d8%a7%d8%a8%d9%86-%da%a9%d9%85%d8%a7%d9%84-%d8%a8/
567[#] http://alemarahislam.com/2019/05/01/%d8%af%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%db%8c-%d8%b4%d9%8a%d8%ae-%d8%a7%d9%84%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7/
568[#] http://alemarahislam.com/2019/05/01/%d8%af%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%db%8c-%d8%b4%d9%8a%d8%ae-%d8%a7%d9%84%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7/
569[#] http://alemarahislam.com/2019/03/18/%d8%af%d8%b3%d9%81%db%8c%d8%a7%d9%86-%d8%a7%d9%84%d8%ab%d9%88%d8%b1%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%db%8c%d9%88%d9%87-%d9%be%d9%87-%d8%b2%da%93/
570[#] http://alemarahislam.com/2019/03/18/%d8%af%d8%b3%d9%81%db%8c%d8%a7%d9%86-%d8%a7%d9%84%d8%ab%d9%88%d8%b1%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%db%8c%d9%88%d9%87-%d9%be%d9%87-%d8%b2%da%93/
571[#] http://alemarahislam.com/2019/01/23/%d8%a7%d9%85%d8%a7%d9%85-%d8%b9%d9%84%d9%82%d9%85%d9%87-%d8%a8%d9%86-%d9%82%db%8c%d8%b3-%d9%88%d9%81%d8%a7%d8%aa-%db%b6%db%b2%d9%87%d9%80/
572[#] http://alemarahislam.com/2019/01/23/%d8%a7%d9%85%d8%a7%d9%85-%d8%b9%d9%84%d9%82%d9%85%d9%87-%d8%a8%d9%86-%d9%82%db%8c%d8%b3-%d9%88%d9%81%d8%a7%d8%aa-%db%b6%db%b2%d9%87%d9%80/
573[#] http://alemarahislam.com/2018/12/28/%d8%af%d8%a7%d9%85%d8%a7%d9%85-%d9%85%d8%a7%d9%84%da%a9-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af-%d8%aa%d9%87-%da%81%d8%ba%d9%84%d9%86%d8%af%d9%87-%da%a9%d8%aa%d9%86/
574[#] http://alemarahislam.com/2018/12/28/%d8%af%d8%a7%d9%85%d8%a7%d9%85-%d9%85%d8%a7%d9%84%da%a9-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af-%d8%aa%d9%87-%da%81%d8%ba%d9%84%d9%86%d8%af%d9%87-%da%a9%d8%aa%d9%86/
575[#] http://alemarahislam.com/2018/05/28/%d8%af-%d8%b9%d9%84%d9%85-%d9%81%d9%82%d9%87%db%90-%d9%be%d9%87-%d8%aa%d8%a7%d8%b1%db%8c%d8%ae-%da%a9%db%90-%d8%af-%d9%87%d8%af%d8%a7%db%8c%d9%87-%d8%a7%d9%88-%d8%b5%d8%a7%d8%ad%d8%a8-%d8%a7%d9%84/
576[#] http://alemarahislam.com/2018/05/28/%d8%af-%d8%b9%d9%84%d9%85-%d9%81%d9%82%d9%87%db%90-%d9%be%d9%87-%d8%aa%d8%a7%d8%b1%db%8c%d8%ae-%da%a9%db%90-%d8%af-%d9%87%d8%af%d8%a7%db%8c%d9%87-%d8%a7%d9%88-%d8%b5%d8%a7%d8%ad%d8%a8-%d8%a7%d9%84/
577[#] http://alemarahislam.com/2017/11/09/%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%db%8c-%d8%a7%d9%85%d8%a7%d9%85-%d8%a7%d8%a8%d9%86-%d8%ad%d8%a8%d8%a7%d9%86/
578[#] http://alemarahislam.com/2017/11/09/%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%db%8c-%d8%a7%d9%85%d8%a7%d9%85-%d8%a7%d8%a8%d9%86-%d8%ad%d8%a8%d8%a7%d9%86/
579[#] http://alemarahislam.com/2017/10/05/%d8%af%d8%b3%d8%b9%db%8c%d8%af%d8%a8%d9%86-%d9%85%d8%b3%db%8c%d8%a8-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af%d8%aa%d9%87-%d9%84%d9%86%da%89%d9%87-%da%a9%d8%aa/
580[#] http://alemarahislam.com/2017/10/05/%d8%af%d8%b3%d8%b9%db%8c%d8%af%d8%a8%d9%86-%d9%85%d8%b3%db%8c%d8%a8-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af%d8%aa%d9%87-%d9%84%d9%86%da%89%d9%87-%da%a9%d8%aa/
581[#] http://alemarahislam.com/2017/07/08/%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%d9%8a-%d8%b9%d9%84%d8%a7%d9%85%d9%87-%d9%87%d8%b4%d8%a7%d9%85-%d8%a7%d8%a8/
582[#] http://alemarahislam.com/2017/07/08/%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%d9%8a-%d8%b9%d9%84%d8%a7%d9%85%d9%87-%d9%87%d8%b4%d8%a7%d9%85-%d8%a7%d8%a8/
583[#] http://alemarahislam.com/2016/12/25/%d9%86%da%af%d8%a7%d9%87%db%8c-%d8%a8%d9%87-%d8%b2%d9%86%d8%af%da%af%d8%a7%d9%86%db%8c-%d9%85%d9%88%d9%84%d8%a7%d9%86%d8%a7-%d8%b1%d8%b4%db%8c%d8%af%d8%a7%d8%ad%d9%85%d8%af-%da%af%d9%86%da%af%d9%88/
584[#] http://alemarahislam.com/2016/12/25/%d9%86%da%af%d8%a7%d9%87%db%8c-%d8%a8%d9%87-%d8%b2%d9%86%d8%af%da%af%d8%a7%d9%86%db%8c-%d9%85%d9%88%d9%84%d8%a7%d9%86%d8%a7-%d8%b1%d8%b4%db%8c%d8%af%d8%a7%d8%ad%d9%85%d8%af-%da%af%d9%86%da%af%d9%88/
585[#] http://alemarahislam.com/2016/11/20/%d9%85%d9%84%d8%a7-%d8%b9%d9%84%d9%8a-%d9%82%d8%a7%d8%b1%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%85%d9%88%da%a9-%d8%a4/
586[#] http://alemarahislam.com/2016/11/20/%d9%85%d9%84%d8%a7-%d8%b9%d9%84%d9%8a-%d9%82%d8%a7%d8%b1%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%85%d9%88%da%a9-%d8%a4/
587[#] http://alemarahislam.com/2016/08/31/%d8%af%d8%a7%d9%85%d8%a7%d9%85-%d8%aa%d8%b1%d9%85%d8%b0%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af%d8%aa%d9%87-%d9%84%d9%86%da%89%d9%87-%da%a9%d8%aa%d9%86%d9%87/
588[#] http://alemarahislam.com/2016/08/31/%d8%af%d8%a7%d9%85%d8%a7%d9%85-%d8%aa%d8%b1%d9%85%d8%b0%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af%d8%aa%d9%87-%d9%84%d9%86%da%89%d9%87-%da%a9%d8%aa%d9%86%d9%87/
589[#] http://alemarahislam.com/category/%da%81%d8%a7%d9%86%da%ab%da%93%d9%8a-%d9%84%d9%8a%da%a9%d9%86%d9%8a/
590[#] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%db%8c%d9%88%d9%87-%da%81%d8%a7%d9%86%da%ab%da%93%d9%8a-%d9%88%d8%b1%da%81/
591[#] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%db%8c%d9%88%d9%87-%da%81%d8%a7%d9%86%da%ab%da%93%d9%8a-%d9%88%d8%b1%da%81/
592[#] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%db%8c%d9%88%d9%87-%da%81%d8%a7%d9%86%da%ab%da%93%d9%8a-%d9%88%d8%b1%da%81/
593[#] http://alemarahislam.com/2019/07/15/%d9%be%d9%87-%d9%85%d8%b9%d8%a7%d8%b5%d8%b1-%d9%85%d8%b9%d8%a7%d9%85%d9%84%d8%a7%d8%aa%d9%88%da%a9%db%90-%d9%85%d9%87%d9%85%db%90-%d8%a7%d8%af%d8%a7%d8%b1%db%90/
594[#] http://alemarahislam.com/2019/07/15/%d9%be%d9%87-%d9%85%d8%b9%d8%a7%d8%b5%d8%b1-%d9%85%d8%b9%d8%a7%d9%85%d9%84%d8%a7%d8%aa%d9%88%da%a9%db%90-%d9%85%d9%87%d9%85%db%90-%d8%a7%d8%af%d8%a7%d8%b1%db%90/
595[#] http://alemarahislam.com/2019/05/05/%d8%af%d8%b1%d8%a4%db%8c%d8%a9-%d8%a7%d9%84%d9%87%d9%84%d8%a7%d9%84-%d9%be%d9%87-%d9%85%d8%b3%d8%a6%d9%84%d9%87-%db%8c%d9%88%d8%b9%d9%84%d9%85%d9%8a-%d8%aa%d8%ad%d9%82%db%8c%d9%82/
596[#] http://alemarahislam.com/2019/05/05/%d8%af%d8%b1%d8%a4%db%8c%d8%a9-%d8%a7%d9%84%d9%87%d9%84%d8%a7%d9%84-%d9%be%d9%87-%d9%85%d8%b3%d8%a6%d9%84%d9%87-%db%8c%d9%88%d8%b9%d9%84%d9%85%d9%8a-%d8%aa%d8%ad%d9%82%db%8c%d9%82/
597[#] http://alemarahislam.com/2018/05/19/%d8%b4%d9%87%d8%b1%d8%a7%d9%84%d9%82%d8%b1%d8%a2%d9%86/
598[#] http://alemarahislam.com/2018/05/19/%d8%b4%d9%87%d8%b1%d8%a7%d9%84%d9%82%d8%b1%d8%a2%d9%86/
599[#] http://alemarahislam.com/2018/05/16/%d8%af%d9%85%d9%88%d8%b6%d9%88%d8%b9%d9%8a-%d8%a7%d8%ad%d8%a7%d8%af%db%8c%d8%ab%d9%88-%da%81%d9%8a%d9%86%d9%8a-%d8%b9%d9%84%d8%a7%d9%85%d8%a7%d8%aa/
600[#] http://alemarahislam.com/2018/05/16/%d8%af%d9%85%d9%88%d8%b6%d9%88%d8%b9%d9%8a-%d8%a7%d8%ad%d8%a7%d8%af%db%8c%d8%ab%d9%88-%da%81%d9%8a%d9%86%d9%8a-%d8%b9%d9%84%d8%a7%d9%85%d8%a7%d8%aa/
601[#] http://alemarahislam.com/category/%d8%ac%d9%80%d9%80%d9%80%d9%80%d9%80%d9%87%d8%a7%d8%af/
602[#] http://alemarahislam.com/2019/12/06/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%b4%d9%be%da%96%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
603[#] http://alemarahislam.com/2019/12/06/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%b4%d9%be%da%96%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
604[#] http://alemarahislam.com/2019/12/06/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%b4%d9%be%da%96%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
605[#] http://alemarahislam.com/2019/11/12/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d9%be%d9%86%da%81%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
606[#] http://alemarahislam.com/2019/11/12/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d9%be%d9%86%da%81%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
607[#] http://alemarahislam.com/2019/11/08/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%da%85%d9%84%d9%88%d8%b1%d9%85%d9%87-%d8%a8%d8%b1/
608[#] http://alemarahislam.com/2019/11/08/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%da%85%d9%84%d9%88%d8%b1%d9%85%d9%87-%d8%a8%d8%b1/
609[#] http://alemarahislam.com/2019/10/20/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%af%d8%b1%db%90%d9%8a%d9%85%d9%87-%d8%a8%d8%b1/
610[#] http://alemarahislam.com/2019/10/20/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%af%d8%b1%db%90%d9%8a%d9%85%d9%87-%d8%a8%d8%b1/
611[#] http://alemarahislam.com/2019/10/08/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%af%d9%88%d9%87%d9%85%d9%87-%d8%a8%d8%b1/
612[#] http://alemarahislam.com/2019/10/08/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%af%d9%88%d9%87%d9%85%d9%87-%d8%a8%d8%b1/
613[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
614[#] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
615[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
616[#] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
617[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
618[#] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
619[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
620[#] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
621[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
622[#] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
623[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
624[#] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
625[#] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
626[#] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
627[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
628[#] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
629[#] http://alemarahislam.com/2020/01/10/%d8%a2%db%8c%d8%a7-%d8%b9%d9%82%db%8c%d9%82%d8%a9-%d9%84%d9%87-%d8%a7%d9%88%d9%85%db%90-%d9%88%d8%b1%da%81%db%90-%d9%88%da%93%d8%a7%d9%86%d8%af%d9%8a-%da%a9%db%8c%d8%af%d9%84%d8%a7%db%8c-%d8%b4%d9%8a/
630[#] http://alemarahislam.com/2020/01/10/%d8%a2%db%8c%d8%a7-%d8%b9%d9%82%db%8c%d9%82%d8%a9-%d9%84%d9%87-%d8%a7%d9%88%d9%85%db%90-%d9%88%d8%b1%da%81%db%90-%d9%88%da%93%d8%a7%d9%86%d8%af%d9%8a-%da%a9%db%8c%d8%af%d9%84%d8%a7%db%8c-%d8%b4%d9%8a/
631[#] http://alemarahislam.com/2020/01/10/%d9%be%d9%87-%d8%af%d9%88%da%a9%d8%a7%d9%86-%da%a9%db%90-%d8%af-dummy-%db%8c%d8%a7-%d9%85%d8%ac%d8%b3%d9%85%db%90-%d8%a7%d8%b3%d8%aa%d8%b9%d9%85%d8%a7%d9%84/
632[#] http://alemarahislam.com/2020/01/10/%d9%be%d9%87-%d8%af%d9%88%da%a9%d8%a7%d9%86-%da%a9%db%90-%d8%af-dummy-%db%8c%d8%a7-%d9%85%d8%ac%d8%b3%d9%85%db%90-%d8%a7%d8%b3%d8%aa%d8%b9%d9%85%d8%a7%d9%84/
633[#] http://alemarahislam.com/2019/06/01/%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%af%da%9a%d8%a7%d8%b1%d8%b9%d8%a7%d9%85-%d9%86%d8%b1%d8%ae-%d8%a7%d8%b9%d8%aa%d8%a8%d8%a7%d8%b1%d9%84%d8%b1%d9%8a/
634[#] http://alemarahislam.com/2019/06/01/%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%af%da%9a%d8%a7%d8%b1%d8%b9%d8%a7%d9%85-%d9%86%d8%b1%d8%ae-%d8%a7%d8%b9%d8%aa%d8%a8%d8%a7%d8%b1%d9%84%d8%b1%d9%8a/
635[#] http://alemarahislam.com/2019/06/01/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d9%82%d8%af%d8%a7%d8%b1-%d8%a7%d9%88%da%85%d8%b1%d9%86%da%ab%d9%88%d8%a7%d9%84%db%8c/
636[#] http://alemarahislam.com/2019/06/01/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d9%82%d8%af%d8%a7%d8%b1-%d8%a7%d9%88%da%85%d8%b1%d9%86%da%ab%d9%88%d8%a7%d9%84%db%8c/
637[#] http://alemarahislam.com/2019/06/01/%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%a8%d9%87%d8%aa%d8%b1-%d8%af%d8%a7%d8%ac%d9%86%d8%a7%d8%b3%d9%88%d9%82%d9%8a%d9%85%d8%aa-%d8%af%d9%87/
638[#] http://alemarahislam.com/2019/06/01/%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%a8%d9%87%d8%aa%d8%b1-%d8%af%d8%a7%d8%ac%d9%86%d8%a7%d8%b3%d9%88%d9%82%d9%8a%d9%85%d8%aa-%d8%af%d9%87/
639[#] http://alemarahislam.com/2019/06/01/%d8%b4%d9%85%d8%aa%d9%86-%d8%ae%d9%84%da%ab-%d8%a8%d8%a7%d9%8a%d8%af-%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%af%d9%84%d9%88%da%93%d8%b4%d9%8a-%d9%82%d9%8a%d9%85%d8%aa-%d9%88/
640[#] http://alemarahislam.com/2019/06/01/%d8%b4%d9%85%d8%aa%d9%86-%d8%ae%d9%84%da%ab-%d8%a8%d8%a7%d9%8a%d8%af-%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%af%d9%84%d9%88%da%93%d8%b4%d9%8a-%d9%82%d9%8a%d9%85%d8%aa-%d9%88/
641[#] http://alemarahislam.com/2019/05/30/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
642[#] http://alemarahislam.com/2019/05/30/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
643[#] http://alemarahislam.com/2019/05/30/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d8%b3%d8%a7%d8%a6%d9%84-%db%b2/
644[#] http://alemarahislam.com/2019/05/30/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d8%b3%d8%a7%d8%a6%d9%84-%db%b2/
645[#] http://alemarahislam.com/2019/05/29/%d8%af%d9%82%d8%af%d8%b1%d8%b4%d9%be%d9%87-%da%a9%d9%84%d9%87-%d9%88%d9%8a-%d8%9f/
646[#] http://alemarahislam.com/2019/05/29/%d8%af%d9%82%d8%af%d8%b1%d8%b4%d9%be%d9%87-%da%a9%d9%84%d9%87-%d9%88%d9%8a-%d8%9f/
647[#] http://alemarahislam.com/2019/12/08/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d8%af%d9%86%d9%88%d9%85%d9%88%d9%86%d9%88-%da%9a%d9%88%d8%af%d9%84%d9%88-%d9%81%d9%82%d9%87%d9%8a-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
648[#] http://alemarahislam.com/2019/12/08/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d8%af%d9%86%d9%88%d9%85%d9%88%d9%86%d9%88-%da%9a%d9%88%d8%af%d9%84%d9%88-%d9%81%d9%82%d9%87%d9%8a-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
649[#] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%d9%88%d8%b1%da%81-%d8%a7%d9%88%d8%b2%d9%85%d9%88%da%96-%d8%b3%d9%84%d9%81/
650[#] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%d9%88%d8%b1%da%81-%d8%a7%d9%88%d8%b2%d9%85%d9%88%da%96-%d8%b3%d9%84%d9%81/
651[#] http://alemarahislam.com/2019/07/15/%d8%aa%d8%a7%d8%b3%d9%88-%d8%af%d8%a7-%d8%b3%d8%aa%d8%b1%d9%87-%d9%87%d8%b3%d8%aa%db%90-%d9%be%d9%8a%da%98%d9%86%d8%a6-%d8%9f/
652[#] http://alemarahislam.com/2019/07/15/%d8%aa%d8%a7%d8%b3%d9%88-%d8%af%d8%a7-%d8%b3%d8%aa%d8%b1%d9%87-%d9%87%d8%b3%d8%aa%db%90-%d9%be%d9%8a%da%98%d9%86%d8%a6-%d8%9f/
653[#] http://alemarahislam.com/2019/07/09/%da%85%d9%88-%d8%ba%d9%88%d8%b1%d9%87-%d8%a7%d9%88%d8%b9%d8%ac%db%8c%d8%a8%d9%87/
654[#] http://alemarahislam.com/2019/07/09/%da%85%d9%88-%d8%ba%d9%88%d8%b1%d9%87-%d8%a7%d9%88%d8%b9%d8%ac%db%8c%d8%a8%d9%87/
655[#] http://alemarahislam.com/2019/04/17/%d8%af%da%a9%d8%aa%d8%a7%d8%a8%d9%88%d9%86%d9%88-%d8%b3%d8%b1%d9%87-%d8%af%d9%85%d9%88%d9%85%d9%86%d8%a7%d9%86%d9%88-%d9%85%db%8c%d9%86%d9%87-%d8%a7%d9%88%d8%af%da%a9%d8%a7%d9%81%d8%b1%d8%a7%d9%86/
656[#] http://alemarahislam.com/2019/04/17/%d8%af%da%a9%d8%aa%d8%a7%d8%a8%d9%88%d9%86%d9%88-%d8%b3%d8%b1%d9%87-%d8%af%d9%85%d9%88%d9%85%d9%86%d8%a7%d9%86%d9%88-%d9%85%db%8c%d9%86%d9%87-%d8%a7%d9%88%d8%af%da%a9%d8%a7%d9%81%d8%b1%d8%a7%d9%86/
657[#] http://alemarahislam.com/2019/04/12/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d9%be%d9%87-%d9%87%da%a9%d9%84%d9%87-%d8%af%d9%85%d9%88%d8%b1-%d8%a7%d9%88%d9%be%d9%84%d8%a7%d8%b1%da%81%db%8c%d9%86%d9%8a-%d9%87%db%8c%d8%b1/
658[#] http://alemarahislam.com/2019/04/12/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d9%be%d9%87-%d9%87%da%a9%d9%84%d9%87-%d8%af%d9%85%d9%88%d8%b1-%d8%a7%d9%88%d9%be%d9%84%d8%a7%d8%b1%da%81%db%8c%d9%86%d9%8a-%d9%87%db%8c%d8%b1/
659[#] http://alemarahislam.com/category/%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88-%d8%b3%d8%a7%db%8c%d9%86%d8%b3/
660[#] http://alemarahislam.com/2016/10/02/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88-%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%d9%8a-%db%b4/
661[#] http://alemarahislam.com/2016/10/02/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88-%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%d9%8a-%db%b4/
662[#] http://alemarahislam.com/2016/09/26/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b3-%d8%a8%d8%b1%d8%ae%d9%87/
663[#] http://alemarahislam.com/2016/09/26/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b3-%d8%a8%d8%b1%d8%ae%d9%87/
664[#] http://alemarahislam.com/2016/09/20/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
665[#] http://alemarahislam.com/2016/09/20/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
666[#] http://alemarahislam.com/2016/09/18/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b1/
667[#] http://alemarahislam.com/2016/09/18/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b1/
668[#] http://alemarahislam.com/2016/06/23/2067/
669[#] http://alemarahislam.com/2016/06/23/2067/
670[#] http://alemarahislam.com/2016/06/22/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%d9%8a-%db%b1%db%b6-%d8%a8%d8%b1%d8%ae%d9%87/
671[#] http://alemarahislam.com/2016/06/22/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%d9%8a-%db%b1%db%b6-%d8%a8%d8%b1%d8%ae%d9%87/
672[#] http://alemarahislam.com/2016/06/22/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b5-%d8%a8%d8%b1%d8%ae%d9%87/
673[#] http://alemarahislam.com/2016/06/22/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b5-%d8%a8%d8%b1%d8%ae%d9%87/
674[#] http://alemarahislam.com/2016/06/21/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b4-%d8%a8%d8%b1%d8%ae%d9%87/
675[#] http://alemarahislam.com/2016/06/21/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b4-%d8%a8%d8%b1%d8%ae%d9%87/
676[#] http://alemarahislam.com/2016/06/19/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b3-%d8%a8%d8%b1%d8%ae%d9%87/
677[#] http://alemarahislam.com/2016/06/19/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b3-%d8%a8%d8%b1%d8%ae%d9%87/
678[#] http://alemarahislam.com/2016/06/18/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%d8%af%d9%88%d9%88%d9%84%d8%b3%d9%85%d9%87-%d8%a8%d8%b1%d8%ae%d9%87/
679[#] http://alemarahislam.com/2016/06/18/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%d8%af%d9%88%d9%88%d9%84%d8%b3%d9%85%d9%87-%d8%a8%d8%b1%d8%ae%d9%87/
680[#] http://alemarahislam.com/2016/06/17/%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
681[#] http://alemarahislam.com/2016/06/17/%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
682[#] http://alemarahislam.com/2016/06/16/%d8%af%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b0-%d8%a8%d8%b1%d8%ae%d9%87/
683[#] http://alemarahislam.com/2016/06/16/%d8%af%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b0-%d8%a8%d8%b1%d8%ae%d9%87/
684[#] http://alemarahislam.com/category/%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d8%a7%d8%b6%d8%ad%db%8c%d8%a9/
685[#] http://alemarahislam.com/2019/08/11/%d8%af-%d8%b0%d8%a8%d8%ad%d8%ad%d9%84%d8%a7%d9%84%d9%88%d9%84%d9%88-%d8%a7%da%93%d9%88%d9%86%d8%af-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
686[#] http://alemarahislam.com/2019/08/11/%d8%af-%d8%b0%d8%a8%d8%ad%d8%ad%d9%84%d8%a7%d9%84%d9%88%d9%84%d9%88-%d8%a7%da%93%d9%88%d9%86%d8%af-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
687[#] http://alemarahislam.com/2019/08/10/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%be%d9%87-%d9%85%d9%87%d8%a7%d9%84-%d9%85%da%a9%d8%b1%d9%88%d9%87-%d8%a7%d8%b9%d9%85%d8%a7%d9%84/
688[#] http://alemarahislam.com/2019/08/10/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%be%d9%87-%d9%85%d9%87%d8%a7%d9%84-%d9%85%da%a9%d8%b1%d9%88%d9%87-%d8%a7%d8%b9%d9%85%d8%a7%d9%84/
689[#] http://alemarahislam.com/2019/08/09/%da%a9%d9%88%d9%85-%da%85%d9%88%da%a9-%da%86%db%90-%d8%ad%d8%ac-%d8%aa%d9%87-%d8%aa%d9%84%d9%84%db%8c-%d9%88%d9%8a-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%88%d8%b1%d8%a8%d8%a7%d9%86%d8%af%d9%8a/
690[#] http://alemarahislam.com/2019/08/08/%d9%be%d9%87-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%da%a9%db%90-%d9%87%d8%ba%d9%87-%db%b8-%d8%a7%d9%85%d9%88%d8%b1-%da%86%db%90-%d8%af%d9%bc%d9%88%d9%84-%d8%a7%d9%85%d8%aa-%d9%85%d8%b3%d9%84%d9%85/
691[#] http://alemarahislam.com/2019/08/08/%d9%be%d9%87-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%da%a9%db%90-%d9%87%d8%ba%d9%87-%db%b8-%d8%a7%d9%85%d9%88%d8%b1-%da%86%db%90-%d8%af%d9%bc%d9%88%d9%84-%d8%a7%d9%85%d8%aa-%d9%85%d8%b3%d9%84%d9%85/
692[#] http://alemarahislam.com/2019/08/07/%d8%af%d8%a8%d9%84-%da%86%d8%a7-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d8%ad%d9%84%d8%a7%d9%84%d9%88%d9%84%d9%88-%d8%a7%d9%88-%d9%be%d9%87-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%da%a9%db%90-%d8%af%d9%88/
693[#] http://alemarahislam.com/2019/08/07/%d8%af%d8%a8%d9%84-%da%86%d8%a7-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d8%ad%d9%84%d8%a7%d9%84%d9%88%d9%84%d9%88-%d8%a7%d9%88-%d9%be%d9%87-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%da%a9%db%90-%d8%af%d9%88/
694[#] http://alemarahislam.com/2019/08/06/%d9%87%d8%ba%d9%87-%d8%b9%db%8c%d8%a8%d9%88%d9%86%d9%87-%da%86%db%90-%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%85%d8%a7%d9%86%d8%b9-%d8%af%d9%8a/
695[#] http://alemarahislam.com/2019/08/06/%d9%87%d8%ba%d9%87-%d8%b9%db%8c%d8%a8%d9%88%d9%86%d9%87-%da%86%db%90-%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%85%d8%a7%d9%86%d8%b9-%d8%af%d9%8a/
696[#] http://alemarahislam.com/2019/08/06/%d8%af%d8%a7%d8%b6%d8%ad%db%8c%d8%a9-%da%a9%d9%88%d9%86%da%a9%d9%8a-%d9%84%d9%be%d8%a7%d8%b1%d9%87-%d9%85%d8%b3%d8%aa%d8%ad%d8%a8-%d8%a7%d8%b9%d9%85%d8%a7%d9%84/
697[#] http://alemarahislam.com/2019/08/06/%d8%af%d8%a7%d8%b6%d8%ad%db%8c%d8%a9-%da%a9%d9%88%d9%86%da%a9%d9%8a-%d9%84%d9%be%d8%a7%d8%b1%d9%87-%d9%85%d8%b3%d8%aa%d8%ad%d8%a8-%d8%a7%d8%b9%d9%85%d8%a7%d9%84/
698[#] http://alemarahislam.com/2019/08/06/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8d-%da%85%d8%a7%d8%b1%d9%88%db%8c-%d8%a8%d8%a7%db%8c%d8%af-%da%85%d9%88%d9%85%d8%b1%d9%87-%d8%b9%d9%85%d8%b1-%d9%88%d9%84%d8%b1%d9%8a-%d8%9f/
699[#] http://alemarahislam.com/2019/08/06/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8d-%da%85%d8%a7%d8%b1%d9%88%db%8c-%d8%a8%d8%a7%db%8c%d8%af-%da%85%d9%88%d9%85%d8%b1%d9%87-%d8%b9%d9%85%d8%b1-%d9%88%d9%84%d8%b1%d9%8a-%d8%9f/
700[#] http://alemarahislam.com/2019/08/05/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%85%d8%ae%d8%aa%d8%b5%d8%b1-%d8%aa%d8%a7%d8%b1%d9%8a%d8%ae/
701[#] http://alemarahislam.com/2019/08/05/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%85%d8%ae%d8%aa%d8%b5%d8%b1-%d8%aa%d8%a7%d8%b1%d9%8a%d8%ae/
702[#] http://alemarahislam.com/2019/08/05/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8c-%d9%81%d8%b6%db%8c%d9%84%d8%aa-%d8%a3%d9%88-%d9%81%d9%88%d8%a7%d8%a6%d8%af/
703[#] http://alemarahislam.com/2019/08/05/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8c-%d9%81%d8%b6%db%8c%d9%84%d8%aa-%d8%a3%d9%88-%d9%81%d9%88%d8%a7%d8%a6%d8%af/
704[#] http://alemarahislam.com/2019/08/04/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8d-%d9%84%d9%be%d8%a7%d8%b1%d9%87-%d8%af-%d8%b1%d8%a7%d9%86%db%8c%d9%88%d9%84-%d8%b4%d9%88%d9%8a-%d8%ad%db%8c%d9%88%d8%a7%d9%86-%d8%ae%d8%b1%da%85%d9%88%d9%84/
705[#] http://alemarahislam.com/2019/08/04/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8d-%d9%84%d9%be%d8%a7%d8%b1%d9%87-%d8%af-%d8%b1%d8%a7%d9%86%db%8c%d9%88%d9%84-%d8%b4%d9%88%d9%8a-%d8%ad%db%8c%d9%88%d8%a7%d9%86-%d8%ae%d8%b1%da%85%d9%88%d9%84/
706[#] http://alemarahislam.com/2019/07/31/%d8%af-%d8%b0%d9%88%d8%a7%d9%84%d8%ad%d8%ac%d8%a9-%d8%af%d9%84%d9%85%da%93%db%8d-%d9%84%d8%b3%db%8c%d8%b2%d9%8a-%d9%81%d8%b6%d8%a7%d8%a6%d9%84/
707[#] http://alemarahislam.com/2019/07/31/%d8%af-%d8%b0%d9%88%d8%a7%d9%84%d8%ad%d8%ac%d8%a9-%d8%af%d9%84%d9%85%da%93%db%8d-%d9%84%d8%b3%db%8c%d8%b2%d9%8a-%d9%81%d8%b6%d8%a7%d8%a6%d9%84/
708[#] http://alemarahislam.com/feed/
709--------------------------------------------------
710[#] Mapping Subdomain..
711[-] No Any Subdomain Found
712[!] Found 0 Subdomain
713--------------------------------------------------
714[!] Done At 2020-02-07 06:47:42.475098
715###################################################################################################################################
716Trying "islam-iea.com"
717;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37790
718;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 4
719
720;; QUESTION SECTION:
721;islam-iea.com. IN ANY
722
723;; ANSWER SECTION:
724islam-iea.com. 3600 IN SOA ns1.afraid.org. dnsadmin.afraid.org. 1906160001 86400 7200 2419200 3600
725islam-iea.com. 3600 IN A 141.105.65.111
726islam-iea.com. 3600 IN NS ns2.afraid.org.
727islam-iea.com. 3600 IN NS ns3.afraid.org.
728islam-iea.com. 3600 IN NS ns1.afraid.org.
729islam-iea.com. 3600 IN NS ns4.afraid.org.
730
731;; ADDITIONAL SECTION:
732ns4.afraid.org. 5155 IN A 174.128.246.102
733ns3.afraid.org. 5155 IN A 69.197.18.161
734ns1.afraid.org. 5155 IN A 50.23.197.94
735ns1.afraid.org. 5155 IN AAAA 2607:f0d0:1102:d5::2
736
737Received 250 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 99 ms
738###################################################################################################################################
739; <<>> DiG 9.11.14-3-Debian <<>> +trace islam-iea.com any
740;; global options: +cmd
741. 81896 IN NS k.root-servers.net.
742. 81896 IN NS f.root-servers.net.
743. 81896 IN NS h.root-servers.net.
744. 81896 IN NS m.root-servers.net.
745. 81896 IN NS i.root-servers.net.
746. 81896 IN NS l.root-servers.net.
747. 81896 IN NS d.root-servers.net.
748. 81896 IN NS b.root-servers.net.
749. 81896 IN NS j.root-servers.net.
750. 81896 IN NS e.root-servers.net.
751. 81896 IN NS a.root-servers.net.
752. 81896 IN NS g.root-servers.net.
753. 81896 IN NS c.root-servers.net.
754. 81896 IN RRSIG NS 8 0 518400 20200220050000 20200207040000 33853 . RyXMAWX16DVcDHO5NmFT3hLbyih5Pyn6hAORrNRLD5A3Jaoj91ll+3IW R1UPNDw7Y6YaC/H3eETAl4ZiN4ROkhMt8tW3UJW319EE0HU7iATntMq4 6TRnercwnY4nbti+Cu8nU4PzydvjKYKiZ1ZZaK7v0HAFxG6fg/X/HVrO 1kVFDa58xA9NkAp8VkERMVnGQNrGle/B8A2fQJ+2hsAovjF5dVsn2GdV k0YbPQwwnApDPaTt4EsyLj1Kbmg1vW9SywEcb6GRU1qL8Tfnz/A8HE6C hr0cdM+FEWmhdxeOzjCwdORCGl3UewnieJCojyuVCLdsxsUW11HBCp2f m3NVMg==
755;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 598 ms
756
757com. 172800 IN NS a.gtld-servers.net.
758com. 172800 IN NS b.gtld-servers.net.
759com. 172800 IN NS c.gtld-servers.net.
760com. 172800 IN NS d.gtld-servers.net.
761com. 172800 IN NS e.gtld-servers.net.
762com. 172800 IN NS f.gtld-servers.net.
763com. 172800 IN NS g.gtld-servers.net.
764com. 172800 IN NS h.gtld-servers.net.
765com. 172800 IN NS i.gtld-servers.net.
766com. 172800 IN NS j.gtld-servers.net.
767com. 172800 IN NS k.gtld-servers.net.
768com. 172800 IN NS l.gtld-servers.net.
769com. 172800 IN NS m.gtld-servers.net.
770com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
771com. 86400 IN RRSIG DS 8 1 86400 20200220050000 20200207040000 33853 . JR4iqEf7R3PAakTiHl0otqK1cemgXcvKVuTKe6emyJIyLAx5UdovCTuC g5rlcoVmf/dpL9erPIVctRjWeOH9ESho6wI2bNaRum2QRXmRNsW3WeAQ SJ4+Ttb5wO+Zn+NAFObvrJM3NwIL7Yd/sU0h/OJStBjwjG+lg8YEGIn8 c5KM5joomV9/VHMNGB2gzTYzCqEMOzIjXxWL//7ywhPOVuT+RLN5ybH4 m4P7go8HEp39rJo0G9A4E70tufy6w5N1CVQrCCqXJFAGS0OYTMnfSX4M yjYrf2qs0A3b8Mf4d92LZxiepTjQ05VSVHmkxq4E156ZDRNwCBPEkbE0 a/EilQ==
772;; Received 1173 bytes from 2001:500:2d::d#53(d.root-servers.net) in 26 ms
773
774islam-iea.com. 172800 IN NS ns1.afraid.org.
775islam-iea.com. 172800 IN NS ns2.afraid.org.
776CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
777CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200211054933 20200204043933 56311 com. H+HDhOXBkI+NMVaaxXZsw/ERS7W1IhNq9DDr9qAGHf+Ko+gTyRnIWc5v G5BqvPTaFdDXCHbaN17wBd/4U+3wSLBYlYnIhqKoP9XxMYrPCcun+v3Q 7ndm9Kiw0WsKG7faAi/WvOWmSnq6GcQGe2vv4L3575UWFhcf/qFEKv8t dyab7fbMtw7o3rVeH1TBTshIFaIB7sTspPBZny0pmmLrUw==
77822D4G10UPEEOVVLOHMIMC9H5TQPD7M0F.com. 86400 IN NSEC3 1 1 0 - 22D4SVD0JHQKIAIDD204V5GIKCN13TSR NS DS RRSIG
77922D4G10UPEEOVVLOHMIMC9H5TQPD7M0F.com. 86400 IN RRSIG NSEC3 8 2 86400 20200212064544 20200205053544 56311 com. Z9YmXK9yxhf7Hoq69HXzPAgmcHIxAqfZ7iEQI64KUUdP3PVV+G9YGNLM lNjM7x1Fq3G39DTYiy80Z84wujy9elhfN+cBImXRD7G0kPbJSlUcr+O5 sEEx2jZTl/PntgukzNu+YqfYVSPQynqbgNQ+xD2+iXKRfgH/8fK4Nat6 mmougDz5r+7wkvDoEvnwk1xPsZkbT+hgT/F9Om29mwT5DA==
780;; Received 637 bytes from 192.42.93.30#53(g.gtld-servers.net) in 361 ms
781
782;; communications error to 2001:1850:1:5:800::6b#53: connection reset
783###################################################################################################################################
784[*] Performing General Enumeration of Domain: islam-iea.com
785[-] DNSSEC is not configured for islam-iea.com
786[*] SOA ns1.afraid.org 50.23.197.94
787[*] NS ns2.afraid.org 69.65.50.192
788[*] Bind Version for 69.65.50.192 unknown
789[*] NS ns2.afraid.org 2001:1850:1:5:800::6b
790[*] Bind Version for 2001:1850:1:5:800::6b unknown
791[*] NS ns4.afraid.org 174.128.246.102
792[*] Bind Version for 174.128.246.102 unknown
793[*] NS ns4.afraid.org 2610:150:bddb:d271::2
794[*] Bind Version for 2610:150:bddb:d271::2 unknown
795[*] NS ns3.afraid.org 69.197.18.161
796[*] NS ns1.afraid.org 50.23.197.94
797[*] NS ns1.afraid.org 2607:f0d0:1102:d5::2
798[*] Bind Version for 2607:f0d0:1102:d5::2 unknown
799[-] Could not Resolve MX Records for islam-iea.com
800[*] A islam-iea.com 141.105.65.111
801[*] Enumerating SRV Records
802[-] No SRV Records Found for islam-iea.com
803[+] 0 Records Found
804###################################################################################################################################
805 AVAILABLE PLUGINS
806 -----------------
807
808 SessionResumptionPlugin
809 FallbackScsvPlugin
810 SessionRenegotiationPlugin
811 HeartbleedPlugin
812 CertificateInfoPlugin
813 OpenSslCcsInjectionPlugin
814 EarlyDataPlugin
815 HttpHeadersPlugin
816 CompressionPlugin
817 RobotPlugin
818 OpenSslCipherSuitesPlugin
819
820
821
822 CHECKING HOST(S) AVAILABILITY
823 -----------------------------
824
825 141.105.65.111:443 => 141.105.65.111
826
827
828
829
830 SCAN RESULTS FOR 141.105.65.111:443 - 141.105.65.111
831 ----------------------------------------------------
832
833 * OpenSSL CCS Injection:
834 OK - Not vulnerable to OpenSSL CCS injection
835
836 * TLS 1.2 Session Resumption Support:
837 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
838 With TLS Tickets: OK - Supported
839
840 * TLSV1 Cipher Suites:
841 Forward Secrecy OK - Supported
842 RC4 OK - Not Supported
843
844 Preferred:
845 None - Server followed client cipher suite preference.
846 Accepted:
847 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
848 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
849 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
850 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
851 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
852 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
853
854 * TLSV1_1 Cipher Suites:
855 Forward Secrecy OK - Supported
856 RC4 OK - Not Supported
857
858 Preferred:
859 None - Server followed client cipher suite preference.
860 Accepted:
861 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
862 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
863 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
864 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
865 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
866 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
867
868 * Downgrade Attacks:
869 TLS_FALLBACK_SCSV: OK - Supported
870
871 * Session Renegotiation:
872 Client-initiated Renegotiation: OK - Rejected
873 Secure Renegotiation: OK - Supported
874
875 * SSLV3 Cipher Suites:
876 Server rejected all cipher suites.
877
878 * OpenSSL Heartbleed:
879 OK - Not vulnerable to Heartbleed
880
881 * SSLV2 Cipher Suites:
882 Server rejected all cipher suites.
883
884 * Deflate Compression:
885 OK - Compression disabled
886
887 * TLSV1_3 Cipher Suites:
888 Server rejected all cipher suites.
889
890 * Certificate Information:
891 Content
892 SHA1 Fingerprint: da297db69f7ed2172872930fd8d4b2814f3e68a1
893 Common Name: alemaraharabi.com
894 Issuer: cPanel, Inc. Certification Authority
895 Serial Number: 72975383864903095510191449671552265464
896 Not Before: 2019-03-21 00:00:00
897 Not After: 2019-06-19 23:59:59
898 Signature Algorithm: sha256
899 Public Key Algorithm: RSA
900 Key Size: 2048
901 Exponent: 65537 (0x10001)
902 DNS Subject Alternative Names: ['alemaraharabi.com', 'mail.alemaraharabi.com', 'www.alemaraharabi.com']
903
904 Trust
905 Hostname Validation: FAILED - Certificate does NOT match 141.105.65.111
906 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: certificate has expired
907 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: certificate has expired
908 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: certificate has expired
909 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: certificate has expired
910 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: certificate has expired
911 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
912 Received Chain: alemaraharabi.com --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
913 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
914 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
915 Received Chain Order: OK - Order is valid
916 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
917
918 Extensions
919 OCSP Must-Staple: NOT SUPPORTED - Extension not found
920 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
921
922 OCSP Stapling
923 NOT SUPPORTED - Server did not send back an OCSP response
924
925 * ROBOT Attack:
926 OK - Not vulnerable
927
928 * TLSV1_2 Cipher Suites:
929 Forward Secrecy OK - Supported
930 RC4 OK - Not Supported
931
932 Preferred:
933 None - Server followed client cipher suite preference.
934 Accepted:
935 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
936 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
937 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
938 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
939 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
940 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
941 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
942 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
943 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
944 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
945 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
946 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
947 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
948 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
949 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
950 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
951 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
952 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
953
954
955 SCAN COMPLETED IN 51.23 S
956 -------------------------
957###################################################################################################################################
958Domains still to check: 1
959 Checking if the hostname islam-iea.com. given is in fact a domain...
960
961Analyzing domain: islam-iea.com.
962 Checking NameServers using system default resolver...
963 IP: 69.65.50.192 (United States)
964 HostName: ns2.afraid.org Type: NS
965 HostName: ns2.afraid.org Type: PTR
966 IP: 174.128.246.102 (United States)
967 HostName: ns4.afraid.org Type: NS
968 IP: 69.197.18.161 (United States)
969 HostName: ns3.afraid.org Type: NS
970 HostName: ns3.afraid.org Type: PTR
971 IP: 50.23.197.94 (United States)
972 HostName: ns1.afraid.org Type: NS
973 HostName: ns1.afraid.org Type: PTR
974
975 Checking MailServers using system default resolver...
976 WARNING!! There are no MX records for this domain
977
978 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
979^C No zone transfer found on nameserver 69.197.18.161
980^C No zone transfer found on nameserver 50.23.197.94
981
982 No zone transfer found on nameserver 174.128.246.102
983 No zone transfer found on nameserver 69.65.50.192
984
985 Checking SPF record...
986 No SPF record
987
988 Checking 192 most common hostnames using system default resolver...
989 IP: 141.105.65.111 (Russian Federation)
990 HostName: www.islam-iea.com. Type: A
991
992 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
993 Checking netblock 69.197.18.0
994 Checking netblock 50.23.197.0
995 Checking netblock 141.105.65.0
996 Checking netblock 174.128.246.0
997 Checking netblock 69.65.50.0
998
999 Searching for islam-iea.com. emails in Google
1000
1001 Checking 5 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1002 Host 69.197.18.161 is up (reset ttl 64)
1003 Host 50.23.197.94 is up (reset ttl 64)
1004 Host 141.105.65.111 is up (reset ttl 64)
1005 Host 174.128.246.102 is up (reset ttl 64)
1006 Host 69.65.50.192 is up (reset ttl 64)
1007
1008 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1009 Scanning ip 69.197.18.161 (ns3.afraid.org (PTR)):
1010 Scanning ip 50.23.197.94 (ns1.afraid.org (PTR)):
1011 Scanning ip 141.105.65.111 (www.islam-iea.com.):
1012 21/tcp open ftp syn-ack ttl 53 Pure-FTPd
1013 |_ssl-date: 2020-02-07T12:02:53+00:00; -12s from scanner time.
1014 53/tcp open domain syn-ack ttl 54 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1015 | dns-nsid:
1016 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
1017 80/tcp open http syn-ack ttl 52 Apache httpd
1018 | http-methods:
1019 |_ Supported Methods: HEAD GET POST OPTIONS
1020 |_http-server-header: Apache
1021 |_http-title: Site doesn't have a title (text/html).
1022 110/tcp open pop3 syn-ack ttl 54 Dovecot pop3d
1023 |_pop3-capabilities: PIPELINING CAPA RESP-CODES SASL(PLAIN LOGIN) TOP AUTH-RESP-CODE USER UIDL STLS
1024 |_ssl-date: 2020-02-07T12:02:54+00:00; -12s from scanner time.
1025 143/tcp open imap syn-ack ttl 53 Dovecot imapd
1026 |_imap-capabilities: IMAP4rev1 LOGIN-REFERRALS ID IDLE OK post-login AUTH=PLAIN capabilities more ENABLE AUTH=LOGINA0001 listed have STARTTLS LITERAL+ Pre-login SASL-IR NAMESPACE
1027 |_ssl-date: 2020-02-07T12:02:54+00:00; -12s from scanner time.
1028 443/tcp open ssl/http syn-ack ttl 55 Apache httpd
1029 | http-methods:
1030 |_ Supported Methods: HEAD
1031 |_http-server-header: Apache
1032 |_http-title: 400 Bad Request
1033 | ssl-cert: Subject: commonName=alemaraharabi.com
1034 | Subject Alternative Name: DNS:alemaraharabi.com, DNS:mail.alemaraharabi.com, DNS:www.alemaraharabi.com
1035 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1036 | Public Key type: rsa
1037 | Public Key bits: 2048
1038 | Signature Algorithm: sha256WithRSAEncryption
1039 | Not valid before: 2019-03-21T00:00:00
1040 | Not valid after: 2019-06-19T23:59:59
1041 | MD5: 0739 f74d 130e 5431 28d2 b8cd 20d1 918b
1042 |_SHA-1: da29 7db6 9f7e d217 2872 930f d8d4 b281 4f3e 68a1
1043 |_ssl-date: TLS randomness does not represent time
1044 | tls-alpn:
1045 |_ http/1.1
1046 465/tcp open ssl/smtp syn-ack ttl 54 Exim smtpd 4.92
1047 | smtp-commands: server.mylittle.com Hello nmap.scanme.org [160.116.0.163], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1048 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1049 | ssl-cert: Subject: commonName=server.mylittle.com
1050 | Subject Alternative Name: DNS:server.mylittle.com
1051 | Issuer: commonName=server.mylittle.com
1052 | Public Key type: rsa
1053 | Public Key bits: 2048
1054 | Signature Algorithm: sha256WithRSAEncryption
1055 | Not valid before: 2019-11-06T08:03:18
1056 | Not valid after: 2020-11-05T08:03:18
1057 | MD5: 9bb9 0c5d c084 7fa7 fb95 99e1 58de 602e
1058 |_SHA-1: 0164 c428 4f85 0946 bbd6 d463 7dba 4857 6140 9c60
1059 |_ssl-date: 2020-02-07T12:02:53+00:00; -12s from scanner time.
1060 | vulners:
1061 | cpe:/a:exim:exim:4.92:
1062 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1063 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1064 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
1065 | smtp-commands: server.mylittle.com Hello nmap.scanme.org [160.116.0.163], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1066 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1067 |_ssl-date: 2020-02-07T12:03:01+00:00; -12s from scanner time.
1068 | vulners:
1069 | cpe:/a:exim:exim:4.92:
1070 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1071 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1072 993/tcp open ssl/imaps? syn-ack ttl 53
1073 |_ssl-date: 2020-02-07T12:02:54+00:00; -11s from scanner time.
1074 995/tcp open ssl/pop3s? syn-ack ttl 54
1075 |_ssl-date: 2020-02-07T12:02:53+00:00; -12s from scanner time.
1076 OS Info: Service Info: Host: server.mylittle.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1077 |_clock-skew: mean: -12s, deviation: 0s, median: -12s
1078 Scanning ip 174.128.246.102 (ns4.afraid.org):
1079 53/tcp open domain syn-ack ttl 55 (unknown banner: unknown)
1080 | dns-nsid:
1081 |_ bind.version: unknown
1082 | fingerprint-strings:
1083 | DNSVersionBindReqTCP:
1084 | version
1085 | bind
1086 |_ unknown
1087 Scanning ip 69.65.50.192 (ns2.afraid.org (PTR)):
1088 53/tcp open domain syn-ack ttl 51 (unknown banner: unknown)
1089 | dns-nsid:
1090 |_ bind.version: unknown
1091 | fingerprint-strings:
1092 | DNSVersionBindReqTCP:
1093 | version
1094 | bind
1095 |_ unknown
1096 WebCrawling domain's web servers... up to 50 max links.
1097
1098 + URL to crawl: http://www.islam-iea.com.
1099 + Date: 2020-02-07
1100
1101 + Crawling URL: http://www.islam-iea.com.:
1102 + Links:
1103 + Crawling http://www.islam-iea.com. (timed out)
1104 + Searching for directories...
1105 + Searching open folders...
1106
1107
1108 + URL to crawl: https://www.islam-iea.com.
1109 + Date: 2020-02-07
1110
1111 + Crawling URL: https://www.islam-iea.com.:
1112 + Links:
1113 + Crawling https://www.islam-iea.com. (timed out)
1114 + Searching for directories...
1115 + Searching open folders...
1116
1117--Finished--
1118Summary information for domain islam-iea.com.
1119-----------------------------------------
1120
1121 Domain Ips Information:
1122 IP: 69.197.18.161
1123 HostName: ns3.afraid.org Type: NS
1124 HostName: ns3.afraid.org Type: PTR
1125 Country: United States
1126 Is Active: True (reset ttl 64)
1127 IP: 50.23.197.94
1128 HostName: ns1.afraid.org Type: NS
1129 HostName: ns1.afraid.org Type: PTR
1130 Country: United States
1131 Is Active: True (reset ttl 64)
1132 IP: 141.105.65.111
1133 HostName: www.islam-iea.com. Type: A
1134 Country: Russian Federation
1135 Is Active: True (reset ttl 64)
1136 Port: 21/tcp open ftp syn-ack ttl 53 Pure-FTPd
1137 Script Info: |_ssl-date: 2020-02-07T12:02:53+00:00; -12s from scanner time.
1138 Port: 53/tcp open domain syn-ack ttl 54 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1139 Script Info: | dns-nsid:
1140 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
1141 Port: 80/tcp open http syn-ack ttl 52 Apache httpd
1142 Script Info: | http-methods:
1143 Script Info: |_ Supported Methods: HEAD GET POST OPTIONS
1144 Script Info: |_http-server-header: Apache
1145 Script Info: |_http-title: Site doesn't have a title (text/html).
1146 Port: 110/tcp open pop3 syn-ack ttl 54 Dovecot pop3d
1147 Script Info: |_pop3-capabilities: PIPELINING CAPA RESP-CODES SASL(PLAIN LOGIN) TOP AUTH-RESP-CODE USER UIDL STLS
1148 Script Info: |_ssl-date: 2020-02-07T12:02:54+00:00; -12s from scanner time.
1149 Port: 143/tcp open imap syn-ack ttl 53 Dovecot imapd
1150 Script Info: |_imap-capabilities: IMAP4rev1 LOGIN-REFERRALS ID IDLE OK post-login AUTH=PLAIN capabilities more ENABLE AUTH=LOGINA0001 listed have STARTTLS LITERAL+ Pre-login SASL-IR NAMESPACE
1151 Script Info: |_ssl-date: 2020-02-07T12:02:54+00:00; -12s from scanner time.
1152 Port: 443/tcp open ssl/http syn-ack ttl 55 Apache httpd
1153 Script Info: | http-methods:
1154 Script Info: |_ Supported Methods: HEAD
1155 Script Info: |_http-server-header: Apache
1156 Script Info: |_http-title: 400 Bad Request
1157 Script Info: | ssl-cert: Subject: commonName=alemaraharabi.com
1158 Script Info: | Subject Alternative Name: DNS:alemaraharabi.com, DNS:mail.alemaraharabi.com, DNS:www.alemaraharabi.com
1159 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1160 Script Info: | Public Key type: rsa
1161 Script Info: | Public Key bits: 2048
1162 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1163 Script Info: | Not valid before: 2019-03-21T00:00:00
1164 Script Info: | Not valid after: 2019-06-19T23:59:59
1165 Script Info: | MD5: 0739 f74d 130e 5431 28d2 b8cd 20d1 918b
1166 Script Info: |_SHA-1: da29 7db6 9f7e d217 2872 930f d8d4 b281 4f3e 68a1
1167 Script Info: |_ssl-date: TLS randomness does not represent time
1168 Script Info: | tls-alpn:
1169 Script Info: |_ http/1.1
1170 Port: 465/tcp open ssl/smtp syn-ack ttl 54 Exim smtpd 4.92
1171 Script Info: | smtp-commands: server.mylittle.com Hello nmap.scanme.org [160.116.0.163], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1172 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1173 Script Info: | ssl-cert: Subject: commonName=server.mylittle.com
1174 Script Info: | Subject Alternative Name: DNS:server.mylittle.com
1175 Script Info: | Issuer: commonName=server.mylittle.com
1176 Script Info: | Public Key type: rsa
1177 Script Info: | Public Key bits: 2048
1178 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1179 Script Info: | Not valid before: 2019-11-06T08:03:18
1180 Script Info: | Not valid after: 2020-11-05T08:03:18
1181 Script Info: | MD5: 9bb9 0c5d c084 7fa7 fb95 99e1 58de 602e
1182 Script Info: |_SHA-1: 0164 c428 4f85 0946 bbd6 d463 7dba 4857 6140 9c60
1183 Script Info: |_ssl-date: 2020-02-07T12:02:53+00:00; -12s from scanner time.
1184 Script Info: | vulners:
1185 Script Info: | cpe:/a:exim:exim:4.92:
1186 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1187 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1188 Port: 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
1189 Script Info: | smtp-commands: server.mylittle.com Hello nmap.scanme.org [160.116.0.163], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1190 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1191 Script Info: |_ssl-date: 2020-02-07T12:03:01+00:00; -12s from scanner time.
1192 Script Info: | vulners:
1193 Script Info: | cpe:/a:exim:exim:4.92:
1194 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1195 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1196 Port: 993/tcp open ssl/imaps? syn-ack ttl 53
1197 Script Info: |_ssl-date: 2020-02-07T12:02:54+00:00; -11s from scanner time.
1198 Port: 995/tcp open ssl/pop3s? syn-ack ttl 54
1199 Script Info: |_ssl-date: 2020-02-07T12:02:53+00:00; -12s from scanner time.
1200 Os Info: Host: server.mylittle.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1201 Script Info: |_clock-skew: mean: -12s, deviation: 0s, median: -12s
1202 IP: 174.128.246.102
1203 HostName: ns4.afraid.org Type: NS
1204 Country: United States
1205 Is Active: True (reset ttl 64)
1206 Port: 53/tcp open domain syn-ack ttl 55 (unknown banner: unknown)
1207 Script Info: | dns-nsid:
1208 Script Info: |_ bind.version: unknown
1209 Script Info: | fingerprint-strings:
1210 Script Info: | DNSVersionBindReqTCP:
1211 Script Info: | version
1212 Script Info: | bind
1213 Script Info: |_ unknown
1214 IP: 69.65.50.192
1215 HostName: ns2.afraid.org Type: NS
1216 HostName: ns2.afraid.org Type: PTR
1217 Country: United States
1218 Is Active: True (reset ttl 64)
1219 Port: 53/tcp open domain syn-ack ttl 51 (unknown banner: unknown)
1220 Script Info: | dns-nsid:
1221 Script Info: |_ bind.version: unknown
1222 Script Info: | fingerprint-strings:
1223 Script Info: | DNSVersionBindReqTCP:
1224 Script Info: | version
1225 Script Info: | bind
1226 Script Info: |_ unknown
1227
1228--------------End Summary --------------
1229-----------------------------------------
1230###################################################################################################################################
1231----- islam-iea.com -----
1232
1233
1234Host's addresses:
1235__________________
1236
1237islam-iea.com. 1647 IN A 141.105.65.111
1238
1239
1240Name Servers:
1241______________
1242
1243ns4.afraid.org. 85881 IN A 174.128.246.102
1244ns3.afraid.org. 85881 IN A 69.197.18.161
1245ns2.afraid.org. 85881 IN A 69.65.50.192
1246ns1.afraid.org. 85879 IN A 50.23.197.94
1247
1248
1249Mail (MX) Servers:
1250___________________
1251
1252
1253Brute forcing with /usr/share/dnsenum/dns.txt:
1254_______________________________________________
1255
1256www.islam-iea.com. 1434 IN A 141.105.65.111
1257
1258
1259Launching Whois Queries:
1260_________________________
1261
1262 whois ip result: 141.105.65.0 -> 141.105.65.0/24
1263
1264
1265islam-iea.com_____________
1266
1267 141.105.65.0/24
1268
1269###################################################################################################################################
1270Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:36 EST
1271Nmap scan report for 141.105.65.111
1272Host is up (0.20s latency).
1273Not shown: 462 filtered ports, 4 closed ports
1274Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1275PORT STATE SERVICE VERSION
127621/tcp open ftp Pure-FTPd
1277| ssl-cert: Subject: commonName=server.mylittle.com
1278| Subject Alternative Name: DNS:server.mylittle.com
1279| Not valid before: 2019-11-06T08:03:18
1280|_Not valid after: 2020-11-05T08:03:18
1281|_ssl-date: 2020-02-07T12:37:32+00:00; -11s from scanner time.
128253/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1283| dns-nsid:
1284|_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
128580/tcp open http Apache httpd
1286|_http-server-header: Apache
1287|_http-title: Site doesn't have a title (text/html).
1288110/tcp open pop3 Dovecot pop3d
1289|_pop3-capabilities: PIPELINING USER AUTH-RESP-CODE SASL(PLAIN LOGIN) UIDL TOP RESP-CODES STLS CAPA
1290|_ssl-date: 2020-02-07T12:37:32+00:00; -12s from scanner time.
1291143/tcp open imap Dovecot imapd
1292|_imap-capabilities: listed IDLE SASL-IR LOGIN-REFERRALS post-login AUTH=LOGINA0001 Pre-login ID OK more ENABLE IMAP4rev1 have STARTTLS NAMESPACE AUTH=PLAIN LITERAL+ capabilities
1293|_ssl-date: 2020-02-07T12:37:32+00:00; -11s from scanner time.
1294443/tcp open ssl/http Apache httpd
1295|_http-generator: WordPress 5.2.2
1296|_http-server-header: Apache
1297| ssl-cert: Subject: commonName=alemaraharabi.com
1298| Subject Alternative Name: DNS:alemaraharabi.com, DNS:mail.alemaraharabi.com, DNS:www.alemaraharabi.com
1299| Not valid before: 2019-03-21T00:00:00
1300|_Not valid after: 2019-06-19T23:59:59
1301|_ssl-date: TLS randomness does not represent time
1302| tls-alpn:
1303|_ http/1.1
1304465/tcp open ssl/smtp Exim smtpd 4.92
1305|_smtp-commands: Couldn't establish connection on port 465
1306| ssl-cert: Subject: commonName=server.mylittle.com
1307| Subject Alternative Name: DNS:server.mylittle.com
1308| Not valid before: 2019-11-06T08:03:18
1309|_Not valid after: 2020-11-05T08:03:18
1310|_ssl-date: 2020-02-07T12:37:31+00:00; -12s from scanner time.
1311| vulners:
1312| cpe:/a:exim:exim:4.92:
1313| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1314|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1315587/tcp open smtp Exim smtpd 4.92
1316| smtp-commands: server.mylittle.com Hello nmap.scanme.org [104.245.144.141], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1317|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1318| ssl-cert: Subject: commonName=server.mylittle.com
1319| Subject Alternative Name: DNS:server.mylittle.com
1320| Not valid before: 2019-11-06T08:03:18
1321|_Not valid after: 2020-11-05T08:03:18
1322| vulners:
1323| cpe:/a:exim:exim:4.92:
1324| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1325|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1326993/tcp open ssl/imaps?
1327|_ssl-date: 2020-02-07T12:37:32+00:00; -11s from scanner time.
1328995/tcp open ssl/pop3s?
1329|_ssl-date: 2020-02-07T12:37:31+00:00; -12s from scanner time.
1330Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 or 3.10 (93%), Linux 2.6.39 (93%), Linux 3.4 (93%), WatchGuard Fireware 11.8 (93%), Synology DiskStation Manager 5.1 (92%), Linux 3.1 - 3.2 (92%), Linux 3.10 (91%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.32 - 3.0 (89%)
1331No exact OS matches for host (test conditions non-ideal).
1332Network Distance: 16 hops
1333Service Info: Host: server.mylittle.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1334
1335Host script results:
1336|_clock-skew: mean: -11s, deviation: 0s, median: -12s
1337
1338TRACEROUTE (using port 53/tcp)
1339HOP RTT ADDRESS
13401 103.21 ms 10.243.204.1
13412 133.07 ms R43.static.amanah.com (104.245.144.129)
13423 133.11 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
13434 133.13 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
13445 133.11 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
13456 133.15 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
13467 209.26 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
13478 209.29 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
13489 209.31 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
134910 133.23 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
135011 132.19 ms 154.25.9.46
135112 166.39 ms 149.14.68.166
135213 ...
135314 237.29 ms OperSvz-gw.transtelecom.net (188.43.6.65)
135415 237.35 ms 91.218.245.202
135516 206.51 ms 141.105.65.111
1356###################################################################################################################################
1357Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:40 EST
1358Nmap scan report for 141.105.65.111
1359Host is up (0.17s latency).
1360Not shown: 14 filtered ports, 1 closed port
1361Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1362PORT STATE SERVICE VERSION
136353/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
136453/udp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1365| dns-nsid:
1366|_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
136767/udp open|filtered dhcps
136868/udp open|filtered dhcpc
136969/udp open|filtered tftp
137088/udp open|filtered kerberos-sec
1371123/udp open|filtered ntp
1372139/udp open|filtered netbios-ssn
1373161/udp open|filtered snmp
1374162/udp open|filtered snmptrap
1375389/udp open|filtered ldap
1376520/udp open|filtered route
13772049/udp open|filtered nfs
1378Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 2.6.32 (89%), Linux 2.6.32 - 3.1 (89%), Linux 2.6.32 - 3.13 (89%), Linux 2.6.32 or 3.10 (88%), WatchGuard Fireware 11.8 (88%), Synology DiskStation Manager 5.1 (87%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.39 (87%), Linux 3.10 (87%)
1379No exact OS matches for host (test conditions non-ideal).
1380Network Distance: 16 hops
1381Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1382
1383TRACEROUTE (using port 53/tcp)
1384HOP RTT ADDRESS
13851 61.07 ms 10.243.204.1
13862 90.93 ms R43.static.amanah.com (104.245.144.129)
13873 90.95 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
13884 90.97 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
13895 90.97 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
13906 91.00 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
13917 161.30 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
13928 161.32 ms be2183.ccr42.ams03.atlas.cogentco.com (154.54.58.70)
13939 161.35 ms be2814.ccr42.fra03.atlas.cogentco.com (130.117.0.142)
139410 161.35 ms be2846.rcr22.fra06.atlas.cogentco.com (154.54.37.30)
139511 152.00 ms 154.25.9.46
139612 177.60 ms 149.14.68.166
139713 ...
139814 307.99 ms OperSvz-gw.transtelecom.net (188.43.6.65)
139915 247.82 ms 91.218.245.202
140016 217.18 ms 141.105.65.111
1401###################################################################################################################################
1402Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:44 EST
1403Nmap scan report for 141.105.65.111
1404Host is up (0.21s latency).
1405
1406PORT STATE SERVICE VERSION
140721/tcp open ftp Pure-FTPd
1408Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1409Device type: general purpose|firewall|storage-misc|VoIP phone
1410Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
1411OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
1412Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 3.10 (89%), Linux 3.4 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
1413No exact OS matches for host (test conditions non-ideal).
1414Network Distance: 16 hops
1415
1416TRACEROUTE (using port 21/tcp)
1417HOP RTT ADDRESS
14181 101.45 ms 10.243.204.1
14192 135.00 ms R43.static.amanah.com (104.245.144.129)
14203 135.04 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
14214 135.04 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
14225 135.04 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
14236 135.07 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
14247 213.12 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
14258 213.15 ms be2183.ccr42.ams03.atlas.cogentco.com (154.54.58.70)
14269 213.17 ms be2814.ccr42.fra03.atlas.cogentco.com (130.117.0.142)
142710 135.15 ms be2846.rcr22.fra06.atlas.cogentco.com (154.54.37.30)
142811 131.69 ms 154.25.9.46
142912 166.44 ms 149.14.68.166
143013 ...
143114 207.15 ms OperSvz-gw.transtelecom.net (188.43.6.65)
143215 237.49 ms 91.218.245.202
143316 237.46 ms 141.105.65.111
1434###################################################################################################################################
1435Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:55 EST
1436Nmap scan report for 141.105.65.111
1437Host is up.
1438
1439PORT STATE SERVICE VERSION
144053/tcp filtered domain
1441Too many fingerprints match this host to give specific OS details
1442
1443Host script results:
1444| dns-blacklist:
1445| SPAM
1446|_ bl.nszones.com - SPAM
1447|_dns-brute: Can't guess domain of "141.105.65.111"; use dns-brute.domain script argument.
1448
1449TRACEROUTE (using proto 1/icmp)
1450HOP RTT ADDRESS
14511 60.99 ms 10.243.204.1
14522 90.93 ms R43.static.amanah.com (104.245.144.129)
14533 91.01 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
14544 91.04 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
14555 91.01 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
14566 91.07 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
14577 154.63 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
14588 154.68 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
14599 188.88 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
146010 124.96 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
146111 147.60 ms 154.25.9.46
146212 157.94 ms 149.14.68.166
146313 197.49 ms mskn17ra-lo1.transtelecom.net (217.150.55.21)
146414 227.25 ms OperSvz-gw.transtelecom.net (188.43.6.65)
146515 338.19 ms 91.218.245.202
146616 ... 30
1467##################################################################################################################################
1468Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:56 EST
1469Nmap scan report for 141.105.65.111
1470Host is up.
1471
1472PORT STATE SERVICE VERSION
147367/tcp filtered dhcps
147467/udp open|filtered dhcps
1475|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1476Too many fingerprints match this host to give specific OS details
1477
1478TRACEROUTE (using proto 1/icmp)
1479HOP RTT ADDRESS
14801 59.39 ms 10.243.204.1
14812 91.33 ms R43.static.amanah.com (104.245.144.129)
14823 91.40 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
14834 91.43 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
14845 91.41 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
14856 91.47 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
14867 161.36 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
14878 161.42 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
14889 161.45 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
148910 131.43 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
149011 130.25 ms 154.25.9.46
149112 124.07 ms 149.14.68.166
149213 216.79 ms mskn17ra-lo1.transtelecom.net (217.150.55.21)
149314 202.51 ms OperSvz-gw.transtelecom.net (188.43.6.65)
149415 287.57 ms 91.218.245.202
149516 ... 30
1496###################################################################################################################################
1497Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:58 EST
1498Nmap scan report for 141.105.65.111
1499Host is up.
1500
1501PORT STATE SERVICE VERSION
150268/tcp filtered dhcpc
150368/udp open|filtered dhcpc
1504Too many fingerprints match this host to give specific OS details
1505
1506TRACEROUTE (using proto 1/icmp)
1507HOP RTT ADDRESS
15081 103.51 ms 10.243.204.1
15092 133.25 ms R43.static.amanah.com (104.245.144.129)
15103 133.29 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
15114 133.31 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
15125 133.29 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
15136 133.33 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
15147 180.83 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
15158 211.37 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
15169 211.40 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
151710 133.39 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
151811 130.04 ms 154.25.9.46
151912 164.21 ms 149.14.68.166
152013 203.96 ms mskn17ra-lo1.transtelecom.net (217.150.55.21)
152114 233.41 ms OperSvz-gw.transtelecom.net (188.43.6.65)
152215 233.38 ms 91.218.245.202
152316 ... 30
1524###################################################################################################################################
1525Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:59 EST
1526Nmap scan report for 141.105.65.111
1527Host is up.
1528
1529PORT STATE SERVICE VERSION
153069/tcp filtered tftp
153169/udp open|filtered tftp
1532Too many fingerprints match this host to give specific OS details
1533
1534TRACEROUTE (using proto 1/icmp)
1535HOP RTT ADDRESS
15361 102.98 ms 10.243.204.1
15372 132.91 ms R43.static.amanah.com (104.245.144.129)
15383 132.94 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
15394 132.96 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
15405 132.94 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
15416 132.97 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
15427 208.81 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
15438 208.83 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
15449 208.85 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
154510 133.04 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
154611 128.15 ms 154.25.9.46
154712 169.77 ms 149.14.68.166
154813 209.38 ms mskn17ra-lo1.transtelecom.net (217.150.55.21)
154914 239.21 ms OperSvz-gw.transtelecom.net (188.43.6.65)
155015 239.23 ms 91.218.245.202
155116 ... 30
1552###################################################################################################################################
1553Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 08:05 EST
1554Nmap scan report for 141.105.65.111
1555Host is up.
1556
1557PORT STATE SERVICE VERSION
1558110/tcp filtered pop3
1559Too many fingerprints match this host to give specific OS details
1560
1561TRACEROUTE (using proto 1/icmp)
1562HOP RTT ADDRESS
15631 102.05 ms 10.243.204.1
15642 131.63 ms R43.static.amanah.com (104.245.144.129)
15653 131.66 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
15664 131.67 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
15675 131.65 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
15686 131.69 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
15697 201.45 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
15708 201.48 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
15719 201.49 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
157210 131.73 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
157311 125.33 ms 154.25.9.46
157412 169.39 ms 149.14.68.166
157513 168.86 ms mskn17ra-lo1.transtelecom.net (217.150.55.21)
157614 209.55 ms OperSvz-gw.transtelecom.net (188.43.6.65)
157715 243.95 ms 91.218.245.202
157816 ... 30
1579###################################################################################################################################
1580Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 08:05 EST
1581Nmap scan report for 141.105.65.111
1582Host is up.
1583
1584PORT STATE SERVICE VERSION
1585123/tcp filtered ntp
1586123/udp open|filtered ntp
1587Too many fingerprints match this host to give specific OS details
1588
1589TRACEROUTE (using proto 1/icmp)
1590HOP RTT ADDRESS
15911 62.64 ms 10.243.204.1
15922 92.56 ms R43.static.amanah.com (104.245.144.129)
15933 92.61 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
15944 92.64 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
15955 92.67 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
15966 92.70 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
15977 164.89 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
15988 164.92 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
15999 164.95 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
160010 164.93 ms be2845.rcr22.fra06.atlas.cogentco.com (154.54.56.190)
160111 124.13 ms 154.25.9.46
160212 165.88 ms 149.14.68.166
160313 ...
160414 206.74 ms OperSvz-gw.transtelecom.net (188.43.6.65)
160515 413.38 ms 91.218.245.202
160616 ... 30
1607###################################################################################################################################
1608Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 08:13 EST
1609Nmap scan report for 141.105.65.111
1610Host is up (0.055s latency).
1611Not shown: 65532 filtered ports
1612PORT STATE SERVICE VERSION
161325/tcp closed smtp
1614139/tcp closed netbios-ssn
1615445/tcp closed microsoft-ds
1616Device type: firewall|general purpose|media device
1617Running: HID embedded, Linux 2.6.X, Infomir embedded, OpenBSD 4.X, Sun Solaris 10
1618OS CPE: cpe:/h:hid:edgeplus_solo_es400 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/o:openbsd:openbsd:4.0 cpe:/o:sun:sunos:5.10
1619Too many fingerprints match this host to give specific OS details
1620Network Distance: 2 hops
1621
1622TRACEROUTE (using port 445/tcp)
1623HOP RTT ADDRESS
16241 66.27 ms 10.243.204.1
16252 66.27 ms 141.105.65.111
1626###################################################################################################################################
1627Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 08:14 EST
1628Nmap scan report for 141.105.65.111
1629Host is up (0.10s latency).
1630
1631PORT STATE SERVICE VERSION
163253/tcp filtered domain
163367/tcp filtered dhcps
163468/tcp filtered dhcpc
163569/tcp filtered tftp
163688/tcp filtered kerberos-sec
1637123/tcp filtered ntp
1638137/tcp filtered netbios-ns
1639138/tcp filtered netbios-dgm
1640139/tcp closed netbios-ssn
1641161/tcp filtered snmp
1642162/tcp filtered snmptrap
1643389/tcp filtered ldap
1644520/tcp filtered efs
16452049/tcp filtered nfs
164653/udp open|filtered domain
164767/udp open|filtered dhcps
164868/udp open|filtered dhcpc
164969/udp open|filtered tftp
165088/udp open|filtered kerberos-sec
1651123/udp open|filtered ntp
1652137/udp filtered netbios-ns
1653138/udp filtered netbios-dgm
1654139/udp open|filtered netbios-ssn
1655161/udp open|filtered snmp
1656162/udp open|filtered snmptrap
1657389/udp open|filtered ldap
1658520/udp open|filtered route
16592049/udp open|filtered nfs
1660Too many fingerprints match this host to give specific OS details
1661Network Distance: 2 hops
1662
1663TRACEROUTE (using port 139/tcp)
1664HOP RTT ADDRESS
16651 122.12 ms 10.243.204.1
16662 122.11 ms 141.105.65.111
1667###################################################################################################################################
1668Hosts
1669=====
1670
1671address mac name os_name os_flavor os_sp purpose info comments
1672------- --- ---- ------- --------- ----- ------- ---- --------
167323.201.103.9 a23-201-103-9.deploy.static.akamaitechnologies.com embedded 6.X device
167434.66.191.217 217.191.66.34.bc.googleusercontent.com Linux 2.4.X server
167545.60.80.235 Linux 3.X server
167652.198.183.13 ec2-52-198-183-13.ap-northeast-1.compute.amazonaws.co embedded device
167754.73.84.17 ec2-54-73-84-17.eu-west-1.compute.amazonaws.com Unknown device
167872.47.224.85 agaacqmame.c03.gridserver.com embedded device
167980.82.79.116 no-reverse-dns-configured.com Linux 7.0 server
168080.209.242.81 muhajeer.com Linux 3.X server
168182.221.139.217 Unknown device
168284.235.91.252 84-235-91-252.saudi.net.sa Unknown device
168387.247.240.207 crayford.servers.prgn.misp.co.uk Android 5.X device
168489.248.172.200 89-248-172-200.constellationservers.net Linux 8.0 server
168593.89.20.20 Unknown device
168693.95.228.158 Linux 18.04 server
168793.113.37.250 adsla250.ch-clienti.ro Linux 2.6.X server
168893.174.93.84 Linux 3.X server
168993.191.156.197 Unknown device
169094.102.51.33 full-dark.net Linux 2.6.X server
1691104.154.60.12 12.60.154.104.bc.googleusercontent.com Linux 2.6.X server
1692104.218.232.66 Linux 3.X server
1693107.154.130.27 107.154.130.27.ip.incapdns.net Linux 3.X server
1694107.154.248.27 107.154.248.27.ip.incapdns.net Linux 3.X server
1695141.105.65.111 Linux 2.6.X server
1696147.237.0.206 embedded device
1697150.95.250.133 embedded device
1698151.139.243.11 Linux 4.X server
1699154.73.84.17 Unknown device
1700157.7.107.254 157-7-107-254.virt.lolipop.jp embedded device
1701159.89.0.72 Linux 16.04 server
1702160.153.72.166 ip-160-153-72-166.ip.secureserver.net Linux 3.X server
1703163.247.52.17 www.mtt.cl Linux 2.6.X server
1704163.247.96.10 Linux 2.6.X server
1705170.246.172.178 host-170-246-172-178.anacondaweb.com Linux 2.6.X server
1706180.222.81.193 bvdeuy193.secure.ne.jp Linux 2.6.X server
1707184.72.111.210 ec2-184-72-111-210.compute-1.amazonaws.com Linux 2.6.X server
1708185.2.4.98 lhcp1098.webapps.net embedded device
1709185.68.93.22 verbatim1981.example.com Unknown device
1710185.119.173.237 Linux 2.6.X server
1711186.67.91.110 ipj10-110.poderjudicial.cl Linux 2.6.X server
1712192.0.78.12 Linux 2.4.X server
1713192.0.78.13 Linux 2.6.X server
1714194.18.73.2 www.sakerhetspolisen.se Linux 2.6.X server
1715194.39.164.140 194.39.164.140.srvlist.ukfast.net Linux 3.X server
1716200.14.67.43 senado.cl Linux 2.6.X server
1717200.14.67.65 Linux 2.6.X server
1718200.35.157.77 srv77.talcaguia.cl Unknown device
1719201.131.38.40 Linux 2.6.X server
1720201.238.246.43 Unknown device
1721202.214.194.138 Linux 2.6.X server
1722202.238.130.103 Linux 2.6.X server
1723203.137.110.66 Unknown device
1724203.183.218.244 Unknown device
1725209.59.165.178 rabbit.ceilingsky.com Linux 2.6.X server
1726210.149.141.34 Unknown device
1727210.152.243.182 Unknown device
1728210.160.220.105 h105.sk3.estore.co.jp embedded device
1729210.160.220.113 h113.sk3.estore.co.jp embedded device
1730210.226.36.2 210-226-36-2.df.nttcomcloud.com Linux 2.6.X server
1731217.160.131.142 s18161039.onlinehome-server.info Linux 2.6.X server
1732###################################################################################################################################
1733Services
1734========
1735
1736host port proto name state info
1737---- ---- ----- ---- ----- ----
173823.201.103.9 25 tcp smtp closed
173923.201.103.9 53 tcp domain filtered
174023.201.103.9 53 udp domain unknown
174123.201.103.9 67 tcp dhcps filtered
174223.201.103.9 67 udp dhcps unknown
174323.201.103.9 68 tcp dhcpc filtered
174423.201.103.9 68 udp dhcpc unknown
174523.201.103.9 69 tcp tftp filtered
174623.201.103.9 69 udp tftp unknown
174723.201.103.9 80 tcp http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
174823.201.103.9 88 tcp kerberos-sec filtered
174923.201.103.9 88 udp kerberos-sec unknown
175023.201.103.9 123 tcp ntp filtered
175123.201.103.9 123 udp ntp unknown
175223.201.103.9 137 tcp netbios-ns filtered
175323.201.103.9 137 udp netbios-ns filtered
175423.201.103.9 138 tcp netbios-dgm filtered
175523.201.103.9 138 udp netbios-dgm filtered
175623.201.103.9 139 tcp netbios-ssn closed
175723.201.103.9 139 udp netbios-ssn unknown
175823.201.103.9 161 tcp snmp filtered
175923.201.103.9 161 udp snmp unknown
176023.201.103.9 162 tcp snmptrap filtered
176123.201.103.9 162 udp snmptrap unknown
176223.201.103.9 389 tcp ldap filtered
176323.201.103.9 389 udp ldap unknown
176423.201.103.9 443 tcp ssl/http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
176523.201.103.9 445 tcp microsoft-ds closed
176623.201.103.9 520 tcp efs filtered
176723.201.103.9 520 udp route unknown
176823.201.103.9 2049 tcp nfs filtered
176923.201.103.9 2049 udp nfs unknown
177023.201.103.9 8883 tcp secure-mqtt open
177134.66.191.217 25 tcp smtp closed
177234.66.191.217 53 tcp domain filtered
177334.66.191.217 53 udp domain unknown
177434.66.191.217 67 tcp dhcps filtered
177534.66.191.217 67 udp dhcps unknown
177634.66.191.217 68 tcp dhcpc filtered
177734.66.191.217 68 udp dhcpc unknown
177834.66.191.217 69 tcp tftp filtered
177934.66.191.217 69 udp tftp unknown
178034.66.191.217 80 tcp http open nginx
178134.66.191.217 88 tcp kerberos-sec filtered
178234.66.191.217 88 udp kerberos-sec unknown
178334.66.191.217 123 tcp ntp filtered
178434.66.191.217 123 udp ntp unknown
178534.66.191.217 137 tcp netbios-ns filtered
178634.66.191.217 137 udp netbios-ns filtered
178734.66.191.217 138 tcp netbios-dgm filtered
178834.66.191.217 138 udp netbios-dgm filtered
178934.66.191.217 139 tcp netbios-ssn closed
179034.66.191.217 139 udp netbios-ssn unknown
179134.66.191.217 161 tcp snmp filtered
179234.66.191.217 161 udp snmp unknown
179334.66.191.217 162 tcp snmptrap filtered
179434.66.191.217 162 udp snmptrap unknown
179534.66.191.217 389 tcp ldap filtered
179634.66.191.217 389 udp ldap unknown
179734.66.191.217 443 tcp ssl/http open nginx
179834.66.191.217 445 tcp microsoft-ds closed
179934.66.191.217 520 tcp efs filtered
180034.66.191.217 520 udp route unknown
180134.66.191.217 2049 tcp nfs filtered
180234.66.191.217 2049 udp nfs unknown
180334.66.191.217 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
180445.60.80.235 53 tcp domain open
180545.60.80.235 53 udp domain open
180645.60.80.235 67 udp dhcps unknown
180745.60.80.235 68 udp dhcpc unknown
180845.60.80.235 69 udp tftp unknown
180945.60.80.235 80 tcp http open Incapsula CDN httpd
181045.60.80.235 81 tcp http open Incapsula CDN httpd
181145.60.80.235 85 tcp http open Incapsula CDN httpd
181245.60.80.235 88 tcp http open Incapsula CDN httpd
181345.60.80.235 88 udp kerberos-sec unknown
181445.60.80.235 123 udp ntp unknown
181545.60.80.235 139 udp netbios-ssn unknown
181645.60.80.235 161 udp snmp unknown
181745.60.80.235 162 udp snmptrap unknown
181845.60.80.235 389 tcp ssl/http open Incapsula CDN httpd
181945.60.80.235 389 udp ldap unknown
182045.60.80.235 443 tcp ssl/http open Incapsula CDN httpd
182145.60.80.235 444 tcp ssl/http open Incapsula CDN httpd
182245.60.80.235 446 tcp http open Incapsula CDN httpd
182345.60.80.235 520 udp route unknown
182445.60.80.235 587 tcp http open Incapsula CDN httpd
182545.60.80.235 631 tcp http open Incapsula CDN httpd
182645.60.80.235 888 tcp http open Incapsula CDN httpd
182745.60.80.235 995 tcp ssl/http open Incapsula CDN httpd
182845.60.80.235 998 tcp ssl/http open Incapsula CDN httpd
182945.60.80.235 999 tcp http open Incapsula CDN httpd
183045.60.80.235 1000 tcp http open Incapsula CDN httpd
183145.60.80.235 1024 tcp http open Incapsula CDN httpd
183245.60.80.235 1103 tcp http open Incapsula CDN httpd
183345.60.80.235 1234 tcp http open Incapsula CDN httpd
183445.60.80.235 1433 tcp http open Incapsula CDN httpd
183545.60.80.235 1494 tcp http open Incapsula CDN httpd
183645.60.80.235 2000 tcp ssl/http open Incapsula CDN httpd
183745.60.80.235 2001 tcp http open Incapsula CDN httpd
183845.60.80.235 2049 tcp http open Incapsula CDN httpd
183945.60.80.235 2049 udp nfs unknown
184045.60.80.235 2067 tcp http open Incapsula CDN httpd
184145.60.80.235 2100 tcp ssl/http open Incapsula CDN httpd
184245.60.80.235 2222 tcp http open Incapsula CDN httpd
184345.60.80.235 2598 tcp http open Incapsula CDN httpd
184445.60.80.235 3000 tcp http open Incapsula CDN httpd
184545.60.80.235 3050 tcp http open Incapsula CDN httpd
184645.60.80.235 3057 tcp http open Incapsula CDN httpd
184745.60.80.235 3299 tcp http open Incapsula CDN httpd
184845.60.80.235 3306 tcp ssl/http open Incapsula CDN httpd
184945.60.80.235 3333 tcp http open Incapsula CDN httpd
185045.60.80.235 3389 tcp ssl/http open Incapsula CDN httpd
185145.60.80.235 3500 tcp http open Incapsula CDN httpd
185245.60.80.235 3790 tcp http open Incapsula CDN httpd
185345.60.80.235 4000 tcp http open Incapsula CDN httpd
185445.60.80.235 4444 tcp ssl/http open Incapsula CDN httpd
185545.60.80.235 4445 tcp ssl/http open Incapsula CDN httpd
185645.60.80.235 5000 tcp http open Incapsula CDN httpd
185745.60.80.235 5009 tcp http open Incapsula CDN httpd
185845.60.80.235 5060 tcp ssl/http open Incapsula CDN httpd
185945.60.80.235 5061 tcp ssl/http open Incapsula CDN httpd
186045.60.80.235 5227 tcp ssl/http open Incapsula CDN httpd
186145.60.80.235 5247 tcp ssl/http open Incapsula CDN httpd
186245.60.80.235 5250 tcp ssl/http open Incapsula CDN httpd
186345.60.80.235 5555 tcp http open Incapsula CDN httpd
186445.60.80.235 5900 tcp http open Incapsula CDN httpd
186545.60.80.235 5901 tcp ssl/http open Incapsula CDN httpd
186645.60.80.235 5902 tcp ssl/http open Incapsula CDN httpd
186745.60.80.235 5903 tcp ssl/http open Incapsula CDN httpd
186845.60.80.235 5904 tcp ssl/http open Incapsula CDN httpd
186945.60.80.235 5905 tcp ssl/http open Incapsula CDN httpd
187045.60.80.235 5906 tcp ssl/http open Incapsula CDN httpd
187145.60.80.235 5907 tcp ssl/http open Incapsula CDN httpd
187245.60.80.235 5908 tcp ssl/http open Incapsula CDN httpd
187345.60.80.235 5909 tcp ssl/http open Incapsula CDN httpd
187445.60.80.235 5910 tcp ssl/http open Incapsula CDN httpd
187545.60.80.235 5920 tcp ssl/http open Incapsula CDN httpd
187645.60.80.235 5984 tcp ssl/http open Incapsula CDN httpd
187745.60.80.235 5985 tcp http open Incapsula CDN httpd
187845.60.80.235 5986 tcp ssl/http open Incapsula CDN httpd
187945.60.80.235 5999 tcp ssl/http open Incapsula CDN httpd
188045.60.80.235 6000 tcp http open Incapsula CDN httpd
188145.60.80.235 6060 tcp http open Incapsula CDN httpd
188245.60.80.235 6161 tcp http open Incapsula CDN httpd
188345.60.80.235 6379 tcp http open Incapsula CDN httpd
188445.60.80.235 6661 tcp ssl/http open Incapsula CDN httpd
188545.60.80.235 6789 tcp http open Incapsula CDN httpd
188645.60.80.235 7001 tcp http open Incapsula CDN httpd
188745.60.80.235 7021 tcp http open Incapsula CDN httpd
188845.60.80.235 7071 tcp ssl/http open Incapsula CDN httpd
188945.60.80.235 7080 tcp http open Incapsula CDN httpd
189045.60.80.235 7272 tcp ssl/http open Incapsula CDN httpd
189145.60.80.235 7443 tcp ssl/http open Incapsula CDN httpd
189245.60.80.235 7700 tcp http open Incapsula CDN httpd
189345.60.80.235 7777 tcp http open Incapsula CDN httpd
189445.60.80.235 7778 tcp http open Incapsula CDN httpd
189545.60.80.235 8000 tcp http open Incapsula CDN httpd
189645.60.80.235 8001 tcp http open Incapsula CDN httpd
189745.60.80.235 8008 tcp http open Incapsula CDN httpd
189845.60.80.235 8014 tcp http open Incapsula CDN httpd
189945.60.80.235 8020 tcp http open Incapsula CDN httpd
190045.60.80.235 8023 tcp http open Incapsula CDN httpd
190145.60.80.235 8028 tcp http open Incapsula CDN httpd
190245.60.80.235 8030 tcp http open Incapsula CDN httpd
190345.60.80.235 8050 tcp http open Incapsula CDN httpd
190445.60.80.235 8051 tcp http open Incapsula CDN httpd
190545.60.80.235 8080 tcp http open Incapsula CDN httpd
190645.60.80.235 8081 tcp http open Incapsula CDN httpd
190745.60.80.235 8082 tcp http open Incapsula CDN httpd
190845.60.80.235 8085 tcp http open Incapsula CDN httpd
190945.60.80.235 8086 tcp http open Incapsula CDN httpd
191045.60.80.235 8087 tcp http open Incapsula CDN httpd
191145.60.80.235 8088 tcp http open Incapsula CDN httpd
191245.60.80.235 8090 tcp http open Incapsula CDN httpd
191345.60.80.235 8091 tcp http open Incapsula CDN httpd
191445.60.80.235 8095 tcp http open Incapsula CDN httpd
191545.60.80.235 8101 tcp http open Incapsula CDN httpd
191645.60.80.235 8161 tcp http open Incapsula CDN httpd
191745.60.80.235 8180 tcp http open Incapsula CDN httpd
191845.60.80.235 8222 tcp http open Incapsula CDN httpd
191945.60.80.235 8333 tcp http open Incapsula CDN httpd
192045.60.80.235 8443 tcp ssl/http open Incapsula CDN httpd
192145.60.80.235 8444 tcp http open Incapsula CDN httpd
192245.60.80.235 8445 tcp http open Incapsula CDN httpd
192345.60.80.235 8503 tcp ssl/http open Incapsula CDN httpd
192445.60.80.235 8686 tcp http open Incapsula CDN httpd
192545.60.80.235 8787 tcp http open Incapsula CDN httpd
192645.60.80.235 8800 tcp http open Incapsula CDN httpd
192745.60.80.235 8812 tcp http open Incapsula CDN httpd
192845.60.80.235 8834 tcp http open Incapsula CDN httpd
192945.60.80.235 8880 tcp http open Incapsula CDN httpd
193045.60.80.235 8888 tcp http open Incapsula CDN httpd
193145.60.80.235 8890 tcp http open Incapsula CDN httpd
193245.60.80.235 8899 tcp http open Incapsula CDN httpd
193345.60.80.235 8901 tcp http open Incapsula CDN httpd
193445.60.80.235 8902 tcp http open Incapsula CDN httpd
193545.60.80.235 8999 tcp http open Incapsula CDN httpd
193645.60.80.235 9000 tcp http open Incapsula CDN httpd
193745.60.80.235 9001 tcp http open Incapsula CDN httpd
193845.60.80.235 9002 tcp http open Incapsula CDN httpd
193945.60.80.235 9003 tcp http open Incapsula CDN httpd
194045.60.80.235 9004 tcp http open Incapsula CDN httpd
194145.60.80.235 9005 tcp http open Incapsula CDN httpd
194245.60.80.235 9010 tcp http open Incapsula CDN httpd
194345.60.80.235 9050 tcp http open Incapsula CDN httpd
194445.60.80.235 9080 tcp http open Incapsula CDN httpd
194545.60.80.235 9081 tcp ssl/http open Incapsula CDN httpd
194645.60.80.235 9084 tcp http open Incapsula CDN httpd
194745.60.80.235 9090 tcp http open Incapsula CDN httpd
194845.60.80.235 9099 tcp http open Incapsula CDN httpd
194945.60.80.235 9100 tcp jetdirect open
195045.60.80.235 9111 tcp http open Incapsula CDN httpd
195145.60.80.235 9200 tcp http open Incapsula CDN httpd
195245.60.80.235 9300 tcp http open Incapsula CDN httpd
195345.60.80.235 9500 tcp http open Incapsula CDN httpd
195445.60.80.235 9711 tcp ssl/http open Incapsula CDN httpd
195545.60.80.235 9991 tcp http open Incapsula CDN httpd
195645.60.80.235 9999 tcp http open Incapsula CDN httpd
195745.60.80.235 10000 tcp http open Incapsula CDN httpd
195852.198.183.13 25 tcp smtp closed
195952.198.183.13 53 tcp domain filtered
196052.198.183.13 53 udp domain unknown
196152.198.183.13 67 tcp dhcps filtered
196252.198.183.13 67 udp dhcps unknown
196352.198.183.13 68 tcp dhcpc filtered
196452.198.183.13 68 udp dhcpc unknown
196552.198.183.13 69 tcp tftp filtered
196652.198.183.13 69 udp tftp unknown
196752.198.183.13 80 tcp http open nginx
196852.198.183.13 88 tcp kerberos-sec filtered
196952.198.183.13 88 udp kerberos-sec unknown
197052.198.183.13 123 tcp ntp filtered
197152.198.183.13 123 udp ntp unknown
197252.198.183.13 137 tcp netbios-ns filtered
197352.198.183.13 137 udp netbios-ns filtered
197452.198.183.13 138 tcp netbios-dgm filtered
197552.198.183.13 138 udp netbios-dgm filtered
197652.198.183.13 139 tcp netbios-ssn closed
197752.198.183.13 139 udp netbios-ssn unknown
197852.198.183.13 161 tcp snmp filtered
197952.198.183.13 161 udp snmp unknown
198052.198.183.13 162 tcp snmptrap filtered
198152.198.183.13 162 udp snmptrap unknown
198252.198.183.13 389 tcp ldap filtered
198352.198.183.13 389 udp ldap unknown
198452.198.183.13 443 tcp ssl/http open nginx
198552.198.183.13 445 tcp microsoft-ds closed
198652.198.183.13 520 tcp efs filtered
198752.198.183.13 520 udp route unknown
198852.198.183.13 2049 tcp nfs filtered
198952.198.183.13 2049 udp nfs unknown
199054.73.84.17 25 tcp smtp closed
199154.73.84.17 53 tcp domain filtered
199254.73.84.17 53 udp domain unknown
199354.73.84.17 67 tcp dhcps filtered
199454.73.84.17 67 udp dhcps unknown
199554.73.84.17 68 tcp dhcpc filtered
199654.73.84.17 68 udp dhcpc unknown
199754.73.84.17 69 tcp tftp filtered
199854.73.84.17 69 udp tftp unknown
199954.73.84.17 88 tcp kerberos-sec filtered
200054.73.84.17 88 udp kerberos-sec unknown
200154.73.84.17 123 tcp ntp filtered
200254.73.84.17 123 udp ntp unknown
200354.73.84.17 137 tcp netbios-ns filtered
200454.73.84.17 137 udp netbios-ns filtered
200554.73.84.17 138 tcp netbios-dgm filtered
200654.73.84.17 138 udp netbios-dgm filtered
200754.73.84.17 139 tcp netbios-ssn closed
200854.73.84.17 139 udp netbios-ssn unknown
200954.73.84.17 161 tcp snmp filtered
201054.73.84.17 161 udp snmp unknown
201154.73.84.17 162 tcp snmptrap filtered
201254.73.84.17 162 udp snmptrap unknown
201354.73.84.17 389 tcp ldap filtered
201454.73.84.17 389 udp ldap unknown
201554.73.84.17 445 tcp microsoft-ds closed
201654.73.84.17 520 tcp efs filtered
201754.73.84.17 520 udp route unknown
201854.73.84.17 2049 tcp nfs filtered
201954.73.84.17 2049 udp nfs unknown
202072.47.224.85 25 tcp smtp closed
202172.47.224.85 53 tcp domain filtered
202272.47.224.85 53 udp domain unknown
202372.47.224.85 67 tcp dhcps filtered
202472.47.224.85 67 udp dhcps unknown
202572.47.224.85 68 tcp dhcpc filtered
202672.47.224.85 68 udp dhcpc unknown
202772.47.224.85 69 tcp tftp filtered
202872.47.224.85 69 udp tftp unknown
202972.47.224.85 80 tcp http open Apache httpd 2.4.39
203072.47.224.85 88 tcp kerberos-sec filtered
203172.47.224.85 88 udp kerberos-sec unknown
203272.47.224.85 110 tcp pop3 open Dovecot pop3d
203372.47.224.85 123 tcp ntp filtered
203472.47.224.85 123 udp ntp unknown
203572.47.224.85 137 tcp netbios-ns filtered
203672.47.224.85 137 udp netbios-ns filtered
203772.47.224.85 138 tcp netbios-dgm filtered
203872.47.224.85 138 udp netbios-dgm filtered
203972.47.224.85 139 tcp netbios-ssn closed
204072.47.224.85 139 udp netbios-ssn unknown
204172.47.224.85 143 tcp imap open Dovecot imapd
204272.47.224.85 161 tcp snmp filtered
204372.47.224.85 161 udp snmp unknown
204472.47.224.85 162 tcp snmptrap filtered
204572.47.224.85 162 udp snmptrap unknown
204672.47.224.85 389 tcp ldap filtered
204772.47.224.85 389 udp ldap unknown
204872.47.224.85 443 tcp ssl/http open nginx 1.16.1
204972.47.224.85 445 tcp microsoft-ds closed
205072.47.224.85 465 tcp ssl/smtp open Exim smtpd 4.84_2
205172.47.224.85 520 tcp efs filtered
205272.47.224.85 520 udp route unknown
205372.47.224.85 587 tcp smtp open Exim smtpd 4.84_2
205472.47.224.85 993 tcp ssl/imaps open
205572.47.224.85 995 tcp ssl/pop3s open
205672.47.224.85 2049 tcp nfs filtered
205772.47.224.85 2049 udp nfs unknown
205880.82.79.116 21 tcp ftp open 220 (vsFTPd 3.0.2)\x0d\x0a
205980.82.79.116 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
206080.82.79.116 53 tcp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
206180.82.79.116 53 udp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
206280.82.79.116 67 tcp dhcps closed
206380.82.79.116 67 udp dhcps closed
206480.82.79.116 68 tcp dhcpc closed
206580.82.79.116 68 udp dhcpc closed
206680.82.79.116 69 tcp tftp closed
206780.82.79.116 69 udp tftp unknown
206880.82.79.116 88 tcp kerberos-sec closed
206980.82.79.116 88 udp kerberos-sec unknown
207080.82.79.116 123 tcp ntp closed
207180.82.79.116 123 udp ntp unknown
207280.82.79.116 137 tcp netbios-ns closed
207380.82.79.116 137 udp netbios-ns filtered
207480.82.79.116 138 tcp netbios-dgm closed
207580.82.79.116 138 udp netbios-dgm filtered
207680.82.79.116 139 tcp netbios-ssn closed
207780.82.79.116 139 udp netbios-ssn unknown
207880.82.79.116 161 tcp snmp closed
207980.82.79.116 161 udp snmp closed
208080.82.79.116 162 tcp snmptrap closed
208180.82.79.116 162 udp snmptrap closed
208280.82.79.116 389 tcp ldap closed
208380.82.79.116 389 udp ldap closed
208480.82.79.116 520 tcp efs closed
208580.82.79.116 520 udp route closed
208680.82.79.116 2049 tcp nfs closed
208780.82.79.116 2049 udp nfs unknown
208880.209.242.81 21 tcp ftp open 220 FTP Server ready.\x0d\x0a
208980.209.242.81 22 tcp ssh open SSH-2.0-OpenSSH_7.4
209080.209.242.81 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
209180.209.242.81 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
209280.209.242.81 67 tcp dhcps filtered
209380.209.242.81 67 udp dhcps unknown
209480.209.242.81 68 tcp dhcpc filtered
209580.209.242.81 68 udp dhcpc unknown
209680.209.242.81 69 tcp tftp filtered
209780.209.242.81 69 udp tftp unknown
209880.209.242.81 88 tcp kerberos-sec filtered
209980.209.242.81 88 udp kerberos-sec unknown
210080.209.242.81 123 tcp ntp filtered
210180.209.242.81 123 udp ntp unknown
210280.209.242.81 137 tcp netbios-ns filtered
210380.209.242.81 137 udp netbios-ns filtered
210480.209.242.81 138 tcp netbios-dgm filtered
210580.209.242.81 138 udp netbios-dgm filtered
210680.209.242.81 139 tcp netbios-ssn closed
210780.209.242.81 139 udp netbios-ssn unknown
210880.209.242.81 161 tcp snmp filtered
210980.209.242.81 161 udp snmp unknown
211080.209.242.81 162 tcp snmptrap filtered
211180.209.242.81 162 udp snmptrap unknown
211280.209.242.81 389 tcp ldap filtered
211380.209.242.81 389 udp ldap filtered
211480.209.242.81 520 tcp efs filtered
211580.209.242.81 520 udp route unknown
211680.209.242.81 2049 tcp nfs filtered
211780.209.242.81 2049 udp nfs unknown
211882.221.139.217 22 tcp ssh open SSH-2.0-OpenSSH_5.3
211984.235.91.252 25 tcp smtp closed
212084.235.91.252 53 tcp domain filtered
212184.235.91.252 53 udp domain unknown
212284.235.91.252 67 tcp dhcps filtered
212384.235.91.252 67 udp dhcps unknown
212484.235.91.252 68 tcp dhcpc filtered
212584.235.91.252 68 udp dhcpc unknown
212684.235.91.252 69 tcp tftp filtered
212784.235.91.252 69 udp tftp unknown
212884.235.91.252 88 tcp kerberos-sec filtered
212984.235.91.252 88 udp kerberos-sec unknown
213084.235.91.252 123 tcp ntp filtered
213184.235.91.252 123 udp ntp unknown
213284.235.91.252 137 tcp netbios-ns filtered
213384.235.91.252 137 udp netbios-ns filtered
213484.235.91.252 138 tcp netbios-dgm filtered
213584.235.91.252 138 udp netbios-dgm filtered
213684.235.91.252 139 tcp netbios-ssn closed
213784.235.91.252 139 udp netbios-ssn unknown
213884.235.91.252 161 tcp snmp filtered
213984.235.91.252 161 udp snmp unknown
214084.235.91.252 162 tcp snmptrap filtered
214184.235.91.252 162 udp snmptrap unknown
214284.235.91.252 389 tcp ldap filtered
214384.235.91.252 389 udp ldap unknown
214484.235.91.252 445 tcp microsoft-ds closed
214584.235.91.252 520 tcp efs filtered
214684.235.91.252 520 udp route unknown
214784.235.91.252 2049 tcp nfs filtered
214884.235.91.252 2049 udp nfs unknown
214987.247.240.207 21 tcp ftp open ProFTPD
215087.247.240.207 22 tcp ssh open OpenSSH 7.4 protocol 2.0
215187.247.240.207 67 udp dhcps unknown
215287.247.240.207 68 udp dhcpc unknown
215387.247.240.207 69 udp tftp unknown
215487.247.240.207 80 tcp http open Apache httpd
215587.247.240.207 88 udp kerberos-sec unknown
215687.247.240.207 110 tcp pop3 open Dovecot pop3d
215787.247.240.207 123 udp ntp unknown
215887.247.240.207 139 udp netbios-ssn unknown
215987.247.240.207 143 tcp imap open Dovecot imapd
216087.247.240.207 161 udp snmp unknown
216187.247.240.207 162 udp snmptrap unknown
216287.247.240.207 389 udp ldap unknown
216387.247.240.207 443 tcp ssl/http open Apache httpd
216487.247.240.207 465 tcp ssl/smtp open Exim smtpd 4.92
216587.247.240.207 520 udp route unknown
216687.247.240.207 587 tcp smtp open Exim smtpd 4.92
216787.247.240.207 993 tcp ssl/imaps open
216887.247.240.207 995 tcp ssl/pop3s open
216987.247.240.207 2049 udp nfs unknown
217089.248.172.200 22 tcp ssh open SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
217189.248.172.200 53 tcp domain closed
217289.248.172.200 53 udp domain closed
217389.248.172.200 67 tcp dhcps closed
217489.248.172.200 67 udp dhcps closed
217589.248.172.200 68 tcp dhcpc closed
217689.248.172.200 68 udp dhcpc closed
217789.248.172.200 69 tcp tftp closed
217889.248.172.200 69 udp tftp closed
217989.248.172.200 88 tcp kerberos-sec closed
218089.248.172.200 88 udp kerberos-sec unknown
218189.248.172.200 123 tcp ntp closed
218289.248.172.200 123 udp ntp unknown
218389.248.172.200 137 tcp netbios-ns closed
218489.248.172.200 137 udp netbios-ns filtered
218589.248.172.200 138 tcp netbios-dgm closed
218689.248.172.200 138 udp netbios-dgm filtered
218789.248.172.200 139 tcp netbios-ssn closed
218889.248.172.200 139 udp netbios-ssn closed
218989.248.172.200 161 tcp snmp closed
219089.248.172.200 161 udp snmp closed
219189.248.172.200 162 tcp snmptrap closed
219289.248.172.200 162 udp snmptrap unknown
219389.248.172.200 389 tcp ldap closed
219489.248.172.200 389 udp ldap closed
219589.248.172.200 520 tcp efs closed
219689.248.172.200 520 udp route closed
219789.248.172.200 2049 tcp nfs closed
219889.248.172.200 2049 udp nfs unknown
219993.89.20.20 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 21:36. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
220093.95.228.158 22 tcp ssh open SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
220193.113.37.250 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 13:36. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
220293.113.37.250 53 tcp domain open PowerDNS Authoritative Server 4.1.10
220393.113.37.250 53 udp domain open PowerDNS Authoritative Server 4.1.10
220493.113.37.250 389 udp ldap unknown
220593.113.37.250 520 udp route unknown
220693.113.37.250 2049 udp nfs unknown
220793.174.93.84 21 tcp ftp open vsftpd 3.0.2
220893.174.93.84 25 tcp smtp closed
220993.174.93.84 53 tcp domain filtered
221093.174.93.84 53 udp domain filtered
221193.174.93.84 67 tcp dhcps filtered
221293.174.93.84 67 udp dhcps filtered
221393.174.93.84 68 tcp dhcpc filtered
221493.174.93.84 68 udp dhcpc unknown
221593.174.93.84 69 tcp tftp filtered
221693.174.93.84 69 udp tftp unknown
221793.174.93.84 80 tcp http open Apache httpd 2.4.6 (CentOS) PHP/5.4.16
221893.174.93.84 88 tcp kerberos-sec filtered
221993.174.93.84 88 udp kerberos-sec unknown
222093.174.93.84 123 tcp ntp filtered
222193.174.93.84 123 udp ntp filtered
222293.174.93.84 137 tcp netbios-ns filtered
222393.174.93.84 137 udp netbios-ns filtered
222493.174.93.84 138 tcp netbios-dgm filtered
222593.174.93.84 138 udp netbios-dgm filtered
222693.174.93.84 139 tcp netbios-ssn closed
222793.174.93.84 139 udp netbios-ssn unknown
222893.174.93.84 161 tcp snmp filtered
222993.174.93.84 161 udp snmp unknown
223093.174.93.84 162 tcp snmptrap filtered
223193.174.93.84 162 udp snmptrap unknown
223293.174.93.84 389 tcp ldap filtered
223393.174.93.84 389 udp ldap filtered
223493.174.93.84 445 tcp microsoft-ds closed
223593.174.93.84 520 tcp efs filtered
223693.174.93.84 520 udp route unknown
223793.174.93.84 2049 tcp nfs filtered
223893.174.93.84 2049 udp nfs unknown
223993.191.156.197 22 tcp ssh open SSH-2.0-OpenSSH_5.3
224094.102.51.33 22 tcp ssh open
224194.102.51.33 53 tcp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
224294.102.51.33 53 udp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
224394.102.51.33 67 tcp dhcps filtered
224494.102.51.33 67 udp dhcps unknown
224594.102.51.33 68 tcp dhcpc filtered
224694.102.51.33 68 udp dhcpc unknown
224794.102.51.33 69 tcp tftp filtered
224894.102.51.33 69 udp tftp unknown
224994.102.51.33 80 tcp http open nginx
225094.102.51.33 88 tcp kerberos-sec filtered
225194.102.51.33 88 udp kerberos-sec unknown
225294.102.51.33 110 tcp pop3 open Dovecot pop3d
225394.102.51.33 123 tcp ntp filtered
225494.102.51.33 123 udp ntp unknown
225594.102.51.33 137 tcp netbios-ns filtered
225694.102.51.33 137 udp netbios-ns filtered
225794.102.51.33 138 tcp netbios-dgm filtered
225894.102.51.33 138 udp netbios-dgm filtered
225994.102.51.33 139 tcp netbios-ssn closed
226094.102.51.33 139 udp netbios-ssn unknown
226194.102.51.33 143 tcp imap open Dovecot imapd
226294.102.51.33 161 tcp snmp filtered
226394.102.51.33 161 udp snmp unknown
226494.102.51.33 162 tcp snmptrap filtered
226594.102.51.33 162 udp snmptrap unknown
226694.102.51.33 389 tcp ldap filtered
226794.102.51.33 389 udp ldap unknown
226894.102.51.33 465 tcp ssl/smtp open Exim smtpd 4.89
226994.102.51.33 520 tcp efs filtered
227094.102.51.33 520 udp route unknown
227194.102.51.33 993 tcp ssl/imaps open
227294.102.51.33 995 tcp ssl/pop3s open
227394.102.51.33 2049 tcp nfs filtered
227494.102.51.33 2049 udp nfs unknown
2275104.154.60.12 25 tcp smtp closed
2276104.154.60.12 53 tcp domain filtered
2277104.154.60.12 53 udp domain unknown
2278104.154.60.12 67 tcp dhcps filtered
2279104.154.60.12 67 udp dhcps unknown
2280104.154.60.12 68 tcp dhcpc filtered
2281104.154.60.12 68 udp dhcpc unknown
2282104.154.60.12 69 tcp tftp filtered
2283104.154.60.12 69 udp tftp unknown
2284104.154.60.12 80 tcp http open nginx
2285104.154.60.12 88 tcp kerberos-sec filtered
2286104.154.60.12 88 udp kerberos-sec unknown
2287104.154.60.12 123 tcp ntp filtered
2288104.154.60.12 123 udp ntp unknown
2289104.154.60.12 137 tcp netbios-ns filtered
2290104.154.60.12 137 udp netbios-ns filtered
2291104.154.60.12 138 tcp netbios-dgm filtered
2292104.154.60.12 138 udp netbios-dgm filtered
2293104.154.60.12 139 tcp netbios-ssn closed
2294104.154.60.12 139 udp netbios-ssn unknown
2295104.154.60.12 161 tcp snmp filtered
2296104.154.60.12 161 udp snmp unknown
2297104.154.60.12 162 tcp snmptrap filtered
2298104.154.60.12 162 udp snmptrap unknown
2299104.154.60.12 389 tcp ldap filtered
2300104.154.60.12 389 udp ldap unknown
2301104.154.60.12 443 tcp ssl/http open nginx
2302104.154.60.12 445 tcp microsoft-ds closed
2303104.154.60.12 520 tcp efs filtered
2304104.154.60.12 520 udp route unknown
2305104.154.60.12 2049 tcp nfs filtered
2306104.154.60.12 2049 udp nfs unknown
2307104.154.60.12 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
2308104.218.232.66 22 tcp ssh open OpenSSH 7.4p1 Debian 10+deb9u3 protocol 2.0
2309104.218.232.66 53 tcp domain closed
2310104.218.232.66 53 udp domain unknown
2311104.218.232.66 67 tcp dhcps closed
2312104.218.232.66 67 udp dhcps unknown
2313104.218.232.66 68 tcp dhcpc closed
2314104.218.232.66 68 udp dhcpc closed
2315104.218.232.66 69 tcp tftp closed
2316104.218.232.66 69 udp tftp closed
2317104.218.232.66 80 tcp http open ngjit
2318104.218.232.66 88 tcp kerberos-sec closed
2319104.218.232.66 88 udp kerberos-sec closed
2320104.218.232.66 123 tcp ntp closed
2321104.218.232.66 123 udp ntp closed
2322104.218.232.66 137 tcp netbios-ns closed
2323104.218.232.66 137 udp netbios-ns filtered
2324104.218.232.66 138 tcp netbios-dgm closed
2325104.218.232.66 138 udp netbios-dgm filtered
2326104.218.232.66 139 tcp netbios-ssn closed
2327104.218.232.66 139 udp netbios-ssn closed
2328104.218.232.66 161 tcp snmp closed
2329104.218.232.66 161 udp snmp unknown
2330104.218.232.66 162 tcp snmptrap closed
2331104.218.232.66 162 udp snmptrap closed
2332104.218.232.66 389 tcp ldap closed
2333104.218.232.66 389 udp ldap closed
2334104.218.232.66 443 tcp ssl/https open ngjit
2335104.218.232.66 520 tcp efs closed
2336104.218.232.66 520 udp route unknown
2337104.218.232.66 2049 tcp nfs closed
2338104.218.232.66 2049 udp nfs closed
2339107.154.130.27 53 tcp domain open
2340107.154.130.27 53 udp domain open
2341107.154.130.27 67 tcp dhcps filtered
2342107.154.130.27 67 udp dhcps unknown
2343107.154.130.27 68 tcp dhcpc filtered
2344107.154.130.27 68 udp dhcpc unknown
2345107.154.130.27 69 tcp tftp filtered
2346107.154.130.27 69 udp tftp unknown
2347107.154.130.27 88 tcp http open Incapsula CDN httpd
2348107.154.130.27 88 udp kerberos-sec unknown
2349107.154.130.27 123 tcp ntp filtered
2350107.154.130.27 123 udp ntp unknown
2351107.154.130.27 137 tcp netbios-ns filtered
2352107.154.130.27 137 udp netbios-ns filtered
2353107.154.130.27 138 tcp netbios-dgm filtered
2354107.154.130.27 138 udp netbios-dgm filtered
2355107.154.130.27 139 tcp netbios-ssn closed
2356107.154.130.27 139 udp netbios-ssn unknown
2357107.154.130.27 161 tcp snmp filtered
2358107.154.130.27 161 udp snmp unknown
2359107.154.130.27 162 tcp snmptrap filtered
2360107.154.130.27 162 udp snmptrap unknown
2361107.154.130.27 389 tcp ssl/http open Incapsula CDN httpd
2362107.154.130.27 389 udp ldap unknown
2363107.154.130.27 520 tcp efs filtered
2364107.154.130.27 520 udp route unknown
2365107.154.130.27 2049 tcp http open Incapsula CDN httpd
2366107.154.130.27 2049 udp nfs unknown
2367107.154.248.27 53 tcp domain open
2368107.154.248.27 80 tcp http open Incapsula CDN httpd
2369107.154.248.27 81 tcp http open Incapsula CDN httpd
2370107.154.248.27 85 tcp http open Incapsula CDN httpd
2371107.154.248.27 88 tcp http open Incapsula CDN httpd
2372107.154.248.27 389 tcp ssl/http open Incapsula CDN httpd
2373107.154.248.27 443 tcp ssl/http open Incapsula CDN httpd
2374107.154.248.27 444 tcp ssl/http open Incapsula CDN httpd
2375107.154.248.27 446 tcp http open Incapsula CDN httpd
2376107.154.248.27 587 tcp http open Incapsula CDN httpd
2377107.154.248.27 631 tcp http open Incapsula CDN httpd
2378107.154.248.27 888 tcp http open Incapsula CDN httpd
2379107.154.248.27 995 tcp ssl/http open Incapsula CDN httpd
2380107.154.248.27 998 tcp ssl/http open Incapsula CDN httpd
2381107.154.248.27 999 tcp http open Incapsula CDN httpd
2382107.154.248.27 1000 tcp http open Incapsula CDN httpd
2383107.154.248.27 1024 tcp http open Incapsula CDN httpd
2384107.154.248.27 1103 tcp http open Incapsula CDN httpd
2385107.154.248.27 1234 tcp http open Incapsula CDN httpd
2386107.154.248.27 1433 tcp http open Incapsula CDN httpd
2387107.154.248.27 1494 tcp http open Incapsula CDN httpd
2388107.154.248.27 2000 tcp ssl/http open Incapsula CDN httpd
2389107.154.248.27 2001 tcp http open Incapsula CDN httpd
2390107.154.248.27 2049 tcp http open Incapsula CDN httpd
2391107.154.248.27 2067 tcp http open Incapsula CDN httpd
2392107.154.248.27 2100 tcp ssl/http open Incapsula CDN httpd
2393107.154.248.27 2222 tcp http open Incapsula CDN httpd
2394107.154.248.27 2598 tcp http open Incapsula CDN httpd
2395107.154.248.27 3000 tcp http open Incapsula CDN httpd
2396107.154.248.27 3050 tcp http open Incapsula CDN httpd
2397107.154.248.27 3057 tcp http open Incapsula CDN httpd
2398107.154.248.27 3299 tcp http open Incapsula CDN httpd
2399107.154.248.27 3306 tcp ssl/http open Incapsula CDN httpd
2400107.154.248.27 3333 tcp http open Incapsula CDN httpd
2401107.154.248.27 3389 tcp ssl/http open Incapsula CDN httpd
2402107.154.248.27 3500 tcp http open Incapsula CDN httpd
2403107.154.248.27 3790 tcp http open Incapsula CDN httpd
2404107.154.248.27 4000 tcp http open Incapsula CDN httpd
2405107.154.248.27 4444 tcp ssl/http open Incapsula CDN httpd
2406107.154.248.27 4445 tcp ssl/http open Incapsula CDN httpd
2407107.154.248.27 5000 tcp http open Incapsula CDN httpd
2408107.154.248.27 5009 tcp http open Incapsula CDN httpd
2409107.154.248.27 5060 tcp ssl/http open Incapsula CDN httpd
2410107.154.248.27 5061 tcp ssl/http open Incapsula CDN httpd
2411107.154.248.27 5227 tcp ssl/http open Incapsula CDN httpd
2412107.154.248.27 5247 tcp ssl/http open Incapsula CDN httpd
2413107.154.248.27 5250 tcp ssl/http open Incapsula CDN httpd
2414107.154.248.27 5555 tcp http open Incapsula CDN httpd
2415107.154.248.27 5900 tcp http open Incapsula CDN httpd
2416107.154.248.27 5901 tcp ssl/http open Incapsula CDN httpd
2417107.154.248.27 5902 tcp ssl/http open Incapsula CDN httpd
2418107.154.248.27 5903 tcp ssl/http open Incapsula CDN httpd
2419107.154.248.27 5904 tcp ssl/http open Incapsula CDN httpd
2420107.154.248.27 5905 tcp ssl/http open Incapsula CDN httpd
2421107.154.248.27 5906 tcp ssl/http open Incapsula CDN httpd
2422107.154.248.27 5907 tcp ssl/http open Incapsula CDN httpd
2423107.154.248.27 5908 tcp ssl/http open Incapsula CDN httpd
2424107.154.248.27 5909 tcp ssl/http open Incapsula CDN httpd
2425107.154.248.27 5910 tcp ssl/http open Incapsula CDN httpd
2426107.154.248.27 5920 tcp ssl/http open Incapsula CDN httpd
2427107.154.248.27 5984 tcp ssl/http open Incapsula CDN httpd
2428107.154.248.27 5985 tcp http open Incapsula CDN httpd
2429107.154.248.27 5986 tcp ssl/http open Incapsula CDN httpd
2430107.154.248.27 5999 tcp ssl/http open Incapsula CDN httpd
2431107.154.248.27 6000 tcp http open Incapsula CDN httpd
2432107.154.248.27 6060 tcp http open Incapsula CDN httpd
2433107.154.248.27 6161 tcp http open Incapsula CDN httpd
2434107.154.248.27 6379 tcp http open Incapsula CDN httpd
2435107.154.248.27 6661 tcp ssl/http open Incapsula CDN httpd
2436107.154.248.27 6789 tcp http open Incapsula CDN httpd
2437107.154.248.27 7000 tcp ssl/http open Incapsula CDN httpd
2438107.154.248.27 7001 tcp http open Incapsula CDN httpd
2439107.154.248.27 7021 tcp http open Incapsula CDN httpd
2440107.154.248.27 7071 tcp ssl/http open Incapsula CDN httpd
2441107.154.248.27 7080 tcp http open Incapsula CDN httpd
2442107.154.248.27 7272 tcp ssl/http open Incapsula CDN httpd
2443107.154.248.27 7443 tcp ssl/http open Incapsula CDN httpd
2444107.154.248.27 7700 tcp http open Incapsula CDN httpd
2445107.154.248.27 7777 tcp http open Incapsula CDN httpd
2446107.154.248.27 7778 tcp http open Incapsula CDN httpd
2447107.154.248.27 8000 tcp http open Incapsula CDN httpd
2448107.154.248.27 8001 tcp http open Incapsula CDN httpd
2449107.154.248.27 8008 tcp http open Incapsula CDN httpd
2450107.154.248.27 8014 tcp http open Incapsula CDN httpd
2451107.154.248.27 8020 tcp http open Incapsula CDN httpd
2452107.154.248.27 8023 tcp http open Incapsula CDN httpd
2453107.154.248.27 8028 tcp http open Incapsula CDN httpd
2454107.154.248.27 8030 tcp http open Incapsula CDN httpd
2455107.154.248.27 8050 tcp http open Incapsula CDN httpd
2456107.154.248.27 8051 tcp http open Incapsula CDN httpd
2457107.154.248.27 8080 tcp http open Incapsula CDN httpd
2458107.154.248.27 8081 tcp http open Incapsula CDN httpd
2459107.154.248.27 8082 tcp http open Incapsula CDN httpd
2460107.154.248.27 8085 tcp http open Incapsula CDN httpd
2461107.154.248.27 8086 tcp http open Incapsula CDN httpd
2462107.154.248.27 8087 tcp http open Incapsula CDN httpd
2463107.154.248.27 8088 tcp http open Incapsula CDN httpd
2464107.154.248.27 8090 tcp http open Incapsula CDN httpd
2465107.154.248.27 8091 tcp http open Incapsula CDN httpd
2466107.154.248.27 8095 tcp http open Incapsula CDN httpd
2467107.154.248.27 8101 tcp http open Incapsula CDN httpd
2468107.154.248.27 8161 tcp http open Incapsula CDN httpd
2469107.154.248.27 8180 tcp http open Incapsula CDN httpd
2470107.154.248.27 8222 tcp http open Incapsula CDN httpd
2471107.154.248.27 8333 tcp http open Incapsula CDN httpd
2472107.154.248.27 8443 tcp ssl/http open Incapsula CDN httpd
2473107.154.248.27 8444 tcp http open Incapsula CDN httpd
2474107.154.248.27 8445 tcp http open Incapsula CDN httpd
2475107.154.248.27 8503 tcp ssl/http open Incapsula CDN httpd
2476107.154.248.27 8686 tcp http open Incapsula CDN httpd
2477107.154.248.27 8787 tcp http open Incapsula CDN httpd
2478107.154.248.27 8800 tcp http open Incapsula CDN httpd
2479107.154.248.27 8812 tcp http open Incapsula CDN httpd
2480107.154.248.27 8834 tcp http open Incapsula CDN httpd
2481107.154.248.27 8880 tcp http open Incapsula CDN httpd
2482107.154.248.27 8888 tcp http open Incapsula CDN httpd
2483107.154.248.27 8889 tcp http open Incapsula CDN httpd
2484107.154.248.27 8890 tcp http open Incapsula CDN httpd
2485107.154.248.27 8899 tcp http open Incapsula CDN httpd
2486107.154.248.27 9000 tcp http open Incapsula CDN httpd
2487107.154.248.27 9001 tcp http open Incapsula CDN httpd
2488107.154.248.27 9002 tcp http open Incapsula CDN httpd
2489107.154.248.27 9003 tcp http open Incapsula CDN httpd
2490107.154.248.27 9004 tcp http open Incapsula CDN httpd
2491107.154.248.27 9005 tcp http open Incapsula CDN httpd
2492107.154.248.27 9010 tcp http open Incapsula CDN httpd
2493107.154.248.27 9050 tcp http open Incapsula CDN httpd
2494107.154.248.27 9080 tcp http open Incapsula CDN httpd
2495107.154.248.27 9081 tcp ssl/http open Incapsula CDN httpd
2496107.154.248.27 9084 tcp http open Incapsula CDN httpd
2497107.154.248.27 9090 tcp http open Incapsula CDN httpd
2498107.154.248.27 9099 tcp http open Incapsula CDN httpd
2499107.154.248.27 9100 tcp jetdirect open
2500107.154.248.27 9111 tcp http open Incapsula CDN httpd
2501107.154.248.27 9200 tcp http open Incapsula CDN httpd
2502107.154.248.27 9300 tcp http open Incapsula CDN httpd
2503107.154.248.27 9500 tcp http open Incapsula CDN httpd
2504107.154.248.27 9711 tcp ssl/http open Incapsula CDN httpd
2505107.154.248.27 9991 tcp http open Incapsula CDN httpd
2506107.154.248.27 9999 tcp http open Incapsula CDN httpd
2507107.154.248.27 10000 tcp http open Incapsula CDN httpd
2508107.154.248.27 10001 tcp http open Incapsula CDN httpd
2509107.154.248.27 10008 tcp http open Incapsula CDN httpd
2510107.154.248.27 10443 tcp ssl/http open Incapsula CDN httpd
2511107.154.248.27 11001 tcp ssl/http open Incapsula CDN httpd
2512107.154.248.27 12174 tcp http open Incapsula CDN httpd
2513107.154.248.27 12203 tcp http open Incapsula CDN httpd
2514107.154.248.27 12221 tcp http open Incapsula CDN httpd
2515107.154.248.27 12345 tcp http open Incapsula CDN httpd
2516107.154.248.27 12397 tcp http open Incapsula CDN httpd
2517107.154.248.27 12401 tcp http open Incapsula CDN httpd
2518107.154.248.27 14330 tcp http open Incapsula CDN httpd
2519107.154.248.27 16000 tcp http open Incapsula CDN httpd
2520107.154.248.27 20000 tcp http open Incapsula CDN httpd
2521107.154.248.27 20010 tcp ssl/http open Incapsula CDN httpd
2522107.154.248.27 25000 tcp ssl/http open Incapsula CDN httpd
2523107.154.248.27 30000 tcp http open Incapsula CDN httpd
2524107.154.248.27 44334 tcp ssl/http open Incapsula CDN httpd
2525107.154.248.27 50000 tcp http open Incapsula CDN httpd
2526107.154.248.27 50001 tcp ssl/http open Incapsula CDN httpd
2527107.154.248.27 50050 tcp ssl/http open Incapsula CDN httpd
2528141.105.65.111 25 tcp smtp closed
2529141.105.65.111 53 tcp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
2530141.105.65.111 53 udp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
2531141.105.65.111 67 tcp dhcps filtered
2532141.105.65.111 67 udp dhcps unknown
2533141.105.65.111 68 tcp dhcpc filtered
2534141.105.65.111 68 udp dhcpc unknown
2535141.105.65.111 69 tcp tftp filtered
2536141.105.65.111 69 udp tftp unknown
2537141.105.65.111 88 tcp kerberos-sec filtered
2538141.105.65.111 88 udp kerberos-sec unknown
2539141.105.65.111 123 tcp ntp filtered
2540141.105.65.111 123 udp ntp unknown
2541141.105.65.111 137 tcp netbios-ns filtered
2542141.105.65.111 137 udp netbios-ns filtered
2543141.105.65.111 138 tcp netbios-dgm filtered
2544141.105.65.111 138 udp netbios-dgm filtered
2545141.105.65.111 139 tcp netbios-ssn closed
2546141.105.65.111 139 udp netbios-ssn unknown
2547141.105.65.111 161 tcp snmp filtered
2548141.105.65.111 161 udp snmp unknown
2549141.105.65.111 162 tcp snmptrap filtered
2550141.105.65.111 162 udp snmptrap unknown
2551141.105.65.111 389 tcp ldap filtered
2552141.105.65.111 389 udp ldap unknown
2553141.105.65.111 445 tcp microsoft-ds closed
2554141.105.65.111 520 tcp efs filtered
2555141.105.65.111 520 udp route unknown
2556141.105.65.111 2049 tcp nfs filtered
2557141.105.65.111 2049 udp nfs unknown
2558147.237.0.206 53 udp domain unknown
2559147.237.0.206 67 udp dhcps unknown
2560147.237.0.206 68 udp dhcpc unknown
2561147.237.0.206 69 udp tftp unknown
2562147.237.0.206 80 tcp http open
2563147.237.0.206 88 udp kerberos-sec unknown
2564147.237.0.206 123 udp ntp unknown
2565147.237.0.206 139 udp netbios-ssn unknown
2566147.237.0.206 161 udp snmp unknown
2567147.237.0.206 162 udp snmptrap unknown
2568147.237.0.206 389 udp ldap unknown
2569147.237.0.206 443 tcp ssl/https open
2570147.237.0.206 520 udp route unknown
2571147.237.0.206 2049 udp nfs unknown
2572150.95.250.133 25 tcp smtp closed
2573150.95.250.133 53 tcp domain filtered
2574150.95.250.133 53 udp domain unknown
2575150.95.250.133 67 tcp dhcps filtered
2576150.95.250.133 67 udp dhcps unknown
2577150.95.250.133 68 tcp dhcpc filtered
2578150.95.250.133 68 udp dhcpc unknown
2579150.95.250.133 69 tcp tftp filtered
2580150.95.250.133 69 udp tftp unknown
2581150.95.250.133 80 tcp http open nginx
2582150.95.250.133 88 tcp kerberos-sec filtered
2583150.95.250.133 88 udp kerberos-sec unknown
2584150.95.250.133 123 tcp ntp filtered
2585150.95.250.133 123 udp ntp unknown
2586150.95.250.133 137 tcp netbios-ns filtered
2587150.95.250.133 137 udp netbios-ns filtered
2588150.95.250.133 138 tcp netbios-dgm filtered
2589150.95.250.133 138 udp netbios-dgm filtered
2590150.95.250.133 139 tcp netbios-ssn closed
2591150.95.250.133 139 udp netbios-ssn unknown
2592150.95.250.133 161 tcp snmp filtered
2593150.95.250.133 161 udp snmp unknown
2594150.95.250.133 162 tcp snmptrap filtered
2595150.95.250.133 162 udp snmptrap unknown
2596150.95.250.133 389 tcp ldap filtered
2597150.95.250.133 389 udp ldap unknown
2598150.95.250.133 443 tcp ssl/http open nginx
2599150.95.250.133 445 tcp microsoft-ds closed
2600150.95.250.133 520 tcp efs filtered
2601150.95.250.133 520 udp route unknown
2602150.95.250.133 2049 tcp nfs filtered
2603150.95.250.133 2049 udp nfs unknown
2604151.139.243.11 25 tcp smtp closed
2605151.139.243.11 53 tcp domain filtered
2606151.139.243.11 53 udp domain unknown
2607151.139.243.11 67 tcp dhcps filtered
2608151.139.243.11 67 udp dhcps unknown
2609151.139.243.11 68 tcp dhcpc filtered
2610151.139.243.11 68 udp dhcpc unknown
2611151.139.243.11 69 tcp tftp filtered
2612151.139.243.11 69 udp tftp unknown
2613151.139.243.11 80 tcp http open Varnish
2614151.139.243.11 88 tcp kerberos-sec filtered
2615151.139.243.11 88 udp kerberos-sec unknown
2616151.139.243.11 123 tcp ntp filtered
2617151.139.243.11 123 udp ntp unknown
2618151.139.243.11 137 tcp netbios-ns filtered
2619151.139.243.11 137 udp netbios-ns filtered
2620151.139.243.11 138 tcp netbios-dgm filtered
2621151.139.243.11 138 udp netbios-dgm filtered
2622151.139.243.11 139 tcp netbios-ssn closed
2623151.139.243.11 139 udp netbios-ssn unknown
2624151.139.243.11 161 tcp snmp filtered
2625151.139.243.11 161 udp snmp unknown
2626151.139.243.11 162 tcp snmptrap filtered
2627151.139.243.11 162 udp snmptrap unknown
2628151.139.243.11 389 tcp ldap filtered
2629151.139.243.11 389 udp ldap unknown
2630151.139.243.11 443 tcp ssl/http open nginx
2631151.139.243.11 445 tcp microsoft-ds closed
2632151.139.243.11 520 tcp efs filtered
2633151.139.243.11 520 udp route unknown
2634151.139.243.11 2049 tcp nfs filtered
2635151.139.243.11 2049 udp nfs unknown
2636154.73.84.17 21 tcp ftp open 220 (vsFTPd 3.0.3)\x0d\x0a
2637157.7.107.254 25 tcp smtp closed
2638157.7.107.254 53 tcp domain filtered
2639157.7.107.254 53 udp domain unknown
2640157.7.107.254 67 tcp dhcps filtered
2641157.7.107.254 67 udp dhcps unknown
2642157.7.107.254 68 tcp dhcpc filtered
2643157.7.107.254 68 udp dhcpc filtered
2644157.7.107.254 69 tcp tftp filtered
2645157.7.107.254 69 udp tftp unknown
2646157.7.107.254 80 tcp http open Apache httpd
2647157.7.107.254 88 tcp kerberos-sec filtered
2648157.7.107.254 88 udp kerberos-sec unknown
2649157.7.107.254 123 tcp ntp filtered
2650157.7.107.254 123 udp ntp unknown
2651157.7.107.254 137 tcp netbios-ns filtered
2652157.7.107.254 137 udp netbios-ns filtered
2653157.7.107.254 138 tcp netbios-dgm filtered
2654157.7.107.254 138 udp netbios-dgm filtered
2655157.7.107.254 139 tcp netbios-ssn closed
2656157.7.107.254 139 udp netbios-ssn unknown
2657157.7.107.254 161 tcp snmp filtered
2658157.7.107.254 161 udp snmp unknown
2659157.7.107.254 162 tcp snmptrap filtered
2660157.7.107.254 162 udp snmptrap unknown
2661157.7.107.254 389 tcp ldap filtered
2662157.7.107.254 389 udp ldap filtered
2663157.7.107.254 443 tcp ssl/https open Apache
2664157.7.107.254 445 tcp microsoft-ds closed
2665157.7.107.254 520 tcp efs filtered
2666157.7.107.254 520 udp route unknown
2667157.7.107.254 2049 tcp nfs filtered
2668157.7.107.254 2049 udp nfs unknown
2669159.89.0.72 22 tcp ssh open SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
2670160.153.72.166 21 tcp ftp open Pure-FTPd
2671160.153.72.166 22 tcp ssh open OpenSSH 5.3 protocol 2.0
2672160.153.72.166 53 udp domain unknown
2673160.153.72.166 67 udp dhcps unknown
2674160.153.72.166 68 udp dhcpc unknown
2675160.153.72.166 69 udp tftp unknown
2676160.153.72.166 80 tcp http open Apache httpd
2677160.153.72.166 88 udp kerberos-sec unknown
2678160.153.72.166 110 tcp pop3 open Dovecot pop3d
2679160.153.72.166 123 udp ntp unknown
2680160.153.72.166 139 udp netbios-ssn unknown
2681160.153.72.166 143 tcp imap open Dovecot imapd
2682160.153.72.166 161 udp snmp unknown
2683160.153.72.166 162 udp snmptrap unknown
2684160.153.72.166 389 udp ldap unknown
2685160.153.72.166 443 tcp ssl/http open Apache httpd
2686160.153.72.166 465 tcp ssl/smtp open Exim smtpd 4.92
2687160.153.72.166 520 udp route unknown
2688160.153.72.166 587 tcp smtp open Exim smtpd 4.92
2689160.153.72.166 993 tcp ssl/imaps open
2690160.153.72.166 995 tcp ssl/pop3s open
2691160.153.72.166 2049 udp nfs unknown
2692160.153.72.166 3306 tcp mysql open MySQL 5.6.44-cll-lve
2693163.247.52.17 25 tcp smtp closed
2694163.247.52.17 53 tcp domain filtered
2695163.247.52.17 53 udp domain unknown
2696163.247.52.17 67 tcp dhcps filtered
2697163.247.52.17 67 udp dhcps unknown
2698163.247.52.17 68 tcp dhcpc filtered
2699163.247.52.17 68 udp dhcpc unknown
2700163.247.52.17 69 tcp tftp filtered
2701163.247.52.17 69 udp tftp unknown
2702163.247.52.17 80 tcp http open Apache httpd
2703163.247.52.17 88 tcp kerberos-sec filtered
2704163.247.52.17 88 udp kerberos-sec unknown
2705163.247.52.17 113 tcp ident closed
2706163.247.52.17 123 tcp ntp filtered
2707163.247.52.17 123 udp ntp unknown
2708163.247.52.17 137 tcp netbios-ns filtered
2709163.247.52.17 137 udp netbios-ns filtered
2710163.247.52.17 138 tcp netbios-dgm filtered
2711163.247.52.17 138 udp netbios-dgm filtered
2712163.247.52.17 139 tcp netbios-ssn closed
2713163.247.52.17 139 udp netbios-ssn unknown
2714163.247.52.17 161 tcp snmp filtered
2715163.247.52.17 161 udp snmp unknown
2716163.247.52.17 162 tcp snmptrap filtered
2717163.247.52.17 162 udp snmptrap unknown
2718163.247.52.17 389 tcp ldap filtered
2719163.247.52.17 389 udp ldap unknown
2720163.247.52.17 443 tcp ssl/https open
2721163.247.52.17 445 tcp microsoft-ds closed
2722163.247.52.17 520 tcp efs filtered
2723163.247.52.17 520 udp route unknown
2724163.247.52.17 2049 tcp nfs filtered
2725163.247.52.17 2049 udp nfs unknown
2726163.247.96.10 25 tcp smtp closed
2727163.247.96.10 53 tcp domain filtered
2728163.247.96.10 53 udp domain unknown
2729163.247.96.10 67 tcp dhcps filtered
2730163.247.96.10 67 udp dhcps unknown
2731163.247.96.10 68 tcp dhcpc filtered
2732163.247.96.10 68 udp dhcpc unknown
2733163.247.96.10 69 tcp tftp filtered
2734163.247.96.10 69 udp tftp unknown
2735163.247.96.10 80 tcp http open Apache httpd 2.2.22
2736163.247.96.10 88 tcp kerberos-sec filtered
2737163.247.96.10 88 udp kerberos-sec unknown
2738163.247.96.10 113 tcp ident closed
2739163.247.96.10 123 tcp ntp filtered
2740163.247.96.10 123 udp ntp unknown
2741163.247.96.10 137 tcp netbios-ns filtered
2742163.247.96.10 137 udp netbios-ns filtered
2743163.247.96.10 138 tcp netbios-dgm filtered
2744163.247.96.10 138 udp netbios-dgm filtered
2745163.247.96.10 139 tcp netbios-ssn closed
2746163.247.96.10 139 udp netbios-ssn unknown
2747163.247.96.10 161 tcp snmp filtered
2748163.247.96.10 161 udp snmp unknown
2749163.247.96.10 162 tcp snmptrap filtered
2750163.247.96.10 162 udp snmptrap unknown
2751163.247.96.10 389 tcp ldap filtered
2752163.247.96.10 389 udp ldap unknown
2753163.247.96.10 445 tcp microsoft-ds closed
2754163.247.96.10 465 tcp ssl/smtp open Exim smtpd 4.X
2755163.247.96.10 520 tcp efs filtered
2756163.247.96.10 520 udp route unknown
2757163.247.96.10 587 tcp smtp open Exim smtpd
2758163.247.96.10 2000 tcp cisco-sccp open
2759163.247.96.10 2049 tcp nfs filtered
2760163.247.96.10 2049 udp nfs unknown
2761163.247.96.10 4443 tcp http open Apache httpd
2762163.247.96.10 5060 tcp sip open
2763170.246.172.178 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:38. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
2764170.246.172.178 25 tcp smtp closed
2765170.246.172.178 53 tcp domain open PowerDNS Authoritative Server 4.1.10
2766170.246.172.178 53 udp domain open PowerDNS Authoritative Server 4.1.10
2767170.246.172.178 67 tcp dhcps filtered
2768170.246.172.178 67 udp dhcps unknown
2769170.246.172.178 68 tcp dhcpc filtered
2770170.246.172.178 68 udp dhcpc unknown
2771170.246.172.178 69 tcp tftp filtered
2772170.246.172.178 69 udp tftp unknown
2773170.246.172.178 88 tcp kerberos-sec filtered
2774170.246.172.178 88 udp kerberos-sec unknown
2775170.246.172.178 123 tcp ntp filtered
2776170.246.172.178 123 udp ntp unknown
2777170.246.172.178 137 tcp netbios-ns filtered
2778170.246.172.178 137 udp netbios-ns filtered
2779170.246.172.178 138 tcp netbios-dgm filtered
2780170.246.172.178 138 udp netbios-dgm filtered
2781170.246.172.178 139 tcp netbios-ssn closed
2782170.246.172.178 139 udp netbios-ssn unknown
2783170.246.172.178 161 tcp snmp filtered
2784170.246.172.178 161 udp snmp unknown
2785170.246.172.178 162 tcp snmptrap filtered
2786170.246.172.178 162 udp snmptrap unknown
2787170.246.172.178 389 tcp ldap filtered
2788170.246.172.178 389 udp ldap unknown
2789170.246.172.178 445 tcp microsoft-ds closed
2790170.246.172.178 520 tcp efs filtered
2791170.246.172.178 520 udp route unknown
2792170.246.172.178 2049 tcp nfs filtered
2793170.246.172.178 2049 udp nfs unknown
2794180.222.81.193 21 tcp ftp open ProFTPD or KnFTPD
2795180.222.81.193 25 tcp smtp closed
2796180.222.81.193 53 tcp domain filtered
2797180.222.81.193 53 udp domain unknown
2798180.222.81.193 67 tcp dhcps filtered
2799180.222.81.193 67 udp dhcps unknown
2800180.222.81.193 68 tcp dhcpc filtered
2801180.222.81.193 68 udp dhcpc unknown
2802180.222.81.193 69 tcp tftp filtered
2803180.222.81.193 69 udp tftp unknown
2804180.222.81.193 80 tcp http open Apache httpd PHP 5.2.8
2805180.222.81.193 88 tcp kerberos-sec filtered
2806180.222.81.193 88 udp kerberos-sec unknown
2807180.222.81.193 110 tcp pop3 open qmail pop3d
2808180.222.81.193 113 tcp ident closed
2809180.222.81.193 123 tcp ntp filtered
2810180.222.81.193 123 udp ntp unknown
2811180.222.81.193 137 tcp netbios-ns filtered
2812180.222.81.193 137 udp netbios-ns filtered
2813180.222.81.193 138 tcp netbios-dgm filtered
2814180.222.81.193 138 udp netbios-dgm filtered
2815180.222.81.193 139 tcp netbios-ssn closed
2816180.222.81.193 139 udp netbios-ssn unknown
2817180.222.81.193 143 tcp imap open Courier Imapd released 2005
2818180.222.81.193 161 tcp snmp filtered
2819180.222.81.193 161 udp snmp unknown
2820180.222.81.193 162 tcp snmptrap filtered
2821180.222.81.193 162 udp snmptrap unknown
2822180.222.81.193 389 tcp ldap filtered
2823180.222.81.193 389 udp ldap unknown
2824180.222.81.193 443 tcp ssl/http open Apache httpd PHP 5.2.8
2825180.222.81.193 445 tcp microsoft-ds closed
2826180.222.81.193 465 tcp ssl/smtps open
2827180.222.81.193 520 tcp efs filtered
2828180.222.81.193 520 udp route unknown
2829180.222.81.193 587 tcp smtp open Access Remote PC smtpd
2830180.222.81.193 993 tcp ssl/imaps open
2831180.222.81.193 995 tcp ssl/pop3s open
2832180.222.81.193 2049 tcp nfs filtered
2833180.222.81.193 2049 udp nfs unknown
2834180.222.81.193 8080 tcp ssl/http open Apache httpd
2835184.72.111.210 25 tcp smtp closed
2836184.72.111.210 53 tcp domain filtered
2837184.72.111.210 53 udp domain unknown
2838184.72.111.210 67 tcp dhcps filtered
2839184.72.111.210 67 udp dhcps unknown
2840184.72.111.210 68 tcp dhcpc filtered
2841184.72.111.210 68 udp dhcpc unknown
2842184.72.111.210 69 tcp tftp filtered
2843184.72.111.210 69 udp tftp unknown
2844184.72.111.210 80 tcp http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
2845184.72.111.210 88 tcp kerberos-sec filtered
2846184.72.111.210 88 udp kerberos-sec unknown
2847184.72.111.210 123 tcp ntp filtered
2848184.72.111.210 123 udp ntp unknown
2849184.72.111.210 137 tcp netbios-ns filtered
2850184.72.111.210 137 udp netbios-ns filtered
2851184.72.111.210 138 tcp netbios-dgm filtered
2852184.72.111.210 138 udp netbios-dgm filtered
2853184.72.111.210 139 tcp netbios-ssn closed
2854184.72.111.210 139 udp netbios-ssn unknown
2855184.72.111.210 161 tcp snmp filtered
2856184.72.111.210 161 udp snmp unknown
2857184.72.111.210 162 tcp snmptrap filtered
2858184.72.111.210 162 udp snmptrap unknown
2859184.72.111.210 389 tcp ldap filtered
2860184.72.111.210 389 udp ldap unknown
2861184.72.111.210 443 tcp ssl/http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
2862184.72.111.210 445 tcp microsoft-ds closed
2863184.72.111.210 520 tcp efs filtered
2864184.72.111.210 520 udp route unknown
2865184.72.111.210 2049 tcp nfs filtered
2866184.72.111.210 2049 udp nfs unknown
2867185.2.4.98 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 300 allowed.\x0d\x0a220-Local time is now 17:27. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 60 seconds of inactivity.\x0d\x0a
2868185.2.4.98 25 tcp smtp closed
2869185.2.4.98 53 tcp domain filtered
2870185.2.4.98 53 udp domain unknown
2871185.2.4.98 67 tcp dhcps filtered
2872185.2.4.98 67 udp dhcps unknown
2873185.2.4.98 68 tcp dhcpc filtered
2874185.2.4.98 68 udp dhcpc unknown
2875185.2.4.98 69 tcp tftp filtered
2876185.2.4.98 69 udp tftp unknown
2877185.2.4.98 88 tcp kerberos-sec filtered
2878185.2.4.98 88 udp kerberos-sec unknown
2879185.2.4.98 123 tcp ntp filtered
2880185.2.4.98 123 udp ntp unknown
2881185.2.4.98 137 tcp netbios-ns filtered
2882185.2.4.98 137 udp netbios-ns filtered
2883185.2.4.98 138 tcp netbios-dgm filtered
2884185.2.4.98 138 udp netbios-dgm filtered
2885185.2.4.98 139 tcp netbios-ssn closed
2886185.2.4.98 139 udp netbios-ssn unknown
2887185.2.4.98 161 tcp snmp filtered
2888185.2.4.98 161 udp snmp unknown
2889185.2.4.98 162 tcp snmptrap filtered
2890185.2.4.98 162 udp snmptrap unknown
2891185.2.4.98 389 tcp ldap filtered
2892185.2.4.98 389 udp ldap unknown
2893185.2.4.98 445 tcp microsoft-ds closed
2894185.2.4.98 520 tcp efs filtered
2895185.2.4.98 520 udp route unknown
2896185.2.4.98 2049 tcp nfs filtered
2897185.2.4.98 2049 udp nfs unknown
2898185.68.93.22 22 tcp ssh open SSH-2.0-OpenSSH_5.3
2899185.68.93.22 53 tcp domain closed
2900185.68.93.22 53 udp domain unknown
2901185.68.93.22 67 tcp dhcps closed
2902185.68.93.22 67 udp dhcps closed
2903185.68.93.22 68 tcp dhcpc closed
2904185.68.93.22 68 udp dhcpc closed
2905185.68.93.22 69 tcp tftp closed
2906185.68.93.22 69 udp tftp unknown
2907185.68.93.22 88 tcp kerberos-sec closed
2908185.68.93.22 88 udp kerberos-sec unknown
2909185.68.93.22 123 tcp ntp closed
2910185.68.93.22 123 udp ntp closed
2911185.68.93.22 137 tcp netbios-ns closed
2912185.68.93.22 137 udp netbios-ns filtered
2913185.68.93.22 138 tcp netbios-dgm closed
2914185.68.93.22 138 udp netbios-dgm filtered
2915185.68.93.22 139 tcp netbios-ssn closed
2916185.68.93.22 139 udp netbios-ssn closed
2917185.68.93.22 161 tcp snmp closed
2918185.68.93.22 161 udp snmp unknown
2919185.68.93.22 162 tcp snmptrap closed
2920185.68.93.22 162 udp snmptrap closed
2921185.68.93.22 389 tcp ldap closed
2922185.68.93.22 389 udp ldap unknown
2923185.68.93.22 520 tcp efs closed
2924185.68.93.22 520 udp route unknown
2925185.68.93.22 2049 tcp nfs closed
2926185.68.93.22 2049 udp nfs closed
2927185.119.173.237 25 tcp smtp closed
2928185.119.173.237 53 tcp domain filtered
2929185.119.173.237 53 udp domain unknown
2930185.119.173.237 67 tcp dhcps filtered
2931185.119.173.237 67 udp dhcps unknown
2932185.119.173.237 68 tcp dhcpc filtered
2933185.119.173.237 68 udp dhcpc unknown
2934185.119.173.237 69 tcp tftp filtered
2935185.119.173.237 69 udp tftp unknown
2936185.119.173.237 80 tcp http open Apache httpd
2937185.119.173.237 88 tcp kerberos-sec filtered
2938185.119.173.237 88 udp kerberos-sec unknown
2939185.119.173.237 123 tcp ntp filtered
2940185.119.173.237 123 udp ntp unknown
2941185.119.173.237 137 tcp netbios-ns filtered
2942185.119.173.237 137 udp netbios-ns filtered
2943185.119.173.237 138 tcp netbios-dgm filtered
2944185.119.173.237 138 udp netbios-dgm filtered
2945185.119.173.237 139 tcp netbios-ssn closed
2946185.119.173.237 139 udp netbios-ssn unknown
2947185.119.173.237 161 tcp snmp filtered
2948185.119.173.237 161 udp snmp unknown
2949185.119.173.237 162 tcp snmptrap filtered
2950185.119.173.237 162 udp snmptrap unknown
2951185.119.173.237 389 tcp ldap filtered
2952185.119.173.237 389 udp ldap unknown
2953185.119.173.237 443 tcp ssl/http open Apache httpd
2954185.119.173.237 445 tcp microsoft-ds closed
2955185.119.173.237 520 tcp efs filtered
2956185.119.173.237 520 udp route unknown
2957185.119.173.237 2049 tcp nfs filtered
2958185.119.173.237 2049 udp nfs unknown
2959186.67.91.110 25 tcp smtp closed
2960186.67.91.110 53 tcp domain filtered
2961186.67.91.110 53 udp domain unknown
2962186.67.91.110 67 tcp dhcps filtered
2963186.67.91.110 67 udp dhcps unknown
2964186.67.91.110 68 tcp dhcpc filtered
2965186.67.91.110 68 udp dhcpc unknown
2966186.67.91.110 69 tcp tftp filtered
2967186.67.91.110 69 udp tftp unknown
2968186.67.91.110 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
2969186.67.91.110 88 tcp kerberos-sec filtered
2970186.67.91.110 88 udp kerberos-sec unknown
2971186.67.91.110 123 tcp ntp filtered
2972186.67.91.110 123 udp ntp unknown
2973186.67.91.110 137 tcp netbios-ns filtered
2974186.67.91.110 137 udp netbios-ns filtered
2975186.67.91.110 138 tcp netbios-dgm filtered
2976186.67.91.110 138 udp netbios-dgm filtered
2977186.67.91.110 139 tcp netbios-ssn closed
2978186.67.91.110 139 udp netbios-ssn unknown
2979186.67.91.110 161 tcp snmp filtered
2980186.67.91.110 161 udp snmp unknown
2981186.67.91.110 162 tcp snmptrap filtered
2982186.67.91.110 162 udp snmptrap unknown
2983186.67.91.110 389 tcp ldap filtered
2984186.67.91.110 389 udp ldap unknown
2985186.67.91.110 443 tcp ssl/https open
2986186.67.91.110 445 tcp microsoft-ds closed
2987186.67.91.110 520 tcp efs filtered
2988186.67.91.110 520 udp route unknown
2989186.67.91.110 2049 tcp nfs filtered
2990186.67.91.110 2049 udp nfs unknown
2991192.0.78.12 25 tcp smtp closed
2992192.0.78.12 53 tcp domain filtered
2993192.0.78.12 53 udp domain unknown
2994192.0.78.12 67 tcp dhcps filtered
2995192.0.78.12 67 udp dhcps unknown
2996192.0.78.12 68 tcp dhcpc filtered
2997192.0.78.12 68 udp dhcpc unknown
2998192.0.78.12 69 tcp tftp filtered
2999192.0.78.12 69 udp tftp unknown
3000192.0.78.12 80 tcp http open nginx
3001192.0.78.12 88 tcp kerberos-sec filtered
3002192.0.78.12 88 udp kerberos-sec unknown
3003192.0.78.12 123 tcp ntp filtered
3004192.0.78.12 123 udp ntp unknown
3005192.0.78.12 137 tcp netbios-ns filtered
3006192.0.78.12 137 udp netbios-ns filtered
3007192.0.78.12 138 tcp netbios-dgm filtered
3008192.0.78.12 138 udp netbios-dgm filtered
3009192.0.78.12 139 tcp netbios-ssn closed
3010192.0.78.12 139 udp netbios-ssn unknown
3011192.0.78.12 161 tcp snmp filtered
3012192.0.78.12 161 udp snmp unknown
3013192.0.78.12 162 tcp snmptrap filtered
3014192.0.78.12 162 udp snmptrap unknown
3015192.0.78.12 389 tcp ldap filtered
3016192.0.78.12 389 udp ldap unknown
3017192.0.78.12 443 tcp ssl/http open nginx
3018192.0.78.12 445 tcp microsoft-ds closed
3019192.0.78.12 520 tcp efs filtered
3020192.0.78.12 520 udp route unknown
3021192.0.78.12 2049 tcp nfs filtered
3022192.0.78.12 2049 udp nfs unknown
3023192.0.78.13 25 tcp smtp closed
3024192.0.78.13 53 tcp domain filtered
3025192.0.78.13 53 udp domain unknown
3026192.0.78.13 67 tcp dhcps filtered
3027192.0.78.13 67 udp dhcps unknown
3028192.0.78.13 68 tcp dhcpc filtered
3029192.0.78.13 68 udp dhcpc unknown
3030192.0.78.13 69 tcp tftp filtered
3031192.0.78.13 69 udp tftp unknown
3032192.0.78.13 80 tcp http open nginx
3033192.0.78.13 88 tcp kerberos-sec filtered
3034192.0.78.13 88 udp kerberos-sec unknown
3035192.0.78.13 123 tcp ntp filtered
3036192.0.78.13 123 udp ntp unknown
3037192.0.78.13 137 tcp netbios-ns filtered
3038192.0.78.13 137 udp netbios-ns filtered
3039192.0.78.13 138 tcp netbios-dgm filtered
3040192.0.78.13 138 udp netbios-dgm filtered
3041192.0.78.13 139 tcp netbios-ssn closed
3042192.0.78.13 139 udp netbios-ssn unknown
3043192.0.78.13 161 tcp snmp filtered
3044192.0.78.13 161 udp snmp unknown
3045192.0.78.13 162 tcp snmptrap filtered
3046192.0.78.13 162 udp snmptrap unknown
3047192.0.78.13 389 tcp ldap filtered
3048192.0.78.13 389 udp ldap unknown
3049192.0.78.13 443 tcp ssl/http open nginx
3050192.0.78.13 445 tcp microsoft-ds closed
3051192.0.78.13 520 tcp efs filtered
3052192.0.78.13 520 udp route unknown
3053192.0.78.13 2049 tcp nfs filtered
3054192.0.78.13 2049 udp nfs unknown
3055194.18.73.2 25 tcp smtp closed
3056194.18.73.2 53 tcp domain filtered
3057194.18.73.2 53 udp domain unknown
3058194.18.73.2 67 tcp dhcps filtered
3059194.18.73.2 67 udp dhcps unknown
3060194.18.73.2 68 tcp dhcpc filtered
3061194.18.73.2 68 udp dhcpc unknown
3062194.18.73.2 69 tcp tftp filtered
3063194.18.73.2 69 udp tftp unknown
3064194.18.73.2 80 tcp http-proxy open HAProxy http proxy 1.3.1 or later
3065194.18.73.2 88 tcp kerberos-sec filtered
3066194.18.73.2 88 udp kerberos-sec unknown
3067194.18.73.2 113 tcp ident closed
3068194.18.73.2 123 tcp ntp filtered
3069194.18.73.2 123 udp ntp unknown
3070194.18.73.2 137 tcp netbios-ns filtered
3071194.18.73.2 137 udp netbios-ns filtered
3072194.18.73.2 138 tcp netbios-dgm filtered
3073194.18.73.2 138 udp netbios-dgm filtered
3074194.18.73.2 139 tcp netbios-ssn closed
3075194.18.73.2 139 udp netbios-ssn unknown
3076194.18.73.2 161 tcp snmp filtered
3077194.18.73.2 161 udp snmp unknown
3078194.18.73.2 162 tcp snmptrap filtered
3079194.18.73.2 162 udp snmptrap unknown
3080194.18.73.2 389 tcp ldap filtered
3081194.18.73.2 389 udp ldap unknown
3082194.18.73.2 443 tcp ssl/http-proxy open HAProxy http proxy 1.3.1 or later
3083194.18.73.2 445 tcp microsoft-ds closed
3084194.18.73.2 520 tcp efs filtered
3085194.18.73.2 520 udp route closed
3086194.18.73.2 2049 tcp nfs filtered
3087194.18.73.2 2049 udp nfs unknown
3088194.39.164.140 21 tcp ftp open ProFTPD
3089194.39.164.140 53 tcp domain filtered
3090194.39.164.140 53 udp domain unknown
3091194.39.164.140 67 tcp dhcps filtered
3092194.39.164.140 67 udp dhcps unknown
3093194.39.164.140 68 tcp dhcpc filtered
3094194.39.164.140 68 udp dhcpc unknown
3095194.39.164.140 69 tcp tftp filtered
3096194.39.164.140 69 udp tftp unknown
3097194.39.164.140 80 tcp http open nginx
3098194.39.164.140 88 tcp kerberos-sec filtered
3099194.39.164.140 88 udp kerberos-sec unknown
3100194.39.164.140 110 tcp pop3 open Courier pop3d
3101194.39.164.140 123 tcp ntp filtered
3102194.39.164.140 123 udp ntp unknown
3103194.39.164.140 137 tcp netbios-ns filtered
3104194.39.164.140 137 udp netbios-ns filtered
3105194.39.164.140 138 tcp netbios-dgm filtered
3106194.39.164.140 138 udp netbios-dgm filtered
3107194.39.164.140 139 tcp netbios-ssn closed
3108194.39.164.140 139 udp netbios-ssn unknown
3109194.39.164.140 161 tcp snmp filtered
3110194.39.164.140 161 udp snmp unknown
3111194.39.164.140 162 tcp snmptrap filtered
3112194.39.164.140 162 udp snmptrap unknown
3113194.39.164.140 389 tcp ldap filtered
3114194.39.164.140 389 udp ldap unknown
3115194.39.164.140 443 tcp ssl/http open nginx
3116194.39.164.140 465 tcp ssl/smtps open
3117194.39.164.140 520 tcp efs filtered
3118194.39.164.140 520 udp route unknown
3119194.39.164.140 587 tcp smtp open Postfix smtpd
3120194.39.164.140 993 tcp ssl/imaps open
3121194.39.164.140 2020 tcp ssh open OpenSSH 7.4 protocol 2.0
3122194.39.164.140 2049 tcp nfs filtered
3123194.39.164.140 2049 udp nfs unknown
3124194.39.164.140 8443 tcp ssl/https-alt open sw-cp-server
3125194.39.164.140 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
3126200.14.67.43 25 tcp smtp closed
3127200.14.67.43 53 tcp domain filtered
3128200.14.67.43 53 udp domain unknown
3129200.14.67.43 67 tcp dhcps filtered
3130200.14.67.43 67 udp dhcps unknown
3131200.14.67.43 68 tcp dhcpc filtered
3132200.14.67.43 68 udp dhcpc unknown
3133200.14.67.43 69 tcp tftp filtered
3134200.14.67.43 69 udp tftp unknown
3135200.14.67.43 80 tcp http open nginx 1.16.1 Ubuntu
3136200.14.67.43 88 tcp kerberos-sec filtered
3137200.14.67.43 88 udp kerberos-sec unknown
3138200.14.67.43 123 tcp ntp filtered
3139200.14.67.43 123 udp ntp unknown
3140200.14.67.43 137 tcp netbios-ns filtered
3141200.14.67.43 137 udp netbios-ns filtered
3142200.14.67.43 138 tcp netbios-dgm filtered
3143200.14.67.43 138 udp netbios-dgm filtered
3144200.14.67.43 139 tcp netbios-ssn closed
3145200.14.67.43 139 udp netbios-ssn unknown
3146200.14.67.43 161 tcp snmp filtered
3147200.14.67.43 161 udp snmp unknown
3148200.14.67.43 162 tcp snmptrap filtered
3149200.14.67.43 162 udp snmptrap unknown
3150200.14.67.43 389 tcp ldap filtered
3151200.14.67.43 389 udp ldap unknown
3152200.14.67.43 443 tcp ssl/http open nginx 1.16.1 Ubuntu
3153200.14.67.43 445 tcp microsoft-ds closed
3154200.14.67.43 520 tcp efs filtered
3155200.14.67.43 520 udp route unknown
3156200.14.67.43 2049 tcp nfs filtered
3157200.14.67.43 2049 udp nfs unknown
3158200.14.67.65 25 tcp smtp closed
3159200.14.67.65 53 tcp domain filtered
3160200.14.67.65 53 udp domain unknown
3161200.14.67.65 67 tcp dhcps filtered
3162200.14.67.65 67 udp dhcps unknown
3163200.14.67.65 68 tcp dhcpc filtered
3164200.14.67.65 68 udp dhcpc unknown
3165200.14.67.65 69 tcp tftp filtered
3166200.14.67.65 69 udp tftp unknown
3167200.14.67.65 80 tcp http open nginx 1.16.1 Ubuntu
3168200.14.67.65 88 tcp kerberos-sec filtered
3169200.14.67.65 88 udp kerberos-sec unknown
3170200.14.67.65 123 tcp ntp filtered
3171200.14.67.65 123 udp ntp unknown
3172200.14.67.65 137 tcp netbios-ns filtered
3173200.14.67.65 137 udp netbios-ns filtered
3174200.14.67.65 138 tcp netbios-dgm filtered
3175200.14.67.65 138 udp netbios-dgm filtered
3176200.14.67.65 139 tcp netbios-ssn closed
3177200.14.67.65 139 udp netbios-ssn unknown
3178200.14.67.65 161 tcp snmp filtered
3179200.14.67.65 161 udp snmp unknown
3180200.14.67.65 162 tcp snmptrap filtered
3181200.14.67.65 162 udp snmptrap unknown
3182200.14.67.65 389 tcp ldap filtered
3183200.14.67.65 389 udp ldap unknown
3184200.14.67.65 443 tcp ssl/http open nginx 1.16.1 Ubuntu
3185200.14.67.65 445 tcp microsoft-ds closed
3186200.14.67.65 520 tcp efs filtered
3187200.14.67.65 520 udp route unknown
3188200.14.67.65 2049 tcp nfs filtered
3189200.14.67.65 2049 udp nfs unknown
3190200.35.157.77 53 tcp domain filtered
3191200.35.157.77 53 udp domain unknown
3192200.35.157.77 67 tcp dhcps filtered
3193200.35.157.77 67 udp dhcps unknown
3194200.35.157.77 68 tcp dhcpc filtered
3195200.35.157.77 68 udp dhcpc unknown
3196200.35.157.77 69 tcp tftp filtered
3197200.35.157.77 69 udp tftp unknown
3198200.35.157.77 88 tcp kerberos-sec filtered
3199200.35.157.77 88 udp kerberos-sec unknown
3200200.35.157.77 123 tcp ntp filtered
3201200.35.157.77 123 udp ntp unknown
3202200.35.157.77 137 tcp netbios-ns filtered
3203200.35.157.77 137 udp netbios-ns filtered
3204200.35.157.77 138 tcp netbios-dgm filtered
3205200.35.157.77 138 udp netbios-dgm filtered
3206200.35.157.77 139 tcp netbios-ssn closed
3207200.35.157.77 139 udp netbios-ssn unknown
3208200.35.157.77 161 tcp snmp filtered
3209200.35.157.77 161 udp snmp unknown
3210200.35.157.77 162 tcp snmptrap filtered
3211200.35.157.77 162 udp snmptrap unknown
3212200.35.157.77 389 tcp ldap filtered
3213200.35.157.77 389 udp ldap unknown
3214200.35.157.77 520 tcp efs filtered
3215200.35.157.77 520 udp route unknown
3216200.35.157.77 2049 tcp nfs filtered
3217200.35.157.77 2049 udp nfs unknown
3218201.131.38.40 25 tcp smtp closed
3219201.131.38.40 53 tcp domain filtered
3220201.131.38.40 53 udp domain unknown
3221201.131.38.40 67 tcp dhcps filtered
3222201.131.38.40 67 udp dhcps unknown
3223201.131.38.40 68 tcp dhcpc filtered
3224201.131.38.40 68 udp dhcpc unknown
3225201.131.38.40 69 tcp tftp filtered
3226201.131.38.40 69 udp tftp unknown
3227201.131.38.40 80 tcp http open Apache httpd
3228201.131.38.40 88 tcp kerberos-sec filtered
3229201.131.38.40 88 udp kerberos-sec unknown
3230201.131.38.40 123 tcp ntp filtered
3231201.131.38.40 123 udp ntp unknown
3232201.131.38.40 137 tcp netbios-ns filtered
3233201.131.38.40 137 udp netbios-ns filtered
3234201.131.38.40 138 tcp netbios-dgm filtered
3235201.131.38.40 138 udp netbios-dgm filtered
3236201.131.38.40 139 tcp netbios-ssn closed
3237201.131.38.40 139 udp netbios-ssn unknown
3238201.131.38.40 161 tcp snmp filtered
3239201.131.38.40 161 udp snmp unknown
3240201.131.38.40 162 tcp snmptrap filtered
3241201.131.38.40 162 udp snmptrap unknown
3242201.131.38.40 389 tcp ldap filtered
3243201.131.38.40 389 udp ldap unknown
3244201.131.38.40 443 tcp ssl/http open Apache httpd
3245201.131.38.40 445 tcp microsoft-ds closed
3246201.131.38.40 520 tcp efs filtered
3247201.131.38.40 520 udp route unknown
3248201.131.38.40 2049 tcp nfs filtered
3249201.131.38.40 2049 udp nfs unknown
3250201.238.246.43 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 05:39. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
3251201.238.246.43 25 tcp smtp closed
3252201.238.246.43 53 tcp domain filtered
3253201.238.246.43 53 udp domain unknown
3254201.238.246.43 67 tcp dhcps filtered
3255201.238.246.43 67 udp dhcps unknown
3256201.238.246.43 68 tcp dhcpc filtered
3257201.238.246.43 68 udp dhcpc unknown
3258201.238.246.43 69 tcp tftp filtered
3259201.238.246.43 69 udp tftp unknown
3260201.238.246.43 88 tcp kerberos-sec filtered
3261201.238.246.43 88 udp kerberos-sec unknown
3262201.238.246.43 113 tcp ident closed
3263201.238.246.43 123 tcp ntp filtered
3264201.238.246.43 123 udp ntp unknown
3265201.238.246.43 137 tcp netbios-ns filtered
3266201.238.246.43 137 udp netbios-ns filtered
3267201.238.246.43 138 tcp netbios-dgm filtered
3268201.238.246.43 138 udp netbios-dgm filtered
3269201.238.246.43 139 tcp netbios-ssn closed
3270201.238.246.43 139 udp netbios-ssn unknown
3271201.238.246.43 161 tcp snmp filtered
3272201.238.246.43 161 udp snmp unknown
3273201.238.246.43 162 tcp snmptrap filtered
3274201.238.246.43 162 udp snmptrap unknown
3275201.238.246.43 389 tcp ldap filtered
3276201.238.246.43 389 udp ldap unknown
3277201.238.246.43 445 tcp microsoft-ds closed
3278201.238.246.43 520 tcp efs filtered
3279201.238.246.43 520 udp route unknown
3280201.238.246.43 2049 tcp nfs filtered
3281201.238.246.43 2049 udp nfs unknown
3282202.214.194.138 25 tcp smtp closed
3283202.214.194.138 53 tcp domain filtered
3284202.214.194.138 53 udp domain unknown
3285202.214.194.138 67 tcp dhcps filtered
3286202.214.194.138 67 udp dhcps unknown
3287202.214.194.138 68 tcp dhcpc filtered
3288202.214.194.138 68 udp dhcpc unknown
3289202.214.194.138 69 tcp tftp filtered
3290202.214.194.138 69 udp tftp unknown
3291202.214.194.138 80 tcp http open
3292202.214.194.138 88 tcp kerberos-sec filtered
3293202.214.194.138 88 udp kerberos-sec unknown
3294202.214.194.138 123 tcp ntp filtered
3295202.214.194.138 123 udp ntp unknown
3296202.214.194.138 137 tcp netbios-ns filtered
3297202.214.194.138 137 udp netbios-ns filtered
3298202.214.194.138 138 tcp netbios-dgm filtered
3299202.214.194.138 138 udp netbios-dgm filtered
3300202.214.194.138 139 tcp netbios-ssn closed
3301202.214.194.138 139 udp netbios-ssn unknown
3302202.214.194.138 161 tcp snmp filtered
3303202.214.194.138 161 udp snmp unknown
3304202.214.194.138 162 tcp snmptrap filtered
3305202.214.194.138 162 udp snmptrap unknown
3306202.214.194.138 389 tcp ldap filtered
3307202.214.194.138 389 udp ldap unknown
3308202.214.194.138 443 tcp ssl/https open
3309202.214.194.138 445 tcp microsoft-ds closed
3310202.214.194.138 520 tcp efs filtered
3311202.214.194.138 520 udp route unknown
3312202.214.194.138 2049 tcp nfs filtered
3313202.214.194.138 2049 udp nfs unknown
3314202.238.130.103 25 tcp smtp closed
3315202.238.130.103 53 tcp domain filtered
3316202.238.130.103 53 udp domain unknown
3317202.238.130.103 67 tcp dhcps filtered
3318202.238.130.103 67 udp dhcps unknown
3319202.238.130.103 68 tcp dhcpc filtered
3320202.238.130.103 68 udp dhcpc unknown
3321202.238.130.103 69 tcp tftp filtered
3322202.238.130.103 69 udp tftp unknown
3323202.238.130.103 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
3324202.238.130.103 88 tcp kerberos-sec filtered
3325202.238.130.103 88 udp kerberos-sec unknown
3326202.238.130.103 113 tcp ident closed
3327202.238.130.103 123 tcp ntp filtered
3328202.238.130.103 123 udp ntp unknown
3329202.238.130.103 137 tcp netbios-ns filtered
3330202.238.130.103 137 udp netbios-ns filtered
3331202.238.130.103 138 tcp netbios-dgm filtered
3332202.238.130.103 138 udp netbios-dgm filtered
3333202.238.130.103 139 tcp netbios-ssn closed
3334202.238.130.103 139 udp netbios-ssn unknown
3335202.238.130.103 161 tcp snmp filtered
3336202.238.130.103 161 udp snmp unknown
3337202.238.130.103 162 tcp snmptrap filtered
3338202.238.130.103 162 udp snmptrap unknown
3339202.238.130.103 389 tcp ldap filtered
3340202.238.130.103 389 udp ldap unknown
3341202.238.130.103 443 tcp ssl/http open Apache httpd
3342202.238.130.103 445 tcp microsoft-ds closed
3343202.238.130.103 520 tcp efs filtered
3344202.238.130.103 520 udp route unknown
3345202.238.130.103 2049 tcp nfs filtered
3346202.238.130.103 2049 udp nfs unknown
3347202.238.130.103 8008 tcp http open
3348203.137.110.66 21 tcp ftp open 220 203.137.110.66 FTP server ready\x0d\x0a
3349203.183.218.244 21 tcp ftp open 220 203.183.218.130 FTP server ready\x0d\x0a
3350209.59.165.178 25 tcp smtp closed
3351209.59.165.178 53 tcp domain filtered PowerDNS Authoritative Server 4.1.10
3352209.59.165.178 53 udp domain unknown PowerDNS Authoritative Server 4.1.10
3353209.59.165.178 67 tcp dhcps filtered
3354209.59.165.178 67 udp dhcps unknown
3355209.59.165.178 68 tcp dhcpc filtered
3356209.59.165.178 68 udp dhcpc unknown
3357209.59.165.178 69 tcp tftp filtered
3358209.59.165.178 69 udp tftp unknown
3359209.59.165.178 88 tcp kerberos-sec filtered
3360209.59.165.178 88 udp kerberos-sec unknown
3361209.59.165.178 123 tcp ntp filtered
3362209.59.165.178 123 udp ntp unknown
3363209.59.165.178 137 tcp netbios-ns filtered
3364209.59.165.178 137 udp netbios-ns filtered
3365209.59.165.178 138 tcp netbios-dgm filtered
3366209.59.165.178 138 udp netbios-dgm filtered
3367209.59.165.178 139 tcp netbios-ssn closed
3368209.59.165.178 139 udp netbios-ssn unknown
3369209.59.165.178 161 tcp snmp filtered
3370209.59.165.178 161 udp snmp unknown
3371209.59.165.178 162 tcp snmptrap filtered
3372209.59.165.178 162 udp snmptrap unknown
3373209.59.165.178 389 tcp ldap filtered
3374209.59.165.178 389 udp ldap unknown
3375209.59.165.178 445 tcp microsoft-ds closed
3376209.59.165.178 520 tcp efs filtered
3377209.59.165.178 520 udp route unknown
3378209.59.165.178 2049 tcp nfs filtered
3379209.59.165.178 2049 udp nfs unknown
3380210.149.141.34 53 tcp domain filtered
3381210.149.141.34 53 udp domain unknown
3382210.149.141.34 67 tcp dhcps filtered
3383210.149.141.34 67 udp dhcps unknown
3384210.149.141.34 68 tcp dhcpc filtered
3385210.149.141.34 68 udp dhcpc unknown
3386210.149.141.34 69 tcp tftp filtered
3387210.149.141.34 69 udp tftp unknown
3388210.149.141.34 88 tcp kerberos-sec filtered
3389210.149.141.34 88 udp kerberos-sec unknown
3390210.149.141.34 123 tcp ntp filtered
3391210.149.141.34 123 udp ntp unknown
3392210.149.141.34 137 tcp netbios-ns filtered
3393210.149.141.34 137 udp netbios-ns filtered
3394210.149.141.34 138 tcp netbios-dgm filtered
3395210.149.141.34 138 udp netbios-dgm filtered
3396210.149.141.34 139 tcp netbios-ssn closed
3397210.149.141.34 139 udp netbios-ssn unknown
3398210.149.141.34 161 tcp snmp filtered
3399210.149.141.34 161 udp snmp unknown
3400210.149.141.34 162 tcp snmptrap filtered
3401210.149.141.34 162 udp snmptrap unknown
3402210.149.141.34 389 tcp ldap filtered
3403210.149.141.34 389 udp ldap unknown
3404210.149.141.34 520 tcp efs filtered
3405210.149.141.34 520 udp route unknown
3406210.149.141.34 2049 tcp nfs filtered
3407210.149.141.34 2049 udp nfs unknown
3408210.152.243.182 21 tcp ftp open 220 (vsFTPd 2.2.2)\x0d\x0a
3409210.160.220.105 53 tcp domain closed
3410210.160.220.105 53 udp domain unknown
3411210.160.220.105 67 tcp dhcps closed
3412210.160.220.105 67 udp dhcps unknown
3413210.160.220.105 68 tcp dhcpc closed
3414210.160.220.105 68 udp dhcpc unknown
3415210.160.220.105 69 tcp tftp filtered
3416210.160.220.105 69 udp tftp unknown
3417210.160.220.105 88 tcp kerberos-sec closed
3418210.160.220.105 88 udp kerberos-sec unknown
3419210.160.220.105 123 tcp ntp filtered
3420210.160.220.105 123 udp ntp unknown
3421210.160.220.105 137 tcp netbios-ns closed
3422210.160.220.105 137 udp netbios-ns filtered
3423210.160.220.105 138 tcp netbios-dgm closed
3424210.160.220.105 138 udp netbios-dgm filtered
3425210.160.220.105 139 tcp netbios-ssn closed
3426210.160.220.105 139 udp netbios-ssn unknown
3427210.160.220.105 161 tcp snmp closed
3428210.160.220.105 161 udp snmp unknown
3429210.160.220.105 162 tcp snmptrap filtered
3430210.160.220.105 162 udp snmptrap unknown
3431210.160.220.105 389 tcp ldap closed
3432210.160.220.105 389 udp ldap unknown
3433210.160.220.105 520 tcp efs closed
3434210.160.220.105 520 udp route unknown
3435210.160.220.105 2049 tcp nfs closed
3436210.160.220.105 2049 udp nfs unknown
3437210.160.220.113 53 tcp domain closed
3438210.160.220.113 53 udp domain unknown
3439210.160.220.113 67 tcp dhcps closed
3440210.160.220.113 67 udp dhcps unknown
3441210.160.220.113 68 tcp dhcpc closed
3442210.160.220.113 68 udp dhcpc unknown
3443210.160.220.113 69 tcp tftp closed
3444210.160.220.113 69 udp tftp unknown
3445210.160.220.113 88 tcp kerberos-sec filtered
3446210.160.220.113 88 udp kerberos-sec unknown
3447210.160.220.113 123 tcp ntp filtered
3448210.160.220.113 123 udp ntp unknown
3449210.160.220.113 137 tcp netbios-ns closed
3450210.160.220.113 137 udp netbios-ns filtered
3451210.160.220.113 138 tcp netbios-dgm closed
3452210.160.220.113 138 udp netbios-dgm filtered
3453210.160.220.113 139 tcp netbios-ssn closed
3454210.160.220.113 139 udp netbios-ssn unknown
3455210.160.220.113 161 tcp snmp closed
3456210.160.220.113 161 udp snmp unknown
3457210.160.220.113 162 tcp snmptrap closed
3458210.160.220.113 162 udp snmptrap unknown
3459210.160.220.113 389 tcp ldap filtered
3460210.160.220.113 389 udp ldap unknown
3461210.160.220.113 520 tcp efs closed
3462210.160.220.113 520 udp route unknown
3463210.160.220.113 2049 tcp nfs closed
3464210.160.220.113 2049 udp nfs unknown
3465210.226.36.2 25 tcp smtp closed
3466210.226.36.2 53 tcp domain filtered
3467210.226.36.2 53 udp domain unknown
3468210.226.36.2 67 tcp dhcps filtered
3469210.226.36.2 67 udp dhcps unknown
3470210.226.36.2 68 tcp dhcpc filtered
3471210.226.36.2 68 udp dhcpc unknown
3472210.226.36.2 69 tcp tftp filtered
3473210.226.36.2 69 udp tftp unknown
3474210.226.36.2 80 tcp http open Apache httpd 1.3.41 (Unix) PHP/3.0.18-i18n-ja-3
3475210.226.36.2 88 tcp kerberos-sec filtered
3476210.226.36.2 88 udp kerberos-sec unknown
3477210.226.36.2 123 tcp ntp filtered
3478210.226.36.2 123 udp ntp unknown
3479210.226.36.2 137 tcp netbios-ns filtered
3480210.226.36.2 137 udp netbios-ns filtered
3481210.226.36.2 138 tcp netbios-dgm filtered
3482210.226.36.2 138 udp netbios-dgm filtered
3483210.226.36.2 139 tcp netbios-ssn closed
3484210.226.36.2 139 udp netbios-ssn unknown
3485210.226.36.2 161 tcp snmp filtered
3486210.226.36.2 161 udp snmp unknown
3487210.226.36.2 162 tcp snmptrap filtered
3488210.226.36.2 162 udp snmptrap unknown
3489210.226.36.2 389 tcp ldap filtered
3490210.226.36.2 389 udp ldap unknown
3491210.226.36.2 445 tcp microsoft-ds closed
3492210.226.36.2 520 tcp efs filtered
3493210.226.36.2 520 udp route unknown
3494210.226.36.2 2049 tcp nfs filtered
3495210.226.36.2 2049 udp nfs unknown
3496217.160.131.142 21 tcp ftp open ProFTPD
3497217.160.131.142 22 tcp ssh open OpenSSH 5.3 protocol 2.0
3498217.160.131.142 53 tcp domain closed
3499217.160.131.142 53 udp domain unknown
3500217.160.131.142 67 tcp dhcps closed
3501217.160.131.142 67 udp dhcps unknown
3502217.160.131.142 68 tcp dhcpc closed
3503217.160.131.142 68 udp dhcpc closed
3504217.160.131.142 69 tcp tftp closed
3505217.160.131.142 69 udp tftp unknown
3506217.160.131.142 80 tcp http open Apache httpd PleskLin
3507217.160.131.142 88 tcp kerberos-sec closed
3508217.160.131.142 88 udp kerberos-sec unknown
3509217.160.131.142 123 tcp ntp closed
3510217.160.131.142 123 udp ntp unknown
3511217.160.131.142 137 tcp netbios-ns closed
3512217.160.131.142 137 udp netbios-ns filtered
3513217.160.131.142 138 tcp netbios-dgm closed
3514217.160.131.142 138 udp netbios-dgm filtered
3515217.160.131.142 139 tcp netbios-ssn closed
3516217.160.131.142 139 udp netbios-ssn closed
3517217.160.131.142 161 tcp snmp closed
3518217.160.131.142 161 udp snmp unknown
3519217.160.131.142 162 tcp snmptrap closed
3520217.160.131.142 162 udp snmptrap closed
3521217.160.131.142 389 tcp ldap closed
3522217.160.131.142 389 udp ldap closed
3523217.160.131.142 443 tcp ssl/http open Apache httpd PleskLin
3524217.160.131.142 520 tcp efs closed
3525217.160.131.142 520 udp route unknown
3526217.160.131.142 2049 tcp nfs closed
3527217.160.131.142 2049 udp nfs closed
3528217.160.131.142 3306 tcp mysql open MySQL 5.1.73
3529217.160.131.142 4643 tcp ssl/http open Apache httpd
3530217.160.131.142 8443 tcp ssl/http open sw-cp-server httpd Plesk Onyx 17.8.11
3531217.160.131.142 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
3532###################################################################################################################################
3533Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 07:27 EST
3534Nmap scan report for 141.105.65.111
3535Host is up (0.18s latency).
3536Not shown: 985 filtered ports
3537PORT STATE SERVICE VERSION
353820/tcp closed ftp-data
353921/tcp open ftp Pure-FTPd
3540| vulscan: VulDB - https://vuldb.com:
3541| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
3542| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
3543| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
3544|
3545| MITRE CVE - https://cve.mitre.org:
3546| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
3547|
3548| SecurityFocus - https://www.securityfocus.com/bid/:
3549| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
3550|
3551| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3552| No findings
3553|
3554| Exploit-DB - https://www.exploit-db.com:
3555| No findings
3556|
3557| OpenVAS (Nessus) - http://www.openvas.org:
3558| No findings
3559|
3560| SecurityTracker - https://www.securitytracker.com:
3561| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
3562| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
3563| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
3564| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
3565|
3566| OSVDB - http://www.osvdb.org:
3567| No findings
3568|_
356922/tcp closed ssh
357025/tcp closed smtp
357153/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
3572| vulscan: VulDB - https://vuldb.com:
3573| [93249] ISC BIND up to 9.8.x/9.9.9-P3/9.9.9-S5/9.10.4-P3/9.11.0 DNAME Response db.c denial of service
3574| [93015] ISC BIND up to 9.8.4/9.9.2 Packet Option DNS Packet Crash denial of service
3575| [80354] ISC BIND up to 9.8.8/9.9.8-P2/9.9.8-S3/9.10.3-P2 Address Prefix List apl_42.c denial of service
3576| [77552] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 OpenPGP Key openpgpkey_61.c denial of service
3577| [77551] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 DNSSEC Key buffer.c denial of service
3578| [13184] ISC BIND 9.8.1-P1 Smoothed Round Trip Time Algorithm DNS spoofing
3579| [9946] ISC BIND 9.8.1-P1 SRTT Algorithm privilege escalation
3580| [4443] ISC BIND up to 9.8.x Recursive Query Processor denial of service
3581| [57895] ISC BIND 9.8.0/9.8.1 Crash denial of service
3582| [4357] ISC BIND up to 9.8.x Negative Caching RRSIG RRsets denial of service
3583| [57404] ISC BIND 9.8.0 denial of service
3584| [135686] Bosch Smart Home Controller up to 9.8 Backup information disclosure
3585| [135684] Bosch Smart Home Controller up to 9.8 JSON-RPC Interface information disclosure
3586| [129940] Adobe Connect up to 9.8.1 Session Token information disclosure
3587| [117535] Synacor Zimbra Collaboration up to 8.6.0 Patch 9/8.7.11 Patch 2/8.8.7 mailboxd Error information disclosure
3588| [11371] Cisco ONS 15454 9.8.0 Controller Card denial of service
3589|
3590| MITRE CVE - https://cve.mitre.org:
3591| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
3592| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
3593| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
3594| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
3595| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
3596| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
3597| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
3598| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
3599| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
3600| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
3601| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
3602| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
3603| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
3604| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
3605| [CVE-2010-1567] The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
3606|
3607| SecurityFocus - https://www.securityfocus.com/bid/:
3608| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
3609| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
3610| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
3611| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
3612| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
3613| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
3614| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
3615| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
3616| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
3617| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
3618| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
3619| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
3620| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
3621| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
3622| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
3623| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
3624| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
3625| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
3626| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
3627| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
3628| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
3629| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
3630| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
3631| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
3632| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
3633| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
3634|
3635| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3636| [85799] Cisco Unified IP Phones 9900 Series directory traversal
3637| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
3638| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
3639| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
3640| [9250] BIND 9 dns_message_findtype() denial of service
3641| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
3642| [539] Microsoft Windows 95 and Internet Explorer password disclosure
3643| [86004] ISC BIND RDATA denial of service
3644| [84767] ISC BIND denial of service
3645| [83066] ISC BIND denial of service
3646| [81504] ISC BIND AAAA denial of service
3647| [80510] ISC BIND DNS64 denial of service
3648| [79121] ISC BIND queries denial of service
3649| [78479] ISC BIND RDATA denial of service
3650| [77185] ISC BIND TCP queries denial of service
3651| [77184] ISC BIND bad cache denial of service
3652| [76034] ISC BIND rdata denial of service
3653| [73053] ISC BIND cache update policy security bypass
3654| [71332] ISC BIND recursive queries denial of service
3655| [68375] ISC BIND UPDATE denial of service
3656| [68374] ISC BIND Response Policy Zones denial of service
3657| [67665] ISC BIND RRSIG Rrsets denial of service
3658| [67297] ISC BIND RRSIG denial of service
3659| [65554] ISC BIND IXFR transfer denial of service
3660| [63602] ISC BIND allow-query security bypass
3661| [63596] ISC BIND zone data security bypass
3662| [63595] ISC BIND RRSIG denial of service
3663| [62072] ISC BIND DNSSEC query denial of service
3664| [62071] ISC BIND ACL security bypass
3665| [61871] ISC BIND anchors denial of service
3666| [60421] ISC BIND RRSIG denial of service
3667| [56049] ISC BIND out-of-bailiwick weak security
3668| [55937] ISC Bind unspecified cache poisoning
3669| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
3670| [54416] ISC BIND DNSSEC cache poisoning
3671| [52073] ISC BIND dns_db_findrdataset() denial of service
3672| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
3673| [45234] ISC BIND UDP denial of service
3674| [39670] ISC BIND inet_network buffer overflow
3675| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
3676| [37128] RHSA update for ISC BIND RRset denial of service not installed
3677| [37127] RHSA update for ISC BIND named service denial of service not installed
3678| [36275] ISC BIND DNS query spoofing
3679| [35575] ISC BIND query ID cache poisoning
3680| [35571] ISC BIND ACL security bypass
3681| [31838] ISC BIND RRset denial of service
3682| [31799] ISC BIND named service denial of service
3683| [29876] HP Tru64 ypbind core dump information disclosure
3684| [28745] ISC BIND DNSSEC RRset denial of service
3685| [28744] ISC BIND recursive INSIST denial of service
3686| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
3687| [18836] BIND hostname disclosure
3688| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
3689| [10333] ISC BIND SIG null pointer dereference denial of service
3690| [10332] ISC BIND OPT resource record (RR) denial of service
3691| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
3692| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
3693| [5814] ISC BIND "
3694| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
3695| [5462] ISC BIND AXFR host command remote buffer overflow
3696|
3697| Exploit-DB - https://www.exploit-db.com:
3698| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
3699| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
3700|
3701| OpenVAS (Nessus) - http://www.openvas.org:
3702| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
3703| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
3704| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
3705| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
3706| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
3707| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
3708| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
3709| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
3710| [11226] Oracle 9iAS default error information disclosure
3711|
3712| SecurityTracker - https://www.securitytracker.com:
3713| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
3714| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
3715| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
3716| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
3717| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
3718| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3719| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3720| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3721| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3722| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3723| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3724| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3725| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3726| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
3727| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
3728| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
3729| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
3730| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
3731| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
3732| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
3733| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
3734| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
3735| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
3736| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
3737| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
3738| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
3739|
3740| OSVDB - http://www.osvdb.org:
3741| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
3742|_
374380/tcp open http Apache httpd
3744|_http-server-header: Apache
3745| vulscan: VulDB - https://vuldb.com:
3746| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3747| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3748| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3749| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3750| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3751| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3752| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3753| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3754| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3755| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3756| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3757| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3758| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3759| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3760| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3761| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3762| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3763| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3764| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3765| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3766| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3767| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3768| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3769| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3770| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3771| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3772| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3773| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3774| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3775| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3776| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3777| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3778| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3779| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3780| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3781| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3782| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3783| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3784| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3785| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3786| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3787| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3788| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3789| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3790| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3791| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3792| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3793| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3794| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3795| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3796| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3797| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3798| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3799| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3800| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3801| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3802| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3803| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3804| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3805| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3806| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3807| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3808| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3809| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3810| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3811| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3812| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3813| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3814| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3815| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3816| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3817| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3818| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3819| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3820| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3821| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3822| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3823| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3824| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3825| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3826| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3827| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3828| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3829| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3830| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3831| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3832| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3833| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3834| [136370] Apache Fineract up to 1.2.x sql injection
3835| [136369] Apache Fineract up to 1.2.x sql injection
3836| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3837| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3838| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3839| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3840| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3841| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3842| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3843| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3844| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3845| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3846| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3847| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3848| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3849| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3850| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3851| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3852| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3853| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3854| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3855| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3856| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3857| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3858| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3859| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3860| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3861| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3862| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3863| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3864| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3865| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3866| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3867| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3868| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3869| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3870| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3871| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3872| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3873| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3874| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3875| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3876| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3877| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3878| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3879| [130629] Apache Guacamole Cookie Flag weak encryption
3880| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3881| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3882| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3883| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3884| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3885| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3886| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3887| [130123] Apache Airflow up to 1.8.2 information disclosure
3888| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3889| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3890| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3891| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3892| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3893| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3894| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3895| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3896| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3897| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3898| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3899| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3900| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3901| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3902| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3903| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3904| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3905| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3906| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3907| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3908| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3909| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3910| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3911| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3912| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3913| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3914| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3915| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3916| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3917| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3918| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3919| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3920| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3921| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3922| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3923| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3924| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3925| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3926| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3927| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3928| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3929| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3930| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3931| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3932| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3933| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3934| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3935| [127007] Apache Spark Request Code Execution
3936| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3937| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3938| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3939| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3940| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3941| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3942| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3943| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3944| [126346] Apache Tomcat Path privilege escalation
3945| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3946| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3947| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3948| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3949| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3950| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3951| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3952| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3953| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3954| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3955| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3956| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3957| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3958| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3959| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3960| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3961| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3962| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3963| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3964| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3965| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3966| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3967| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3968| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3969| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3970| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3971| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3972| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3973| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3974| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3975| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3976| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3977| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3978| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3979| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3980| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3981| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3982| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3983| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3984| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3985| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3986| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3987| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3988| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3989| [123197] Apache Sentry up to 2.0.0 privilege escalation
3990| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3991| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3992| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3993| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3994| [122800] Apache Spark 1.3.0 REST API weak authentication
3995| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3996| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3997| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3998| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3999| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4000| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4001| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4002| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4003| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4004| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4005| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4006| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4007| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4008| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4009| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4010| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4011| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4012| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4013| [121354] Apache CouchDB HTTP API Code Execution
4014| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4015| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4016| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4017| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4018| [120168] Apache CXF weak authentication
4019| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4020| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4021| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4022| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4023| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4024| [119306] Apache MXNet Network Interface privilege escalation
4025| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4026| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4027| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4028| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4029| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4030| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4031| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4032| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4033| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4034| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4035| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4036| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4037| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4038| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4039| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4040| [117115] Apache Tika up to 1.17 tika-server command injection
4041| [116929] Apache Fineract getReportType Parameter privilege escalation
4042| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4043| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4044| [116926] Apache Fineract REST Parameter privilege escalation
4045| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4046| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4047| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4048| [115883] Apache Hive up to 2.3.2 privilege escalation
4049| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4050| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4051| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4052| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4053| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4054| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4055| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4056| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4057| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4058| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4059| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4060| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4061| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4062| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4063| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4064| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4065| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4066| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4067| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4068| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4069| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4070| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4071| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4072| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4073| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4074| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4075| [113895] Apache Geode up to 1.3.x Code Execution
4076| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4077| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4078| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4079| [113747] Apache Tomcat Servlets privilege escalation
4080| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4081| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4082| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4083| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4084| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4085| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4086| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4087| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4088| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4089| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4090| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4091| [112885] Apache Allura up to 1.8.0 File information disclosure
4092| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4093| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4094| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4095| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4096| [112625] Apache POI up to 3.16 Loop denial of service
4097| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4098| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4099| [112339] Apache NiFi 1.5.0 Header privilege escalation
4100| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4101| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4102| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4103| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4104| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4105| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4106| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4107| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4108| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4109| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4110| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4111| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4112| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4113| [112114] Oracle 9.1 Apache Log4j privilege escalation
4114| [112113] Oracle 9.1 Apache Log4j privilege escalation
4115| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4116| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4117| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4118| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4119| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4120| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4121| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4122| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4123| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4124| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4125| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4126| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4127| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4128| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4129| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4130| [110701] Apache Fineract Query Parameter sql injection
4131| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4132| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4133| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4134| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4135| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4136| [110106] Apache CXF Fediz Spring cross site request forgery
4137| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4138| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4139| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4140| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4141| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4142| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4143| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4144| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4145| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4146| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4147| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4148| [108938] Apple macOS up to 10.13.1 apache denial of service
4149| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4150| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4151| [108935] Apple macOS up to 10.13.1 apache denial of service
4152| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4153| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4154| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4155| [108931] Apple macOS up to 10.13.1 apache denial of service
4156| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4157| [108929] Apple macOS up to 10.13.1 apache denial of service
4158| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4159| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4160| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4161| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4162| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4163| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4164| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4165| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
4166| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4167| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4168| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4169| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4170| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4171| [108782] Apache Xerces2 XML Service denial of service
4172| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4173| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4174| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4175| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4176| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4177| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4178| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4179| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4180| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4181| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4182| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4183| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4184| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4185| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4186| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4187| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4188| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4189| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4190| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4191| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4192| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4193| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4194| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4195| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4196| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4197| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4198| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4199| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4200| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4201| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4202| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4203| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4204| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4205| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4206| [107639] Apache NiFi 1.4.0 XML External Entity
4207| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4208| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4209| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4210| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4211| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4212| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4213| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4214| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4215| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4216| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4217| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4218| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4219| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4220| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4221| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4222| [107084] Apache Struts up to 2.3.19 cross site scripting
4223| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4224| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4225| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4226| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4227| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4228| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4229| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4230| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4231| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4232| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4233| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4234| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4235| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4236| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4237| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4238| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4239| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4240| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4241| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4242| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4243| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4244| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4245| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4246| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4247| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4248| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4249| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4250| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4251| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4252| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4253| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4254| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4255| [105643] Apache Pony Mail up to 0.8b weak authentication
4256| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4257| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4258| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4259| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4260| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4261| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4262| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4263| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4264| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4265| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4266| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4267| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4268| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4269| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4270| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4271| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4272| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4273| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4274| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4275| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4276| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4277| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4278| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4279| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4280| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4281| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4282| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4283| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4284| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4285| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4286| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4287| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4288| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4289| [103690] Apache OpenMeetings 1.0.0 sql injection
4290| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4291| [103688] Apache OpenMeetings 1.0.0 weak encryption
4292| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4293| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4294| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4295| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4296| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4297| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4298| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4299| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4300| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4301| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4302| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4303| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4304| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4305| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4306| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4307| [103352] Apache Solr Node weak authentication
4308| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4309| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4310| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4311| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
4312| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4313| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4314| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4315| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4316| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4317| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4318| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4319| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4320| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4321| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4322| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4323| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4324| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4325| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4326| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4327| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
4328| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4329| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4330| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4331| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4332| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4333| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4334| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4335| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4336| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4337| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4338| [99937] Apache Batik up to 1.8 privilege escalation
4339| [99936] Apache FOP up to 2.1 privilege escalation
4340| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4341| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4342| [99930] Apache Traffic Server up to 6.2.0 denial of service
4343| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4344| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4345| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4346| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4347| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4348| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4349| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4350| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4351| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4352| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4353| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4354| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4355| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4356| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4357| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4358| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4359| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4360| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4361| [98605] Apple macOS up to 10.12.3 Apache denial of service
4362| [98604] Apple macOS up to 10.12.3 Apache denial of service
4363| [98603] Apple macOS up to 10.12.3 Apache denial of service
4364| [98602] Apple macOS up to 10.12.3 Apache denial of service
4365| [98601] Apple macOS up to 10.12.3 Apache denial of service
4366| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4367| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4368| [98199] Apache Camel Validation XML External Entity
4369| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4370| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4371| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4372| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4373| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4374| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4375| [97081] Apache Tomcat HTTPS Request denial of service
4376| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4377| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4378| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4379| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4380| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4381| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4382| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4383| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4384| [95311] Apache Storm UI Daemon privilege escalation
4385| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4386| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4387| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4388| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4389| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4390| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4391| [94540] Apache Tika 1.9 tika-server File information disclosure
4392| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4393| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4394| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4395| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4396| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4397| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4398| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4399| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4400| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4401| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4402| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4403| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4404| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4405| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4406| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4407| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4408| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4409| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4410| [93532] Apache Commons Collections Library Java privilege escalation
4411| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4412| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4413| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4414| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4415| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4416| [93098] Apache Commons FileUpload privilege escalation
4417| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4418| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4419| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4420| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4421| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4422| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4423| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4424| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4425| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4426| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4427| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4428| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4429| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4430| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4431| [92549] Apache Tomcat on Red Hat privilege escalation
4432| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4433| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4434| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4435| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4436| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4437| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4438| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4439| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4440| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4441| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4442| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4443| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4444| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4445| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4446| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4447| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4448| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4449| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4450| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4451| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4452| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4453| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4454| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4455| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4456| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4457| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4458| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4459| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4460| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4461| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4462| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4463| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4464| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4465| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4466| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4467| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4468| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4469| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4470| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4471| [90263] Apache Archiva Header denial of service
4472| [90262] Apache Archiva Deserialize privilege escalation
4473| [90261] Apache Archiva XML DTD Connection privilege escalation
4474| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4475| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4476| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4477| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4478| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4479| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4480| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4481| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4482| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4483| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4484| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4485| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4486| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4487| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4488| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4489| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4490| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4491| [87765] Apache James Server 2.3.2 Command privilege escalation
4492| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4493| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4494| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4495| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4496| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4497| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4498| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4499| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4500| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4501| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4502| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4503| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4504| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4505| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4506| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4507| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4508| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4509| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
4510| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4511| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4512| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4513| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4514| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4515| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4516| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4517| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4518| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4519| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4520| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4521| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4522| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4523| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4524| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4525| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4526| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4527| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4528| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4529| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4530| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4531| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4532| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4533| [82076] Apache Ranger up to 0.5.1 privilege escalation
4534| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4535| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4536| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4537| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4538| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4539| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4540| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4541| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4542| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4543| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4544| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4545| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4546| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4547| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4548| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4549| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4550| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4551| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4552| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4553| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4554| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4555| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4556| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4557| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4558| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4559| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4560| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4561| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4562| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4563| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4564| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4565| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4566| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4567| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4568| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4569| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4570| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4571| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4572| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4573| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4574| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4575| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4576| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4577| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4578| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4579| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4580| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4581| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4582| [78989] Apache Ambari up to 2.1.1 Open Redirect
4583| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4584| [78987] Apache Ambari up to 2.0.x cross site scripting
4585| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4586| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4587| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4588| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4589| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4590| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4591| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4592| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4593| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4594| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4595| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4596| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4597| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4598| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4599| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4600| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4601| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4602| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4603| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4604| [76567] Apache Struts 2.3.20 unknown vulnerability
4605| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4606| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4607| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4608| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4609| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4610| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4611| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4612| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4613| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4614| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4615| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4616| [74793] Apache Tomcat File Upload denial of service
4617| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4618| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4619| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4620| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4621| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4622| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4623| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4624| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4625| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4626| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4627| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4628| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4629| [74468] Apache Batik up to 1.6 denial of service
4630| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4631| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4632| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4633| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4634| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4635| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4636| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4637| [73731] Apache XML Security unknown vulnerability
4638| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4639| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4640| [73593] Apache Traffic Server up to 5.1.0 denial of service
4641| [73511] Apache POI up to 3.10 Deadlock denial of service
4642| [73510] Apache Solr up to 4.3.0 cross site scripting
4643| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4644| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4645| [73173] Apache CloudStack Stack-Based unknown vulnerability
4646| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4647| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4648| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4649| [72890] Apache Qpid 0.30 unknown vulnerability
4650| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4651| [72878] Apache Cordova 3.5.0 cross site request forgery
4652| [72877] Apache Cordova 3.5.0 cross site request forgery
4653| [72876] Apache Cordova 3.5.0 cross site request forgery
4654| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4655| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4656| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4657| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4658| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4659| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4660| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4661| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4662| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4663| [71629] Apache Axis2/C spoofing
4664| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4665| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4666| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4667| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4668| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4669| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4670| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4671| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4672| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4673| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4674| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4675| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4676| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4677| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4678| [70809] Apache POI up to 3.11 Crash denial of service
4679| [70808] Apache POI up to 3.10 unknown vulnerability
4680| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4681| [70749] Apache Axis up to 1.4 getCN spoofing
4682| [70701] Apache Traffic Server up to 3.3.5 denial of service
4683| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4684| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4685| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4686| [70661] Apache Subversion up to 1.6.17 denial of service
4687| [70660] Apache Subversion up to 1.6.17 spoofing
4688| [70659] Apache Subversion up to 1.6.17 spoofing
4689| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4690| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4691| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4692| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4693| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4694| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4695| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4696| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4697| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4698| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4699| [69846] Apache HBase up to 0.94.8 information disclosure
4700| [69783] Apache CouchDB up to 1.2.0 memory corruption
4701| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4702| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4703| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4704| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4705| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4706| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4707| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4708| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4709| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4710| [69431] Apache Archiva up to 1.3.6 cross site scripting
4711| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4712| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4713| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4714| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4715| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4716| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4717| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4718| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4719| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4720| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4721| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4722| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4723| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4724| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4725| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4726| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4727| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4728| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4729| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4730| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4731| [66356] Apache Wicket up to 6.8.0 information disclosure
4732| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4733| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4734| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4735| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4736| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4737| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4738| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4739| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4740| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4741| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4742| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4743| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4744| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4745| [65668] Apache Solr 4.0.0 Updater denial of service
4746| [65665] Apache Solr up to 4.3.0 denial of service
4747| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4748| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4749| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4750| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4751| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4752| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4753| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4754| [65410] Apache Struts 2.3.15.3 cross site scripting
4755| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4756| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4757| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4758| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4759| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4760| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4761| [65340] Apache Shindig 2.5.0 information disclosure
4762| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4763| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4764| [10826] Apache Struts 2 File privilege escalation
4765| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4766| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4767| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4768| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4769| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4770| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4771| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4772| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4773| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4774| [64722] Apache XML Security for C++ Heap-based memory corruption
4775| [64719] Apache XML Security for C++ Heap-based memory corruption
4776| [64718] Apache XML Security for C++ verify denial of service
4777| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4778| [64716] Apache XML Security for C++ spoofing
4779| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4780| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4781| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4782| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4783| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4784| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4785| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4786| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4787| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4788| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4789| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4790| [64467] Apache Geronimo 3.0 memory corruption
4791| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4792| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4793| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4794| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4795| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4796| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4797| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4798| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4799| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4800| [8873] Apache Struts 2.3.14 privilege escalation
4801| [8872] Apache Struts 2.3.14 privilege escalation
4802| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4803| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4804| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4805| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4806| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4807| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4808| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4809| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4810| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4811| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4812| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4813| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4814| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4815| [8427] Apache Tomcat Session Transaction weak authentication
4816| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4817| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4818| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4819| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4820| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4821| [63747] Apache Rave up to 0.20 User Account information disclosure
4822| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4823| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4824| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4825| [7687] Apache CXF up to 2.7.2 Token weak authentication
4826| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4827| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4828| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4829| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4830| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4831| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4832| [63090] Apache Tomcat up to 4.1.24 denial of service
4833| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4834| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4835| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4836| [62833] Apache CXF -/2.6.0 spoofing
4837| [62832] Apache Axis2 up to 1.6.2 spoofing
4838| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4839| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4840| [62826] Apache Libcloud up to 0.11.0 spoofing
4841| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4842| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4843| [62661] Apache Axis2 unknown vulnerability
4844| [62658] Apache Axis2 unknown vulnerability
4845| [62467] Apache Qpid up to 0.17 denial of service
4846| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4847| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4848| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4849| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4850| [62035] Apache Struts up to 2.3.4 denial of service
4851| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4852| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4853| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4854| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4855| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4856| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4857| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4858| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4859| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4860| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4861| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4862| [61229] Apache Sling up to 2.1.1 denial of service
4863| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4864| [61094] Apache Roller up to 5.0 cross site scripting
4865| [61093] Apache Roller up to 5.0 cross site request forgery
4866| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4867| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4868| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4869| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4870| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4871| [60708] Apache Qpid 0.12 unknown vulnerability
4872| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4873| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4874| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4875| [4882] Apache Wicket up to 1.5.4 directory traversal
4876| [4881] Apache Wicket up to 1.4.19 cross site scripting
4877| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4878| [60352] Apache Struts up to 2.2.3 memory corruption
4879| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4880| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4881| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4882| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4883| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4884| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4885| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4886| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4887| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4888| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4889| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4890| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4891| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4892| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4893| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4894| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4895| [59888] Apache Tomcat up to 6.0.6 denial of service
4896| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4897| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4898| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4899| [59850] Apache Geronimo up to 2.2.1 denial of service
4900| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4901| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4902| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4903| [58413] Apache Tomcat up to 6.0.10 spoofing
4904| [58381] Apache Wicket up to 1.4.17 cross site scripting
4905| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4906| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4907| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4908| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4909| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4910| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4911| [57568] Apache Archiva up to 1.3.4 cross site scripting
4912| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4913| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4914| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4915| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4916| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4917| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4918| [57025] Apache Tomcat up to 7.0.11 information disclosure
4919| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4920| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4921| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4922| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4923| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4924| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4925| [56512] Apache Continuum up to 1.4.0 cross site scripting
4926| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4927| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4928| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4929| [56441] Apache Tomcat up to 7.0.6 denial of service
4930| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4931| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4932| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4933| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4934| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4935| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4936| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4937| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4938| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4939| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4940| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4941| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4942| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4943| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4944| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4945| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4946| [54012] Apache Tomcat up to 6.0.10 denial of service
4947| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4948| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4949| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4950| [52894] Apache Tomcat up to 6.0.7 information disclosure
4951| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4952| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4953| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4954| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4955| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4956| [52584] Apache CouchDB up to 0.10.1 information disclosure
4957| [51757] Apache HTTP Server 2.0.44 cross site scripting
4958| [51756] Apache HTTP Server 2.0.44 spoofing
4959| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4960| [51690] Apache Tomcat up to 6.0 directory traversal
4961| [51689] Apache Tomcat up to 6.0 information disclosure
4962| [51688] Apache Tomcat up to 6.0 directory traversal
4963| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4964| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4965| [50626] Apache Solr 1.0.0 cross site scripting
4966| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4967| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4968| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4969| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4970| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4971| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4972| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4973| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4974| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4975| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4976| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4977| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4978| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4979| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
4980| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4981| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4982| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4983| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4984| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4985| [47214] Apachefriends xampp 1.6.8 spoofing
4986| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4987| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4988| [47065] Apache Tomcat 4.1.23 cross site scripting
4989| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4990| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4991| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4992| [86625] Apache Struts directory traversal
4993| [44461] Apache Tomcat up to 5.5.0 information disclosure
4994| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4995| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4996| [43663] Apache Tomcat up to 6.0.16 directory traversal
4997| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4998| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4999| [43516] Apache Tomcat up to 4.1.20 directory traversal
5000| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5001| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5002| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5003| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5004| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5005| [40924] Apache Tomcat up to 6.0.15 information disclosure
5006| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5007| [40922] Apache Tomcat up to 6.0 information disclosure
5008| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5009| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5010| [40656] Apache Tomcat 5.5.20 information disclosure
5011| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5012| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5013| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5014| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5015| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5016| [40234] Apache Tomcat up to 6.0.15 directory traversal
5017| [40221] Apache HTTP Server 2.2.6 information disclosure
5018| [40027] David Castro Apache Authcas 0.4 sql injection
5019| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
5020| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5021| [3414] Apache Tomcat WebDAV Stored privilege escalation
5022| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5023| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5024| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5025| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5026| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5027| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5028| [38524] Apache Geronimo 2.0 unknown vulnerability
5029| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5030| [38331] Apache Tomcat 4.1.24 information disclosure
5031| [38330] Apache Tomcat 4.1.24 information disclosure
5032| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5033| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5034| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5035| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5036| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5037| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5038| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5039| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5040| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5041| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5042| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5043| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5044| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5045| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5046| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5047| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5048| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5049| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5050| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5051| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5052| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5053| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5054| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5055| [34252] Apache HTTP Server denial of service
5056| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5057| [33877] Apache Opentaps 0.9.3 cross site scripting
5058| [33876] Apache Open For Business Project unknown vulnerability
5059| [33875] Apache Open For Business Project cross site scripting
5060| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
5061| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5062|
5063| MITRE CVE - https://cve.mitre.org:
5064| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5065| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5066| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5067| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5068| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5069| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5070| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5071| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5072| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5073| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5074| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5075| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5076| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5077| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5078| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5079| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5080| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5081| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5082| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5083| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5084| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5085| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5086| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5087| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5088| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5089| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5090| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5091| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5092| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5093| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5094| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5095| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5096| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5097| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5098| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5099| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5100| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5101| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5102| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5103| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5104| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5105| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5106| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5107| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5108| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5109| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5110| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5111| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5112| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5113| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5114| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5115| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5116| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5117| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5118| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5119| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5120| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5121| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5122| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5123| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5124| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5125| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5126| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5127| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5128| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5129| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5130| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5131| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5132| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5133| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5134| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5135| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5136| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5137| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5138| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5139| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5140| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5141| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5142| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5143| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5144| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5145| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5146| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5147| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5148| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5149| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5150| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5151| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5152| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5153| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5154| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5155| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5156| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5157| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5158| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5159| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5160| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5161| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5162| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5163| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5164| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5165| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5166| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5167| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5168| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5169| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5170| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5171| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5172| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5173| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5174| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5175| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5176| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5177| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5178| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5179| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5180| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5181| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5182| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5183| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5184| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5185| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5186| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5187| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5188| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5189| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5190| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5191| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5192| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5193| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5194| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5195| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5196| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5197| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5198| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5199| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5200| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5201| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5202| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5203| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5204| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5205| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5206| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5207| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5208| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5209| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5210| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5211| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5212| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5213| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5214| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5215| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5216| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5217| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5218| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5219| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5220| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5221| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5222| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5223| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5224| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5225| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5226| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5227| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5228| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5229| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5230| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5231| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5232| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5233| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5234| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5235| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5236| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5237| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5238| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5239| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5240| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5241| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5242| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5243| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5244| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5245| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5246| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5247| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5248| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5249| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5250| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5251| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5252| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5253| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5254| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5255| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5256| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5257| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5258| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5259| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5260| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5261| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5262| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5263| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5264| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5265| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5266| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5267| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5268| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5269| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5270| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5271| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5272| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5273| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5274| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5275| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5276| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5277| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5278| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5279| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5280| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5281| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5282| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5283| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5284| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5285| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5286| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5287| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5288| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5289| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5290| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5291| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5292| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5293| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5294| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5295| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5296| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5297| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5298| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5299| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5300| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5301| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5302| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5303| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5304| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5305| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5306| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5307| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5308| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5309| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5310| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5311| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5312| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5313| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5314| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5315| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5316| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5317| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5318| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5319| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5320| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5321| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5322| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5323| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5324| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5325| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5326| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5327| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5328| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5329| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5330| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5331| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5332| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5333| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5334| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5335| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5336| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5337| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5338| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5339| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5340| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5341| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5342| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5343| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5344| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5345| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5346| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5347| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5348| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5349| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5350| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5351| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5352| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5353| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5354| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5355| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5356| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5357| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5358| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5359| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5360| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5361| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5362| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5363| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5364| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5365| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5366| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5367| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5368| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5369| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5370| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5371| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5372| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5373| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5374| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5375| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5376| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5377| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5378| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5379| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5380| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5381| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5382| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5383| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5384| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5385| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5386| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5387| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5388| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5389| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5390| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5391| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5392| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5393| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5394| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5395| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5396| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5397| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5398| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5399| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5400| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5401| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5402| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5403| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5404| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5405| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5406| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5407| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5408| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5409| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5410| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5411| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5412| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5413| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5414| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5415| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5416| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5417| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5418| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5419| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5420| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5421| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5422| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5423| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5424| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5425| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5426| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5427| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5428| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5429| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5430| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5431| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5432| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5433| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5434| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5435| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5436| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5437| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5438| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5439| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5440| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5441| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5442| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5443| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5444| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5445| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5446| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5447| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5448| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5449| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5450| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5451| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5452| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5453| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5454| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5455| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5456| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5457| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5458| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5459| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5460| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5461| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5462| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5463| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5464| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5465| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5466| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5467| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5468| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5469| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5470| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5471| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5472| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5473| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5474| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5475| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5476| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5477| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5478| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5479| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5480| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5481| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5482| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5483| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5484| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5485| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5486| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5487| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5488| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5489| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5490| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5491| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5492| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5493| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5494| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5495| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5496| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5497| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5498| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5499| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5500| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5501| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5502| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5503| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5504| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5505| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5506| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5507| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5508| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5509| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5510| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5511| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5512| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5513| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5514| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5515| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5516| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5517| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5518| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5519| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5520| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5521| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5522| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5523| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5524| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5525| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5526| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5527| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5528| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5529| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5530| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5531| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5532| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5533| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5534| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5535| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5536| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5537| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5538| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5539| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5540| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5541| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5542| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5543| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5544| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5545| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5546| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5547| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5548| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5549| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5550| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5551| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5552| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5553| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5554| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5555| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5556| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5557| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5558| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5559| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5560| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5561| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5562| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5563| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5564| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5565| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5566| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5567| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5568| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5569| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5570| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5571| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5572| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5573| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5574| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5575| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5576| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5577| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5578| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5579| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5580| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5581| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5582| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5583| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5584| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5585| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5586| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5587| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5588| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5589| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5590| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5591| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5592| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5593| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5594| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5595| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5596| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5597| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5598| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5599| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5600| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5601| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5602| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5603| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5604| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5605| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5606| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5607| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5608| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5609| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5610| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5611| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5612| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5613| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5614| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5615| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5616| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5617| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5618| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5619| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5620| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5621| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5622| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5623| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5624| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5625| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5626| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5627| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5628| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5629| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5630| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5631| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5632| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5633| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5634| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5635| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5636| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5637| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5638| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5639| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5640| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5641| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5642| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5643| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5644| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5645| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5646| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5647| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5648| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5649| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5650| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5651| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5652| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5653| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5654| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5655| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5656| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5657| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5658| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5659| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5660| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5661| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5662| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5663| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5664| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5665| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5666| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5667| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5668| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5669| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5670| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5671| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5672| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5673|
5674| SecurityFocus - https://www.securityfocus.com/bid/:
5675| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5676| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5677| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5678| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5679| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5680| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5681| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5682| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5683| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5684| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5685| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5686| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5687| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5688| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5689| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5690| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5691| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5692| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5693| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5694| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5695| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5696| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5697| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5698| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5699| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5700| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5701| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5702| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5703| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5704| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5705| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5706| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5707| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5708| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5709| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5710| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5711| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5712| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5713| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5714| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5715| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5716| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5717| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5718| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5719| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5720| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5721| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5722| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5723| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5724| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5725| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5726| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5727| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5728| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5729| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5730| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5731| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5732| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5733| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5734| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5735| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5736| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5737| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5738| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5739| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5740| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5741| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5742| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5743| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5744| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5745| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5746| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5747| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5748| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5749| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5750| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5751| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5752| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5753| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5754| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5755| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5756| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5757| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5758| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5759| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5760| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5761| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5762| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5763| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5764| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5765| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5766| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5767| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5768| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5769| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5770| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5771| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5772| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5773| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5774| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5775| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5776| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5777| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5778| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5779| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5780| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5781| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5782| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5783| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5784| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5785| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5786| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5787| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5788| [100447] Apache2Triad Multiple Security Vulnerabilities
5789| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5790| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5791| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5792| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5793| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5794| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5795| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5796| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5797| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5798| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5799| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5800| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5801| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5802| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5803| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5804| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5805| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5806| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5807| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5808| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5809| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5810| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5811| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5812| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5813| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5814| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5815| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5816| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5817| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5818| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5819| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5820| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5821| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5822| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5823| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5824| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5825| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5826| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5827| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5828| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5829| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5830| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5831| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5832| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5833| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5834| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5835| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5836| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5837| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5838| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5839| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5840| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5841| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5842| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5843| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5844| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5845| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5846| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5847| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5848| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5849| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5850| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5851| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5852| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5853| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5854| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5855| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5856| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5857| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5858| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5859| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5860| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5861| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5862| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5863| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5864| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5865| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5866| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5867| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5868| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5869| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5870| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5871| [95675] Apache Struts Remote Code Execution Vulnerability
5872| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5873| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5874| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5875| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5876| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5877| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5878| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5879| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5880| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5881| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5882| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5883| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5884| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5885| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5886| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5887| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5888| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5889| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5890| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5891| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5892| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5893| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5894| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5895| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5896| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5897| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5898| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5899| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5900| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5901| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5902| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5903| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5904| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5905| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5906| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5907| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5908| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5909| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5910| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5911| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5912| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5913| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5914| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5915| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5916| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5917| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5918| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5919| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5920| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5921| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5922| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5923| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5924| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5925| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5926| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5927| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5928| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5929| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5930| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5931| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5932| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5933| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5934| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5935| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5936| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5937| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5938| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5939| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5940| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5941| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5942| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5943| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5944| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5945| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5946| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5947| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5948| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5949| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5950| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5951| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5952| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5953| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5954| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5955| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5956| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5957| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5958| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5959| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5960| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5961| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5962| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5963| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5964| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5965| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5966| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5967| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5968| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5969| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5970| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5971| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5972| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5973| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5974| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5975| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5976| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5977| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5978| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5979| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5980| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5981| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5982| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5983| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5984| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5985| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5986| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5987| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5988| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5989| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5990| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5991| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5992| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5993| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5994| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5995| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5996| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5997| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5998| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5999| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6000| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6001| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6002| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6003| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6004| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6005| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6006| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6007| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6008| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6009| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6010| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6011| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6012| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6013| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6014| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6015| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6016| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6017| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6018| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6019| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6020| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6021| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6022| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6023| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6024| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6025| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6026| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6027| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6028| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6029| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6030| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6031| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6032| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6033| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6034| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6035| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6036| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6037| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6038| [76933] Apache James Server Unspecified Command Execution Vulnerability
6039| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6040| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6041| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6042| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6043| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6044| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6045| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6046| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6047| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6048| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6049| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6050| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6051| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6052| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6053| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6054| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6055| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6056| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6057| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6058| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6059| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6060| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6061| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6062| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6063| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6064| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6065| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6066| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6067| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6068| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6069| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6070| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6071| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6072| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6073| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6074| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6075| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6076| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6077| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6078| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6079| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6080| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6081| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6082| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6083| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6084| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6085| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6086| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6087| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6088| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6089| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6090| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6091| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6092| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6093| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6094| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6095| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6096| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6097| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6098| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6099| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6100| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6101| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6102| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6103| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6104| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6105| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6106| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6107| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6108| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6109| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6110| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6111| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6112| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6113| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6114| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6115| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6116| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6117| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6118| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6119| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6120| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6121| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6122| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6123| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6124| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6125| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6126| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6127| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6128| [68229] Apache Harmony PRNG Entropy Weakness
6129| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6130| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6131| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6132| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6133| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6134| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6135| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6136| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6137| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6138| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6139| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6140| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6141| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6142| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6143| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6144| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6145| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6146| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6147| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6148| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6149| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6150| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6151| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6152| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6153| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6154| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6155| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6156| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6157| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6158| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6159| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6160| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6161| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6162| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6163| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6164| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6165| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6166| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6167| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6168| [64780] Apache CloudStack Unauthorized Access Vulnerability
6169| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6170| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6171| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6172| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6173| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6174| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6175| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6176| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6177| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6178| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6179| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6180| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6181| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6182| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6183| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6184| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6185| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6186| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6187| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6188| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6189| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6190| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6191| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6192| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6193| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6194| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6195| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6196| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6197| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6198| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6199| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6200| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6201| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6202| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6203| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6204| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6205| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6206| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6207| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6208| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6209| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6210| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6211| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6212| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6213| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6214| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6215| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6216| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6217| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6218| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6219| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6220| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6221| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6222| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6223| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6224| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6225| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6226| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6227| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6228| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6229| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6230| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6231| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6232| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6233| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6234| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6235| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6236| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6237| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6238| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6239| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6240| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6241| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6242| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6243| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6244| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6245| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6246| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6247| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6248| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6249| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6250| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6251| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6252| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6253| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6254| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6255| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6256| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6257| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6258| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6259| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6260| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6261| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6262| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6263| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6264| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6265| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6266| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6267| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6268| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6269| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6270| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6271| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6272| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6273| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6274| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6275| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6276| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6277| [54798] Apache Libcloud Man In The Middle Vulnerability
6278| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6279| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6280| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6281| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6282| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6283| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6284| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6285| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6286| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6287| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6288| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6289| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6290| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6291| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6292| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6293| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6294| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6295| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6296| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6297| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6298| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6299| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6300| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6301| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6302| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6303| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6304| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6305| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6306| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6307| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6308| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6309| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6310| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6311| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6312| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6313| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6314| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6315| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6316| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6317| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6318| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6319| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6320| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6321| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6322| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6323| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6324| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6325| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6326| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6327| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6328| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6329| [49290] Apache Wicket Cross Site Scripting Vulnerability
6330| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6331| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6332| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6333| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6334| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6335| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6336| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6337| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6338| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6339| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6340| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6341| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6342| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6343| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6344| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6345| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6346| [46953] Apache MPM-ITK Module Security Weakness
6347| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6348| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6349| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6350| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6351| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6352| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6353| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6354| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6355| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6356| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6357| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6358| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6359| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6360| [44616] Apache Shiro Directory Traversal Vulnerability
6361| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6362| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6363| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6364| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6365| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6366| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6367| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6368| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6369| [42492] Apache CXF XML DTD Processing Security Vulnerability
6370| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6371| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6372| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6373| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6374| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6375| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6376| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6377| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6378| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6379| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6380| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6381| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6382| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6383| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6384| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6385| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6386| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6387| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6388| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6389| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6390| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6391| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6392| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6393| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6394| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6395| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6396| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6397| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6398| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6399| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6400| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6401| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6402| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6403| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6404| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6405| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6406| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6407| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6408| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6409| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6410| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6411| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6412| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6413| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6414| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6415| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6416| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6417| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6418| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6419| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6420| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6421| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6422| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6423| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6424| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6425| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6426| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6427| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6428| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6429| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6430| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6431| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6432| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6433| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6434| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6435| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6436| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6437| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6438| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6439| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6440| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6441| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6442| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6443| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6444| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6445| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6446| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6447| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6448| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6449| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6450| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6451| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6452| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6453| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6454| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6455| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6456| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6457| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6458| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6459| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6460| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6461| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6462| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6463| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6464| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6465| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6466| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6467| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6468| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6469| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6470| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6471| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6472| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6473| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6474| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6475| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6476| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6477| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6478| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6479| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6480| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6481| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6482| [20527] Apache Mod_TCL Remote Format String Vulnerability
6483| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6484| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6485| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6486| [19106] Apache Tomcat Information Disclosure Vulnerability
6487| [18138] Apache James SMTP Denial Of Service Vulnerability
6488| [17342] Apache Struts Multiple Remote Vulnerabilities
6489| [17095] Apache Log4Net Denial Of Service Vulnerability
6490| [16916] Apache mod_python FileSession Code Execution Vulnerability
6491| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6492| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6493| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6494| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6495| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6496| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6497| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6498| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6499| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6500| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6501| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6502| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6503| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6504| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6505| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6506| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6507| [14106] Apache HTTP Request Smuggling Vulnerability
6508| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6509| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6510| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6511| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6512| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6513| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6514| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6515| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6516| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6517| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6518| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6519| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6520| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6521| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6522| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6523| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6524| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6525| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6526| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6527| [11094] Apache mod_ssl Denial Of Service Vulnerability
6528| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6529| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6530| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6531| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6532| [10478] ClueCentral Apache Suexec Patch Security Weakness
6533| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6534| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6535| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6536| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6537| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6538| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6539| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6540| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6541| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6542| [9733] Apache Cygwin Directory Traversal Vulnerability
6543| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6544| [9590] Apache-SSL Client Certificate Forging Vulnerability
6545| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6546| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6547| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6548| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6549| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6550| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6551| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6552| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6553| [8898] Red Hat Apache Directory Index Default Configuration Error
6554| [8883] Apache Cocoon Directory Traversal Vulnerability
6555| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6556| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6557| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6558| [8707] Apache htpasswd Password Entropy Weakness
6559| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6560| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6561| [8226] Apache HTTP Server Multiple Vulnerabilities
6562| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6563| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6564| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6565| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6566| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6567| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6568| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6569| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6570| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6571| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6572| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6573| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6574| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6575| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6576| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6577| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6578| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6579| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6580| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6581| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6582| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6583| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6584| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6585| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6586| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6587| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6588| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6589| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6590| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6591| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6592| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6593| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6594| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6595| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6596| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6597| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6598| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6599| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6600| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6601| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6602| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6603| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6604| [5485] Apache 2.0 Path Disclosure Vulnerability
6605| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6606| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6607| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6608| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6609| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6610| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6611| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6612| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6613| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6614| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6615| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6616| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6617| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6618| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6619| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6620| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6621| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6622| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6623| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6624| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6625| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6626| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6627| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6628| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6629| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6630| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6631| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6632| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6633| [3596] Apache Split-Logfile File Append Vulnerability
6634| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6635| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6636| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6637| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6638| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6639| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6640| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6641| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6642| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6643| [3169] Apache Server Address Disclosure Vulnerability
6644| [3009] Apache Possible Directory Index Disclosure Vulnerability
6645| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6646| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6647| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6648| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6649| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6650| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6651| [2216] Apache Web Server DoS Vulnerability
6652| [2182] Apache /tmp File Race Vulnerability
6653| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6654| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6655| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6656| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6657| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6658| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6659| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6660| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6661| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6662| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6663| [1457] Apache::ASP source.asp Example Script Vulnerability
6664| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6665| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6666|
6667| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6668| [86258] Apache CloudStack text fields cross-site scripting
6669| [85983] Apache Subversion mod_dav_svn module denial of service
6670| [85875] Apache OFBiz UEL code execution
6671| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6672| [85871] Apache HTTP Server mod_session_dbd unspecified
6673| [85756] Apache Struts OGNL expression command execution
6674| [85755] Apache Struts DefaultActionMapper class open redirect
6675| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6676| [85574] Apache HTTP Server mod_dav denial of service
6677| [85573] Apache Struts Showcase App OGNL code execution
6678| [85496] Apache CXF denial of service
6679| [85423] Apache Geronimo RMI classloader code execution
6680| [85326] Apache Santuario XML Security for C++ buffer overflow
6681| [85323] Apache Santuario XML Security for Java spoofing
6682| [85319] Apache Qpid Python client SSL spoofing
6683| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6684| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6685| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6686| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6687| [84952] Apache Tomcat CVE-2012-3544 denial of service
6688| [84763] Apache Struts CVE-2013-2135 security bypass
6689| [84762] Apache Struts CVE-2013-2134 security bypass
6690| [84719] Apache Subversion CVE-2013-2088 command execution
6691| [84718] Apache Subversion CVE-2013-2112 denial of service
6692| [84717] Apache Subversion CVE-2013-1968 denial of service
6693| [84577] Apache Tomcat security bypass
6694| [84576] Apache Tomcat symlink
6695| [84543] Apache Struts CVE-2013-2115 security bypass
6696| [84542] Apache Struts CVE-2013-1966 security bypass
6697| [84154] Apache Tomcat session hijacking
6698| [84144] Apache Tomcat denial of service
6699| [84143] Apache Tomcat information disclosure
6700| [84111] Apache HTTP Server command execution
6701| [84043] Apache Virtual Computing Lab cross-site scripting
6702| [84042] Apache Virtual Computing Lab cross-site scripting
6703| [83782] Apache CloudStack information disclosure
6704| [83781] Apache CloudStack security bypass
6705| [83720] Apache ActiveMQ cross-site scripting
6706| [83719] Apache ActiveMQ denial of service
6707| [83718] Apache ActiveMQ denial of service
6708| [83263] Apache Subversion denial of service
6709| [83262] Apache Subversion denial of service
6710| [83261] Apache Subversion denial of service
6711| [83259] Apache Subversion denial of service
6712| [83035] Apache mod_ruid2 security bypass
6713| [82852] Apache Qpid federation_tag security bypass
6714| [82851] Apache Qpid qpid::framing::Buffer denial of service
6715| [82758] Apache Rave User RPC API information disclosure
6716| [82663] Apache Subversion svn_fs_file_length() denial of service
6717| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6718| [82641] Apache Qpid AMQP denial of service
6719| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6720| [82618] Apache Commons FileUpload symlink
6721| [82360] Apache HTTP Server manager interface cross-site scripting
6722| [82359] Apache HTTP Server hostnames cross-site scripting
6723| [82338] Apache Tomcat log/logdir information disclosure
6724| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6725| [82268] Apache OpenJPA deserialization command execution
6726| [81981] Apache CXF UsernameTokens security bypass
6727| [81980] Apache CXF WS-Security security bypass
6728| [81398] Apache OFBiz cross-site scripting
6729| [81240] Apache CouchDB directory traversal
6730| [81226] Apache CouchDB JSONP code execution
6731| [81225] Apache CouchDB Futon user interface cross-site scripting
6732| [81211] Apache Axis2/C SSL spoofing
6733| [81167] Apache CloudStack DeployVM information disclosure
6734| [81166] Apache CloudStack AddHost API information disclosure
6735| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6736| [80518] Apache Tomcat cross-site request forgery security bypass
6737| [80517] Apache Tomcat FormAuthenticator security bypass
6738| [80516] Apache Tomcat NIO denial of service
6739| [80408] Apache Tomcat replay-countermeasure security bypass
6740| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6741| [80317] Apache Tomcat slowloris denial of service
6742| [79984] Apache Commons HttpClient SSL spoofing
6743| [79983] Apache CXF SSL spoofing
6744| [79830] Apache Axis2/Java SSL spoofing
6745| [79829] Apache Axis SSL spoofing
6746| [79809] Apache Tomcat DIGEST security bypass
6747| [79806] Apache Tomcat parseHeaders() denial of service
6748| [79540] Apache OFBiz unspecified
6749| [79487] Apache Axis2 SAML security bypass
6750| [79212] Apache Cloudstack code execution
6751| [78734] Apache CXF SOAP Action security bypass
6752| [78730] Apache Qpid broker denial of service
6753| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6754| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6755| [78562] Apache mod_pagespeed module security bypass
6756| [78454] Apache Axis2 security bypass
6757| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6758| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6759| [78321] Apache Wicket unspecified cross-site scripting
6760| [78183] Apache Struts parameters denial of service
6761| [78182] Apache Struts cross-site request forgery
6762| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6763| [77987] mod_rpaf module for Apache denial of service
6764| [77958] Apache Struts skill name code execution
6765| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6766| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6767| [77568] Apache Qpid broker security bypass
6768| [77421] Apache Libcloud spoofing
6769| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6770| [77046] Oracle Solaris Apache HTTP Server information disclosure
6771| [76837] Apache Hadoop information disclosure
6772| [76802] Apache Sling CopyFrom denial of service
6773| [76692] Apache Hadoop symlink
6774| [76535] Apache Roller console cross-site request forgery
6775| [76534] Apache Roller weblog cross-site scripting
6776| [76152] Apache CXF elements security bypass
6777| [76151] Apache CXF child policies security bypass
6778| [75983] MapServer for Windows Apache file include
6779| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6780| [75558] Apache POI denial of service
6781| [75545] PHP apache_request_headers() buffer overflow
6782| [75302] Apache Qpid SASL security bypass
6783| [75211] Debian GNU/Linux apache 2 cross-site scripting
6784| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6785| [74871] Apache OFBiz FlexibleStringExpander code execution
6786| [74870] Apache OFBiz multiple cross-site scripting
6787| [74750] Apache Hadoop unspecified spoofing
6788| [74319] Apache Struts XSLTResult.java file upload
6789| [74313] Apache Traffic Server header buffer overflow
6790| [74276] Apache Wicket directory traversal
6791| [74273] Apache Wicket unspecified cross-site scripting
6792| [74181] Apache HTTP Server mod_fcgid module denial of service
6793| [73690] Apache Struts OGNL code execution
6794| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6795| [73100] Apache MyFaces in directory traversal
6796| [73096] Apache APR hash denial of service
6797| [73052] Apache Struts name cross-site scripting
6798| [73030] Apache CXF UsernameToken security bypass
6799| [72888] Apache Struts lastName cross-site scripting
6800| [72758] Apache HTTP Server httpOnly information disclosure
6801| [72757] Apache HTTP Server MPM denial of service
6802| [72585] Apache Struts ParameterInterceptor security bypass
6803| [72438] Apache Tomcat Digest security bypass
6804| [72437] Apache Tomcat Digest security bypass
6805| [72436] Apache Tomcat DIGEST security bypass
6806| [72425] Apache Tomcat parameter denial of service
6807| [72422] Apache Tomcat request object information disclosure
6808| [72377] Apache HTTP Server scoreboard security bypass
6809| [72345] Apache HTTP Server HTTP request denial of service
6810| [72229] Apache Struts ExceptionDelegator command execution
6811| [72089] Apache Struts ParameterInterceptor directory traversal
6812| [72088] Apache Struts CookieInterceptor command execution
6813| [72047] Apache Geronimo hash denial of service
6814| [72016] Apache Tomcat hash denial of service
6815| [71711] Apache Struts OGNL expression code execution
6816| [71654] Apache Struts interfaces security bypass
6817| [71620] Apache ActiveMQ failover denial of service
6818| [71617] Apache HTTP Server mod_proxy module information disclosure
6819| [71508] Apache MyFaces EL security bypass
6820| [71445] Apache HTTP Server mod_proxy security bypass
6821| [71203] Apache Tomcat servlets privilege escalation
6822| [71181] Apache HTTP Server ap_pregsub() denial of service
6823| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6824| [70336] Apache HTTP Server mod_proxy information disclosure
6825| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6826| [69472] Apache Tomcat AJP security bypass
6827| [69396] Apache HTTP Server ByteRange filter denial of service
6828| [69394] Apache Wicket multi window support cross-site scripting
6829| [69176] Apache Tomcat XML information disclosure
6830| [69161] Apache Tomcat jsvc information disclosure
6831| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6832| [68541] Apache Tomcat sendfile information disclosure
6833| [68420] Apache XML Security denial of service
6834| [68238] Apache Tomcat JMX information disclosure
6835| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6836| [67804] Apache Subversion control rules information disclosure
6837| [67803] Apache Subversion control rules denial of service
6838| [67802] Apache Subversion baselined denial of service
6839| [67672] Apache Archiva multiple cross-site scripting
6840| [67671] Apache Archiva multiple cross-site request forgery
6841| [67564] Apache APR apr_fnmatch() denial of service
6842| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6843| [67515] Apache Tomcat annotations security bypass
6844| [67480] Apache Struts s:submit information disclosure
6845| [67414] Apache APR apr_fnmatch() denial of service
6846| [67356] Apache Struts javatemplates cross-site scripting
6847| [67354] Apache Struts Xwork cross-site scripting
6848| [66676] Apache Tomcat HTTP BIO information disclosure
6849| [66675] Apache Tomcat web.xml security bypass
6850| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6851| [66241] Apache HttpComponents information disclosure
6852| [66154] Apache Tomcat ServletSecurity security bypass
6853| [65971] Apache Tomcat ServletSecurity security bypass
6854| [65876] Apache Subversion mod_dav_svn denial of service
6855| [65343] Apache Continuum unspecified cross-site scripting
6856| [65162] Apache Tomcat NIO connector denial of service
6857| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6858| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6859| [65159] Apache Tomcat ServletContect security bypass
6860| [65050] Apache CouchDB web-based administration UI cross-site scripting
6861| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6862| [64473] Apache Subversion blame -g denial of service
6863| [64472] Apache Subversion walk() denial of service
6864| [64407] Apache Axis2 CVE-2010-0219 code execution
6865| [63926] Apache Archiva password privilege escalation
6866| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6867| [63493] Apache Archiva credentials cross-site request forgery
6868| [63477] Apache Tomcat HttpOnly session hijacking
6869| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6870| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6871| [62959] Apache Shiro filters security bypass
6872| [62790] Apache Perl cgi module denial of service
6873| [62576] Apache Qpid exchange denial of service
6874| [62575] Apache Qpid AMQP denial of service
6875| [62354] Apache Qpid SSL denial of service
6876| [62235] Apache APR-util apr_brigade_split_line() denial of service
6877| [62181] Apache XML-RPC SAX Parser information disclosure
6878| [61721] Apache Traffic Server cache poisoning
6879| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6880| [61186] Apache CouchDB Futon cross-site request forgery
6881| [61169] Apache CXF DTD denial of service
6882| [61070] Apache Jackrabbit search.jsp SQL injection
6883| [61006] Apache SLMS Quoting cross-site request forgery
6884| [60962] Apache Tomcat time cross-site scripting
6885| [60883] Apache mod_proxy_http information disclosure
6886| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6887| [60264] Apache Tomcat Transfer-Encoding denial of service
6888| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6889| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6890| [59413] Apache mod_proxy_http timeout information disclosure
6891| [59058] Apache MyFaces unencrypted view state cross-site scripting
6892| [58827] Apache Axis2 xsd file include
6893| [58790] Apache Axis2 modules cross-site scripting
6894| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6895| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6896| [58056] Apache ActiveMQ .jsp source code disclosure
6897| [58055] Apache Tomcat realm name information disclosure
6898| [58046] Apache HTTP Server mod_auth_shadow security bypass
6899| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6900| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6901| [57429] Apache CouchDB algorithms information disclosure
6902| [57398] Apache ActiveMQ Web console cross-site request forgery
6903| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6904| [56653] Apache HTTP Server DNS spoofing
6905| [56652] Apache HTTP Server DNS cross-site scripting
6906| [56625] Apache HTTP Server request header information disclosure
6907| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6908| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6909| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6910| [55857] Apache Tomcat WAR files directory traversal
6911| [55856] Apache Tomcat autoDeploy attribute security bypass
6912| [55855] Apache Tomcat WAR directory traversal
6913| [55210] Intuit component for Joomla! Apache information disclosure
6914| [54533] Apache Tomcat 404 error page cross-site scripting
6915| [54182] Apache Tomcat admin default password
6916| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6917| [53666] Apache HTTP Server Solaris pollset support denial of service
6918| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6919| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6920| [53041] mod_proxy_ftp module for Apache denial of service
6921| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6922| [51953] Apache Tomcat Path Disclosure
6923| [51952] Apache Tomcat Path Traversal
6924| [51951] Apache stronghold-status Information Disclosure
6925| [51950] Apache stronghold-info Information Disclosure
6926| [51949] Apache PHP Source Code Disclosure
6927| [51948] Apache Multiviews Attack
6928| [51946] Apache JServ Environment Status Information Disclosure
6929| [51945] Apache error_log Information Disclosure
6930| [51944] Apache Default Installation Page Pattern Found
6931| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6932| [51942] Apache AXIS XML External Entity File Retrieval
6933| [51941] Apache AXIS Sample Servlet Information Leak
6934| [51940] Apache access_log Information Disclosure
6935| [51626] Apache mod_deflate denial of service
6936| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6937| [51365] Apache Tomcat RequestDispatcher security bypass
6938| [51273] Apache HTTP Server Incomplete Request denial of service
6939| [51195] Apache Tomcat XML information disclosure
6940| [50994] Apache APR-util xml/apr_xml.c denial of service
6941| [50993] Apache APR-util apr_brigade_vprintf denial of service
6942| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6943| [50930] Apache Tomcat j_security_check information disclosure
6944| [50928] Apache Tomcat AJP denial of service
6945| [50884] Apache HTTP Server XML ENTITY denial of service
6946| [50808] Apache HTTP Server AllowOverride privilege escalation
6947| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6948| [50059] Apache mod_proxy_ajp information disclosure
6949| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6950| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6951| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6952| [49921] Apache ActiveMQ Web interface cross-site scripting
6953| [49898] Apache Geronimo Services/Repository directory traversal
6954| [49725] Apache Tomcat mod_jk module information disclosure
6955| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6956| [49712] Apache Struts unspecified cross-site scripting
6957| [49213] Apache Tomcat cal2.jsp cross-site scripting
6958| [48934] Apache Tomcat POST doRead method information disclosure
6959| [48211] Apache Tomcat header HTTP request smuggling
6960| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6961| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6962| [47709] Apache Roller "
6963| [47104] Novell Netware ApacheAdmin console security bypass
6964| [47086] Apache HTTP Server OS fingerprinting unspecified
6965| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6966| [45791] Apache Tomcat RemoteFilterValve security bypass
6967| [44435] Oracle WebLogic Apache Connector buffer overflow
6968| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6969| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6970| [44156] Apache Tomcat RequestDispatcher directory traversal
6971| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6972| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6973| [42987] Apache HTTP Server mod_proxy module denial of service
6974| [42915] Apache Tomcat JSP files path disclosure
6975| [42914] Apache Tomcat MS-DOS path disclosure
6976| [42892] Apache Tomcat unspecified unauthorized access
6977| [42816] Apache Tomcat Host Manager cross-site scripting
6978| [42303] Apache 403 error cross-site scripting
6979| [41618] Apache-SSL ExpandCert() authentication bypass
6980| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6981| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6982| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6983| [40562] Apache Geronimo init information disclosure
6984| [40478] Novell Web Manager webadmin-apache.conf security bypass
6985| [40411] Apache Tomcat exception handling information disclosure
6986| [40409] Apache Tomcat native (APR based) connector weak security
6987| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6988| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6989| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6990| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6991| [39804] Apache Tomcat SingleSignOn information disclosure
6992| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6993| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6994| [39608] Apache HTTP Server balancer manager cross-site request forgery
6995| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6996| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6997| [39472] Apache HTTP Server mod_status cross-site scripting
6998| [39201] Apache Tomcat JULI logging weak security
6999| [39158] Apache HTTP Server Windows SMB shares information disclosure
7000| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7001| [38951] Apache::AuthCAS Perl module cookie SQL injection
7002| [38800] Apache HTTP Server 413 error page cross-site scripting
7003| [38211] Apache Geronimo SQLLoginModule authentication bypass
7004| [37243] Apache Tomcat WebDAV directory traversal
7005| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7006| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7007| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7008| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7009| [36782] Apache Geronimo MEJB unauthorized access
7010| [36586] Apache HTTP Server UTF-7 cross-site scripting
7011| [36468] Apache Geronimo LoginModule security bypass
7012| [36467] Apache Tomcat functions.jsp cross-site scripting
7013| [36402] Apache Tomcat calendar cross-site request forgery
7014| [36354] Apache HTTP Server mod_proxy module denial of service
7015| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7016| [36336] Apache Derby lock table privilege escalation
7017| [36335] Apache Derby schema privilege escalation
7018| [36006] Apache Tomcat "
7019| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7020| [35999] Apache Tomcat \"
7021| [35795] Apache Tomcat CookieExample cross-site scripting
7022| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7023| [35384] Apache HTTP Server mod_cache module denial of service
7024| [35097] Apache HTTP Server mod_status module cross-site scripting
7025| [35095] Apache HTTP Server Prefork MPM module denial of service
7026| [34984] Apache HTTP Server recall_headers information disclosure
7027| [34966] Apache HTTP Server MPM content spoofing
7028| [34965] Apache HTTP Server MPM information disclosure
7029| [34963] Apache HTTP Server MPM multiple denial of service
7030| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7031| [34869] Apache Tomcat JSP example Web application cross-site scripting
7032| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7033| [34496] Apache Tomcat JK Connector security bypass
7034| [34377] Apache Tomcat hello.jsp cross-site scripting
7035| [34212] Apache Tomcat SSL configuration security bypass
7036| [34210] Apache Tomcat Accept-Language cross-site scripting
7037| [34209] Apache Tomcat calendar application cross-site scripting
7038| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7039| [34167] Apache Axis WSDL file path disclosure
7040| [34068] Apache Tomcat AJP connector information disclosure
7041| [33584] Apache HTTP Server suEXEC privilege escalation
7042| [32988] Apache Tomcat proxy module directory traversal
7043| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7044| [32708] Debian Apache tty privilege escalation
7045| [32441] ApacheStats extract() PHP call unspecified
7046| [32128] Apache Tomcat default account
7047| [31680] Apache Tomcat RequestParamExample cross-site scripting
7048| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7049| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7050| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7051| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7052| [29550] Apache mod_tcl set_var() format string
7053| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7054| [28357] Apache HTTP Server mod_alias script source information disclosure
7055| [28063] Apache mod_rewrite off-by-one buffer overflow
7056| [27902] Apache Tomcat URL information disclosure
7057| [26786] Apache James SMTP server denial of service
7058| [25680] libapache2 /tmp/svn file upload
7059| [25614] Apache Struts lookupMap cross-site scripting
7060| [25613] Apache Struts ActionForm denial of service
7061| [25612] Apache Struts isCancelled() security bypass
7062| [24965] Apache mod_python FileSession command execution
7063| [24716] Apache James spooler memory leak denial of service
7064| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7065| [24158] Apache Geronimo jsp-examples cross-site scripting
7066| [24030] Apache auth_ldap module multiple format strings
7067| [24008] Apache mod_ssl custom error message denial of service
7068| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7069| [23612] Apache mod_imap referer field cross-site scripting
7070| [23173] Apache Struts error message cross-site scripting
7071| [22942] Apache Tomcat directory listing denial of service
7072| [22858] Apache Multi-Processing Module code allows denial of service
7073| [22602] RHSA-2005:582 updates for Apache httpd not installed
7074| [22520] Apache mod-auth-shadow "
7075| [22466] ApacheTop symlink
7076| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7077| [22006] Apache HTTP Server byte-range filter denial of service
7078| [21567] Apache mod_ssl off-by-one buffer overflow
7079| [21195] Apache HTTP Server header HTTP request smuggling
7080| [20383] Apache HTTP Server htdigest buffer overflow
7081| [19681] Apache Tomcat AJP12 request denial of service
7082| [18993] Apache HTTP server check_forensic symlink attack
7083| [18790] Apache Tomcat Manager cross-site scripting
7084| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7085| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7086| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7087| [17961] Apache Web server ServerTokens has not been set
7088| [17930] Apache HTTP Server HTTP GET request denial of service
7089| [17785] Apache mod_include module buffer overflow
7090| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7091| [17473] Apache HTTP Server Satisfy directive allows access to resources
7092| [17413] Apache htpasswd buffer overflow
7093| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7094| [17382] Apache HTTP Server IPv6 apr_util denial of service
7095| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7096| [17273] Apache HTTP Server speculative mode denial of service
7097| [17200] Apache HTTP Server mod_ssl denial of service
7098| [16890] Apache HTTP Server server-info request has been detected
7099| [16889] Apache HTTP Server server-status request has been detected
7100| [16705] Apache mod_ssl format string attack
7101| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7102| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7103| [16230] Apache HTTP Server PHP denial of service
7104| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7105| [15958] Apache HTTP Server authentication modules memory corruption
7106| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7107| [15540] Apache HTTP Server socket starvation denial of service
7108| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7109| [15422] Apache HTTP Server mod_access information disclosure
7110| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7111| [15293] Apache for Cygwin "
7112| [15065] Apache-SSL has a default password
7113| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7114| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7115| [14751] Apache Mod_python output filter information disclosure
7116| [14125] Apache HTTP Server mod_userdir module information disclosure
7117| [14075] Apache HTTP Server mod_php file descriptor leak
7118| [13703] Apache HTTP Server account
7119| [13689] Apache HTTP Server configuration allows symlinks
7120| [13688] Apache HTTP Server configuration allows SSI
7121| [13687] Apache HTTP Server Server: header value
7122| [13685] Apache HTTP Server ServerTokens value
7123| [13684] Apache HTTP Server ServerSignature value
7124| [13672] Apache HTTP Server config allows directory autoindexing
7125| [13671] Apache HTTP Server default content
7126| [13670] Apache HTTP Server config file directive references outside content root
7127| [13668] Apache HTTP Server httpd not running in chroot environment
7128| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7129| [13664] Apache HTTP Server config file contains ScriptAlias entry
7130| [13663] Apache HTTP Server CGI support modules loaded
7131| [13661] Apache HTTP Server config file contains AddHandler entry
7132| [13660] Apache HTTP Server 500 error page not CGI script
7133| [13659] Apache HTTP Server 413 error page not CGI script
7134| [13658] Apache HTTP Server 403 error page not CGI script
7135| [13657] Apache HTTP Server 401 error page not CGI script
7136| [13552] Apache HTTP Server mod_cgid module information disclosure
7137| [13550] Apache GET request directory traversal
7138| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7139| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7140| [13429] Apache Tomcat non-HTTP request denial of service
7141| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7142| [13295] Apache weak password encryption
7143| [13254] Apache Tomcat .jsp cross-site scripting
7144| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7145| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7146| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7147| [12662] Apache HTTP Server rotatelogs denial of service
7148| [12554] Apache Tomcat stores password in plain text
7149| [12553] Apache HTTP Server redirects and subrequests denial of service
7150| [12552] Apache HTTP Server FTP proxy server denial of service
7151| [12551] Apache HTTP Server prefork MPM denial of service
7152| [12550] Apache HTTP Server weaker than expected encryption
7153| [12549] Apache HTTP Server type-map file denial of service
7154| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7155| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7156| [12091] Apache HTTP Server apr_password_validate denial of service
7157| [12090] Apache HTTP Server apr_psprintf code execution
7158| [11804] Apache HTTP Server mod_access_referer denial of service
7159| [11750] Apache HTTP Server could leak sensitive file descriptors
7160| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7161| [11703] Apache long slash path allows directory listing
7162| [11695] Apache HTTP Server LF (Line Feed) denial of service
7163| [11694] Apache HTTP Server filestat.c denial of service
7164| [11438] Apache HTTP Server MIME message boundaries information disclosure
7165| [11412] Apache HTTP Server error log terminal escape sequence injection
7166| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7167| [11195] Apache Tomcat web.xml could be used to read files
7168| [11194] Apache Tomcat URL appended with a null character could list directories
7169| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7170| [11126] Apache HTTP Server illegal character file disclosure
7171| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7172| [11124] Apache HTTP Server DOS device name denial of service
7173| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7174| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7175| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7176| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7177| [10499] Apache HTTP Server WebDAV HTTP POST view source
7178| [10457] Apache HTTP Server mod_ssl "
7179| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7180| [10414] Apache HTTP Server htdigest multiple buffer overflows
7181| [10413] Apache HTTP Server htdigest temporary file race condition
7182| [10412] Apache HTTP Server htpasswd temporary file race condition
7183| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7184| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7185| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7186| [10280] Apache HTTP Server shared memory scorecard overwrite
7187| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7188| [10241] Apache HTTP Server Host: header cross-site scripting
7189| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7190| [10208] Apache HTTP Server mod_dav denial of service
7191| [10206] HP VVOS Apache mod_ssl denial of service
7192| [10200] Apache HTTP Server stderr denial of service
7193| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7194| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7195| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7196| [10098] Slapper worm targets OpenSSL/Apache systems
7197| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7198| [9875] Apache HTTP Server .var file request could disclose installation path
7199| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7200| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7201| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7202| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7203| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7204| [9396] Apache Tomcat null character to threads denial of service
7205| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7206| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7207| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7208| [8932] Apache Tomcat example class information disclosure
7209| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7210| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7211| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7212| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7213| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7214| [8400] Apache HTTP Server mod_frontpage buffer overflows
7215| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7216| [8308] Apache "
7217| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7218| [8119] Apache and PHP OPTIONS request reveals "
7219| [8054] Apache is running on the system
7220| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7221| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7222| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7223| [7836] Apache HTTP Server log directory denial of service
7224| [7815] Apache for Windows "
7225| [7810] Apache HTTP request could result in unexpected behavior
7226| [7599] Apache Tomcat reveals installation path
7227| [7494] Apache "
7228| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7229| [7363] Apache Web Server hidden HTTP requests
7230| [7249] Apache mod_proxy denial of service
7231| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7232| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7233| [7059] Apache "
7234| [7057] Apache "
7235| [7056] Apache "
7236| [7055] Apache "
7237| [7054] Apache "
7238| [6997] Apache Jakarta Tomcat error message may reveal information
7239| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7240| [6970] Apache crafted HTTP request could reveal the internal IP address
7241| [6921] Apache long slash path allows directory listing
7242| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7243| [6527] Apache Web Server for Windows and OS2 denial of service
7244| [6316] Apache Jakarta Tomcat may reveal JSP source code
7245| [6305] Apache Jakarta Tomcat directory traversal
7246| [5926] Linux Apache symbolic link
7247| [5659] Apache Web server discloses files when used with php script
7248| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7249| [5204] Apache WebDAV directory listings
7250| [5197] Apache Web server reveals CGI script source code
7251| [5160] Apache Jakarta Tomcat default installation
7252| [5099] Trustix Secure Linux installs Apache with world writable access
7253| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7254| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7255| [4931] Apache source.asp example file allows users to write to files
7256| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7257| [4205] Apache Jakarta Tomcat delivers file contents
7258| [2084] Apache on Debian by default serves the /usr/doc directory
7259| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7260| [697] Apache HTTP server beck exploit
7261| [331] Apache cookies buffer overflow
7262|
7263| Exploit-DB - https://www.exploit-db.com:
7264| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7265| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7266| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7267| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7268| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7269| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7270| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7271| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7272| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7273| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7274| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7275| [29859] Apache Roller OGNL Injection
7276| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7277| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7278| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7279| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7280| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7281| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7282| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7283| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7284| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7285| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7286| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7287| [27096] Apache Geronimo 1.0 Error Page XSS
7288| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7289| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7290| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7291| [25986] Plesk Apache Zeroday Remote Exploit
7292| [25980] Apache Struts includeParams Remote Code Execution
7293| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7294| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7295| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7296| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7297| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7298| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7299| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7300| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7301| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7302| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7303| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7304| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7305| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7306| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7307| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7308| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7309| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7310| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7311| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7312| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7313| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7314| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7315| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7316| [21719] Apache 2.0 Path Disclosure Vulnerability
7317| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7318| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7319| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7320| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7321| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7322| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7323| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7324| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7325| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7326| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7327| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7328| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7329| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7330| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7331| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7332| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7333| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7334| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7335| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7336| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7337| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7338| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7339| [20558] Apache 1.2 Web Server DoS Vulnerability
7340| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7341| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7342| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7343| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7344| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7345| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7346| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7347| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7348| [19231] PHP apache_request_headers Function Buffer Overflow
7349| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7350| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7351| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7352| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7353| [18442] Apache httpOnly Cookie Disclosure
7354| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7355| [18221] Apache HTTP Server Denial of Service
7356| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7357| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7358| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7359| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7360| [16782] Apache Win32 Chunked Encoding
7361| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7362| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7363| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7364| [15319] Apache 2.2 (Windows) Local Denial of Service
7365| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7366| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7367| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7368| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7369| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7370| [12330] Apache OFBiz - Multiple XSS
7371| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7372| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7373| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7374| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7375| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7376| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7377| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7378| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7379| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7380| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7381| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7382| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7383| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7384| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7385| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7386| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7387| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7388| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7389| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7390| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7391| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7392| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7393| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7394| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7395| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7396| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7397| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7398| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7399| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7400| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7401| [466] htpasswd Apache 1.3.31 - Local Exploit
7402| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7403| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7404| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7405| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7406| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7407| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7408| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7409| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7410| [9] Apache HTTP Server 2.x Memory Leak Exploit
7411|
7412| OpenVAS (Nessus) - http://www.openvas.org:
7413| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7414| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7415| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7416| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7417| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7418| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7419| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7420| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7421| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7422| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7423| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7424| [900571] Apache APR-Utils Version Detection
7425| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7426| [900496] Apache Tiles Multiple XSS Vulnerability
7427| [900493] Apache Tiles Version Detection
7428| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7429| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7430| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7431| [870175] RedHat Update for apache RHSA-2008:0004-01
7432| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7433| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7434| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7435| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7436| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7437| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7438| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7439| [855821] Solaris Update for Apache 1.3 122912-19
7440| [855812] Solaris Update for Apache 1.3 122911-19
7441| [855737] Solaris Update for Apache 1.3 122911-17
7442| [855731] Solaris Update for Apache 1.3 122912-17
7443| [855695] Solaris Update for Apache 1.3 122911-16
7444| [855645] Solaris Update for Apache 1.3 122912-16
7445| [855587] Solaris Update for kernel update and Apache 108529-29
7446| [855566] Solaris Update for Apache 116973-07
7447| [855531] Solaris Update for Apache 116974-07
7448| [855524] Solaris Update for Apache 2 120544-14
7449| [855494] Solaris Update for Apache 1.3 122911-15
7450| [855478] Solaris Update for Apache Security 114145-11
7451| [855472] Solaris Update for Apache Security 113146-12
7452| [855179] Solaris Update for Apache 1.3 122912-15
7453| [855147] Solaris Update for kernel update and Apache 108528-29
7454| [855077] Solaris Update for Apache 2 120543-14
7455| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7456| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7457| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7458| [841209] Ubuntu Update for apache2 USN-1627-1
7459| [840900] Ubuntu Update for apache2 USN-1368-1
7460| [840798] Ubuntu Update for apache2 USN-1259-1
7461| [840734] Ubuntu Update for apache2 USN-1199-1
7462| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7463| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7464| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7465| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7466| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7467| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7468| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7469| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7470| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7471| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7472| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7473| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7474| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7475| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7476| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7477| [835188] HP-UX Update for Apache HPSBUX02308
7478| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7479| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7480| [835172] HP-UX Update for Apache HPSBUX02365
7481| [835168] HP-UX Update for Apache HPSBUX02313
7482| [835148] HP-UX Update for Apache HPSBUX01064
7483| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7484| [835131] HP-UX Update for Apache HPSBUX00256
7485| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7486| [835104] HP-UX Update for Apache HPSBUX00224
7487| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7488| [835101] HP-UX Update for Apache HPSBUX01232
7489| [835080] HP-UX Update for Apache HPSBUX02273
7490| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7491| [835044] HP-UX Update for Apache HPSBUX01019
7492| [835040] HP-UX Update for Apache PHP HPSBUX00207
7493| [835025] HP-UX Update for Apache HPSBUX00197
7494| [835023] HP-UX Update for Apache HPSBUX01022
7495| [835022] HP-UX Update for Apache HPSBUX02292
7496| [835005] HP-UX Update for Apache HPSBUX02262
7497| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7498| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7499| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7500| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7501| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7502| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7503| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7504| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7505| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7506| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7507| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7508| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7509| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7510| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7511| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7512| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7513| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7514| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7515| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7516| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7517| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7518| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7519| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7520| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7521| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7522| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7523| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7524| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7525| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7526| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7527| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7528| [801942] Apache Archiva Multiple Vulnerabilities
7529| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7530| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7531| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7532| [801284] Apache Derby Information Disclosure Vulnerability
7533| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7534| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7535| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7536| [800680] Apache APR Version Detection
7537| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7538| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7539| [800677] Apache Roller Version Detection
7540| [800279] Apache mod_jk Module Version Detection
7541| [800278] Apache Struts Cross Site Scripting Vulnerability
7542| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7543| [800276] Apache Struts Version Detection
7544| [800271] Apache Struts Directory Traversal Vulnerability
7545| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7546| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7547| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7548| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7549| [103074] Apache Continuum Cross Site Scripting Vulnerability
7550| [103073] Apache Continuum Detection
7551| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7552| [101023] Apache Open For Business Weak Password security check
7553| [101020] Apache Open For Business HTML injection vulnerability
7554| [101019] Apache Open For Business service detection
7555| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7556| [100923] Apache Archiva Detection
7557| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7558| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7559| [100813] Apache Axis2 Detection
7560| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7561| [100795] Apache Derby Detection
7562| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7563| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7564| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7565| [100514] Apache Multiple Security Vulnerabilities
7566| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7567| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7568| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7569| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7570| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7571| [72612] FreeBSD Ports: apache22
7572| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7573| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7574| [71512] FreeBSD Ports: apache
7575| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7576| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7577| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7578| [70737] FreeBSD Ports: apache
7579| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7580| [70600] FreeBSD Ports: apache
7581| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7582| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7583| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7584| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7585| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7586| [67868] FreeBSD Ports: apache
7587| [66816] FreeBSD Ports: apache
7588| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7589| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7590| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7591| [66081] SLES11: Security update for Apache 2
7592| [66074] SLES10: Security update for Apache 2
7593| [66070] SLES9: Security update for Apache 2
7594| [65998] SLES10: Security update for apache2-mod_python
7595| [65893] SLES10: Security update for Apache 2
7596| [65888] SLES10: Security update for Apache 2
7597| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7598| [65510] SLES9: Security update for Apache 2
7599| [65472] SLES9: Security update for Apache
7600| [65467] SLES9: Security update for Apache
7601| [65450] SLES9: Security update for apache2
7602| [65390] SLES9: Security update for Apache2
7603| [65363] SLES9: Security update for Apache2
7604| [65309] SLES9: Security update for Apache and mod_ssl
7605| [65296] SLES9: Security update for webdav apache module
7606| [65283] SLES9: Security update for Apache2
7607| [65249] SLES9: Security update for Apache 2
7608| [65230] SLES9: Security update for Apache 2
7609| [65228] SLES9: Security update for Apache 2
7610| [65212] SLES9: Security update for apache2-mod_python
7611| [65209] SLES9: Security update for apache2-worker
7612| [65207] SLES9: Security update for Apache 2
7613| [65168] SLES9: Security update for apache2-mod_python
7614| [65142] SLES9: Security update for Apache2
7615| [65136] SLES9: Security update for Apache 2
7616| [65132] SLES9: Security update for apache
7617| [65131] SLES9: Security update for Apache 2 oes/CORE
7618| [65113] SLES9: Security update for apache2
7619| [65072] SLES9: Security update for apache and mod_ssl
7620| [65017] SLES9: Security update for Apache 2
7621| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7622| [64783] FreeBSD Ports: apache
7623| [64774] Ubuntu USN-802-2 (apache2)
7624| [64653] Ubuntu USN-813-2 (apache2)
7625| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7626| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7627| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7628| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7629| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7630| [64443] Ubuntu USN-802-1 (apache2)
7631| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7632| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7633| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7634| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7635| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7636| [64201] Ubuntu USN-787-1 (apache2)
7637| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7638| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7639| [63565] FreeBSD Ports: apache
7640| [63562] Ubuntu USN-731-1 (apache2)
7641| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7642| [61185] FreeBSD Ports: apache
7643| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7644| [60387] Slackware Advisory SSA:2008-045-02 apache
7645| [58826] FreeBSD Ports: apache-tomcat
7646| [58825] FreeBSD Ports: apache-tomcat
7647| [58804] FreeBSD Ports: apache
7648| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7649| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7650| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7651| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7652| [57335] Debian Security Advisory DSA 1167-1 (apache)
7653| [57201] Debian Security Advisory DSA 1131-1 (apache)
7654| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7655| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7656| [57145] FreeBSD Ports: apache
7657| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7658| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7659| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7660| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7661| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7662| [56067] FreeBSD Ports: apache
7663| [55803] Slackware Advisory SSA:2005-310-04 apache
7664| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7665| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7666| [55355] FreeBSD Ports: apache
7667| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7668| [55261] Debian Security Advisory DSA 805-1 (apache2)
7669| [55259] Debian Security Advisory DSA 803-1 (apache)
7670| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7671| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7672| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7673| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7674| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7675| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7676| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7677| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7678| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7679| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7680| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7681| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7682| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7683| [54439] FreeBSD Ports: apache
7684| [53931] Slackware Advisory SSA:2004-133-01 apache
7685| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7686| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7687| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7688| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7689| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7690| [53848] Debian Security Advisory DSA 131-1 (apache)
7691| [53784] Debian Security Advisory DSA 021-1 (apache)
7692| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7693| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7694| [53735] Debian Security Advisory DSA 187-1 (apache)
7695| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7696| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7697| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7698| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7699| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7700| [53282] Debian Security Advisory DSA 594-1 (apache)
7701| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7702| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7703| [53215] Debian Security Advisory DSA 525-1 (apache)
7704| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7705| [52529] FreeBSD Ports: apache+ssl
7706| [52501] FreeBSD Ports: apache
7707| [52461] FreeBSD Ports: apache
7708| [52390] FreeBSD Ports: apache
7709| [52389] FreeBSD Ports: apache
7710| [52388] FreeBSD Ports: apache
7711| [52383] FreeBSD Ports: apache
7712| [52339] FreeBSD Ports: apache+mod_ssl
7713| [52331] FreeBSD Ports: apache
7714| [52329] FreeBSD Ports: ru-apache+mod_ssl
7715| [52314] FreeBSD Ports: apache
7716| [52310] FreeBSD Ports: apache
7717| [15588] Detect Apache HTTPS
7718| [15555] Apache mod_proxy content-length buffer overflow
7719| [15554] Apache mod_include priviledge escalation
7720| [14771] Apache <= 1.3.33 htpasswd local overflow
7721| [14177] Apache mod_access rule bypass
7722| [13644] Apache mod_rootme Backdoor
7723| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7724| [12280] Apache Connection Blocking Denial of Service
7725| [12239] Apache Error Log Escape Sequence Injection
7726| [12123] Apache Tomcat source.jsp malformed request information disclosure
7727| [12085] Apache Tomcat servlet/JSP container default files
7728| [11438] Apache Tomcat Directory Listing and File disclosure
7729| [11204] Apache Tomcat Default Accounts
7730| [11092] Apache 2.0.39 Win32 directory traversal
7731| [11046] Apache Tomcat TroubleShooter Servlet Installed
7732| [11042] Apache Tomcat DOS Device Name XSS
7733| [11041] Apache Tomcat /servlet Cross Site Scripting
7734| [10938] Apache Remote Command Execution via .bat files
7735| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7736| [10773] MacOS X Finder reveals contents of Apache Web files
7737| [10766] Apache UserDir Sensitive Information Disclosure
7738| [10756] MacOS X Finder reveals contents of Apache Web directories
7739| [10752] Apache Auth Module SQL Insertion Attack
7740| [10704] Apache Directory Listing
7741| [10678] Apache /server-info accessible
7742| [10677] Apache /server-status accessible
7743| [10440] Check for Apache Multiple / vulnerability
7744|
7745| SecurityTracker - https://www.securitytracker.com:
7746| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7747| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7748| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7749| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7750| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7751| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7752| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7753| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7754| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7755| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7756| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7757| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7758| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7759| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7760| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7761| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7762| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7763| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7764| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7765| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7766| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7767| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7768| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7769| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7770| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7771| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7772| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7773| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7774| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7775| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7776| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7777| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7778| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7779| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7780| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7781| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7782| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7783| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7784| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7785| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7786| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7787| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7788| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7789| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7790| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7791| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7792| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7793| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7794| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7795| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7796| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7797| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7798| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7799| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7800| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7801| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7802| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7803| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7804| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7805| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7806| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7807| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7808| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7809| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7810| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7811| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7812| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7813| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7814| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7815| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7816| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7817| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7818| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7819| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7820| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7821| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7822| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7823| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7824| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7825| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7826| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7827| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7828| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7829| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7830| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7831| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7832| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7833| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7834| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7835| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7836| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7837| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7838| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7839| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7840| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7841| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7842| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7843| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7844| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7845| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7846| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7847| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7848| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7849| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7850| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7851| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7852| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7853| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7854| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7855| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7856| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7857| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7858| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7859| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7860| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7861| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7862| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7863| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7864| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7865| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7866| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7867| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7868| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7869| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7870| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7871| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7872| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7873| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7874| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7875| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7876| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7877| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7878| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7879| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7880| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7881| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7882| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7883| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7884| [1008920] Apache mod_digest May Validate Replayed Client Responses
7885| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7886| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7887| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7888| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7889| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7890| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7891| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7892| [1008029] Apache mod_alias Contains a Buffer Overflow
7893| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7894| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7895| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7896| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7897| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7898| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7899| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7900| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7901| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7902| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7903| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7904| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7905| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7906| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7907| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7908| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7909| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7910| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7911| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7912| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7913| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7914| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7915| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7916| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7917| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7918| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7919| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7920| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7921| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7922| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7923| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7924| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7925| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7926| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7927| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7928| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7929| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7930| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7931| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7932| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7933| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7934| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7935| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7936| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7937| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7938| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7939| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7940| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7941| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7942| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7943| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7944| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7945| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7946| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7947| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7948| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7949|
7950| OSVDB - http://www.osvdb.org:
7951| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7952| [96077] Apache CloudStack Global Settings Multiple Field XSS
7953| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7954| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7955| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7956| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7957| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7958| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7959| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7960| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7961| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7962| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7963| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7964| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7965| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7966| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7967| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7968| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7969| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7970| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7971| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7972| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7973| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7974| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7975| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7976| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7977| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7978| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7979| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7980| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7981| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7982| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7983| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7984| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7985| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7986| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7987| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7988| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7989| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7990| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7991| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7992| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7993| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7994| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7995| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7996| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7997| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7998| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7999| [94279] Apache Qpid CA Certificate Validation Bypass
8000| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8001| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8002| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8003| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8004| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8005| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8006| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8007| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8008| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8009| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8010| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8011| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8012| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8013| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8014| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8015| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8016| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8017| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8018| [93541] Apache Solr json.wrf Callback XSS
8019| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8020| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8021| [93520] Apache CloudStack Default SSL Key Weakness
8022| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8023| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8024| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8025| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8026| [93515] Apache HBase table.jsp name Parameter XSS
8027| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8028| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8029| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8030| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8031| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8032| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8033| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8034| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8035| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8036| [93252] Apache Tomcat FORM Authenticator Session Fixation
8037| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8038| [93171] Apache Sling HtmlResponse Error Message XSS
8039| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8040| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8041| [93168] Apache Click ErrorReport.java id Parameter XSS
8042| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8043| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8044| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8045| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8046| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8047| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8048| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8049| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8050| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8051| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8052| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8053| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8054| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8055| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8056| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8057| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8058| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8059| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8060| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8061| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8062| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8063| [93144] Apache Solr Admin Command Execution CSRF
8064| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8065| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8066| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8067| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8068| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8069| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8070| [92748] Apache CloudStack VM Console Access Restriction Bypass
8071| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8072| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8073| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8074| [92706] Apache ActiveMQ Debug Log Rendering XSS
8075| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8076| [92270] Apache Tomcat Unspecified CSRF
8077| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8078| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8079| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8080| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8081| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8082| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8083| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8084| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8085| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8086| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8087| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8088| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8089| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8090| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8091| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8092| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8093| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8094| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8095| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8096| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8097| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8098| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8099| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8100| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8101| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8102| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8103| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8104| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8105| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8106| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8107| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8108| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8109| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8110| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8111| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8112| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8113| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8114| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8115| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8116| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8117| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8118| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8119| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8120| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8121| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8122| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8123| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8124| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8125| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8126| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8127| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8128| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8129| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8130| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8131| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8132| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8133| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8134| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8135| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8136| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8137| [86901] Apache Tomcat Error Message Path Disclosure
8138| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8139| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8140| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8141| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8142| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8143| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8144| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8145| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8146| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8147| [85430] Apache mod_pagespeed Module Unspecified XSS
8148| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8149| [85249] Apache Wicket Unspecified XSS
8150| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8151| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8152| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8153| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8154| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8155| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8156| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8157| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8158| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8159| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8160| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8161| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8162| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8163| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8164| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8165| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8166| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8167| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8168| [83339] Apache Roller Blogger Roll Unspecified XSS
8169| [83270] Apache Roller Unspecified Admin Action CSRF
8170| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8171| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8172| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8173| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8174| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8175| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8176| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8177| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8178| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8179| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8180| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8181| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8182| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8183| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8184| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8185| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8186| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8187| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8188| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8189| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8190| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8191| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8192| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8193| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8194| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8195| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8196| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8197| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8198| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8199| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8200| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8201| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8202| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8203| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8204| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8205| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8206| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8207| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8208| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8209| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8210| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8211| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8212| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8213| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8214| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8215| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8216| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8217| [77593] Apache Struts Conversion Error OGNL Expression Injection
8218| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8219| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8220| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8221| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8222| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8223| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8224| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8225| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8226| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8227| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8228| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8229| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8230| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8231| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8232| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8233| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8234| [74725] Apache Wicket Multi Window Support Unspecified XSS
8235| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8236| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8237| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8238| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8239| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8240| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8241| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8242| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8243| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8244| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8245| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8246| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8247| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8248| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8249| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8250| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8251| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8252| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8253| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8254| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8255| [73154] Apache Archiva Multiple Unspecified CSRF
8256| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8257| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8258| [72238] Apache Struts Action / Method Names <
8259| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8260| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8261| [71557] Apache Tomcat HTML Manager Multiple XSS
8262| [71075] Apache Archiva User Management Page XSS
8263| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8264| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8265| [70924] Apache Continuum Multiple Admin Function CSRF
8266| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8267| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8268| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8269| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8270| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8271| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8272| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8273| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8274| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8275| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8276| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8277| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8278| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8279| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8280| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8281| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8282| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8283| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8284| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8285| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8286| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8287| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8288| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8289| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8290| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8291| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8292| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8293| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8294| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8295| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8296| [65054] Apache ActiveMQ Jetty Error Handler XSS
8297| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8298| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8299| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8300| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8301| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8302| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8303| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8304| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8305| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8306| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8307| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8308| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8309| [63895] Apache HTTP Server mod_headers Unspecified Issue
8310| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8311| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8312| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8313| [63140] Apache Thrift Service Malformed Data Remote DoS
8314| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8315| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8316| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8317| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8318| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8319| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8320| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8321| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8322| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8323| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8324| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8325| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8326| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8327| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8328| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8329| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8330| [60678] Apache Roller Comment Email Notification Manipulation DoS
8331| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8332| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8333| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8334| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8335| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8336| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8337| [60232] PHP on Apache php.exe Direct Request Remote DoS
8338| [60176] Apache Tomcat Windows Installer Admin Default Password
8339| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8340| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8341| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8342| [59944] Apache Hadoop jobhistory.jsp XSS
8343| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8344| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8345| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8346| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8347| [59019] Apache mod_python Cookie Salting Weakness
8348| [59018] Apache Harmony Error Message Handling Overflow
8349| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8350| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8351| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8352| [59010] Apache Solr get-file.jsp XSS
8353| [59009] Apache Solr action.jsp XSS
8354| [59008] Apache Solr analysis.jsp XSS
8355| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8356| [59006] Apache Beehive select / checkbox Tag XSS
8357| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8358| [59004] Apache Beehive Error Message XSS
8359| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8360| [59002] Apache Jetspeed default-page.psml URI XSS
8361| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8362| [59000] Apache CXF Unsigned Message Policy Bypass
8363| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8364| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8365| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8366| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8367| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8368| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8369| [58993] Apache Hadoop browseBlock.jsp XSS
8370| [58991] Apache Hadoop browseDirectory.jsp XSS
8371| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8372| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8373| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8374| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8375| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8376| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8377| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8378| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8379| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8380| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8381| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8382| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8383| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8384| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8385| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8386| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8387| [58974] Apache Sling /apps Script User Session Management Access Weakness
8388| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8389| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8390| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8391| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8392| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8393| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8394| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8395| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8396| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8397| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8398| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8399| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8400| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8401| [58805] Apache Derby Unauthenticated Database / Admin Access
8402| [58804] Apache Wicket Header Contribution Unspecified Issue
8403| [58803] Apache Wicket Session Fixation
8404| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8405| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8406| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8407| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8408| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8409| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8410| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8411| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8412| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8413| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8414| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8415| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8416| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8417| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8418| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8419| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8420| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8421| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8422| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8423| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8424| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8425| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8426| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8427| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8428| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8429| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8430| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8431| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8432| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8433| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8434| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8435| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8436| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8437| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8438| [58755] Apache Harmony DRLVM Non-public Class Member Access
8439| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8440| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8441| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8442| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8443| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8444| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8445| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8446| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8447| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8448| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8449| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8450| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8451| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8452| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8453| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8454| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8455| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8456| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8457| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8458| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8459| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8460| [58724] Apache Roller Logout Functionality Failure Session Persistence
8461| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8462| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8463| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8464| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8465| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8466| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8467| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8468| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8469| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8470| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8471| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8472| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8473| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8474| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8475| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8476| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8477| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8478| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8479| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8480| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8481| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8482| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8483| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8484| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8485| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8486| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8487| [58687] Apache Axis Invalid wsdl Request XSS
8488| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8489| [58685] Apache Velocity Template Designer Privileged Code Execution
8490| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8491| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8492| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8493| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8494| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8495| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8496| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8497| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8498| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8499| [58667] Apache Roller Database Cleartext Passwords Disclosure
8500| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8501| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8502| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8503| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8504| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8505| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8506| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8507| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8508| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8509| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8510| [56984] Apache Xerces2 Java Malformed XML Input DoS
8511| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8512| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8513| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8514| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8515| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8516| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8517| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8518| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8519| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8520| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8521| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8522| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8523| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8524| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8525| [55056] Apache Tomcat Cross-application TLD File Manipulation
8526| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8527| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8528| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8529| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8530| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8531| [54589] Apache Jserv Nonexistent JSP Request XSS
8532| [54122] Apache Struts s:a / s:url Tag href Element XSS
8533| [54093] Apache ActiveMQ Web Console JMS Message XSS
8534| [53932] Apache Geronimo Multiple Admin Function CSRF
8535| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8536| [53930] Apache Geronimo /console/portal/ URI XSS
8537| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8538| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8539| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8540| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8541| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8542| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8543| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8544| [53380] Apache Struts Unspecified XSS
8545| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8546| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8547| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8548| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8549| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8550| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8551| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8552| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8553| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8554| [51151] Apache Roller Search Function q Parameter XSS
8555| [50482] PHP with Apache php_value Order Unspecified Issue
8556| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8557| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8558| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8559| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8560| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8561| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8562| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8563| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8564| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8565| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8566| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8567| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8568| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8569| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8570| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8571| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8572| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8573| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8574| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8575| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8576| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8577| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8578| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8579| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8580| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8581| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8582| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8583| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8584| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8585| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8586| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8587| [43452] Apache Tomcat HTTP Request Smuggling
8588| [43309] Apache Geronimo LoginModule Login Method Bypass
8589| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8590| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8591| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8592| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8593| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8594| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8595| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8596| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8597| [42091] Apache Maven Site Plugin Installation Permission Weakness
8598| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8599| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8600| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8601| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8602| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8603| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8604| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8605| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8606| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8607| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8608| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8609| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8610| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8611| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8612| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8613| [40262] Apache HTTP Server mod_status refresh XSS
8614| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8615| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8616| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8617| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8618| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8619| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8620| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8621| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8622| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8623| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8624| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8625| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8626| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8627| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8628| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8629| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8630| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8631| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8632| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8633| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8634| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8635| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8636| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8637| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8638| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8639| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8640| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8641| [36079] Apache Tomcat Manager Uploaded Filename XSS
8642| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8643| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8644| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8645| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8646| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8647| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8648| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8649| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8650| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8651| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8652| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8653| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8654| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8655| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8656| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8657| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8658| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8659| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8660| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8661| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8662| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8663| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8664| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8665| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8666| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8667| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8668| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8669| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8670| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8671| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8672| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8673| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8674| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8675| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8676| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8677| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8678| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8679| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8680| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8681| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8682| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8683| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8684| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8685| [24365] Apache Struts Multiple Function Error Message XSS
8686| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8687| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8688| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8689| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8690| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8691| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8692| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8693| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8694| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8695| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8696| [22459] Apache Geronimo Error Page XSS
8697| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8698| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8699| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8700| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8701| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8702| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8703| [21021] Apache Struts Error Message XSS
8704| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8705| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8706| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8707| [20439] Apache Tomcat Directory Listing Saturation DoS
8708| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8709| [20285] Apache HTTP Server Log File Control Character Injection
8710| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8711| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8712| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8713| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8714| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8715| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8716| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8717| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8718| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8719| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8720| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8721| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8722| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8723| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8724| [18233] Apache HTTP Server htdigest user Variable Overfow
8725| [17738] Apache HTTP Server HTTP Request Smuggling
8726| [16586] Apache HTTP Server Win32 GET Overflow DoS
8727| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8728| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8729| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8730| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8731| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8732| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8733| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8734| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8735| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8736| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8737| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8738| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8739| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8740| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8741| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8742| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8743| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8744| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8745| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8746| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8747| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8748| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8749| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8750| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8751| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8752| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8753| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8754| [13304] Apache Tomcat realPath.jsp Path Disclosure
8755| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8756| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8757| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8758| [12848] Apache HTTP Server htdigest realm Variable Overflow
8759| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8760| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8761| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8762| [12557] Apache HTTP Server prefork MPM accept Error DoS
8763| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8764| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8765| [12231] Apache Tomcat web.xml Arbitrary File Access
8766| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8767| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8768| [12178] Apache Jakarta Lucene results.jsp XSS
8769| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8770| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8771| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8772| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8773| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8774| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8775| [10471] Apache Xerces-C++ XML Parser DoS
8776| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8777| [10068] Apache HTTP Server htpasswd Local Overflow
8778| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8779| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8780| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8781| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8782| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8783| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8784| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8785| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8786| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8787| [9714] Apache Authentication Module Threaded MPM DoS
8788| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8789| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8790| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8791| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8792| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8793| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8794| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8795| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8796| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8797| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8798| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8799| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8800| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8801| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8802| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8803| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8804| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8805| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8806| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8807| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8808| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8809| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8810| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8811| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8812| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8813| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8814| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8815| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8816| [9208] Apache Tomcat .jsp Encoded Newline XSS
8817| [9204] Apache Tomcat ROOT Application XSS
8818| [9203] Apache Tomcat examples Application XSS
8819| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8820| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8821| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8822| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8823| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8824| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8825| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8826| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8827| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8828| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8829| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8830| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8831| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8832| [7611] Apache HTTP Server mod_alias Local Overflow
8833| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8834| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8835| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8836| [6882] Apache mod_python Malformed Query String Variant DoS
8837| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8838| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8839| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8840| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8841| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8842| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8843| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8844| [5278] Apache Tomcat web.xml Restriction Bypass
8845| [5051] Apache Tomcat Null Character DoS
8846| [4973] Apache Tomcat servlet Mapping XSS
8847| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8848| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8849| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8850| [4568] mod_survey For Apache ENV Tags SQL Injection
8851| [4553] Apache HTTP Server ApacheBench Overflow DoS
8852| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8853| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8854| [4383] Apache HTTP Server Socket Race Condition DoS
8855| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8856| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8857| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8858| [4231] Apache Cocoon Error Page Server Path Disclosure
8859| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8860| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8861| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8862| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8863| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8864| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8865| [3322] mod_php for Apache HTTP Server Process Hijack
8866| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8867| [2885] Apache mod_python Malformed Query String DoS
8868| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8869| [2733] Apache HTTP Server mod_rewrite Local Overflow
8870| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8871| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8872| [2149] Apache::Gallery Privilege Escalation
8873| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8874| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8875| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8876| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8877| [872] Apache Tomcat Multiple Default Accounts
8878| [862] Apache HTTP Server SSI Error Page XSS
8879| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8880| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8881| [845] Apache Tomcat MSDOS Device XSS
8882| [844] Apache Tomcat Java Servlet Error Page XSS
8883| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8884| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8885| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8886| [775] Apache mod_python Module Importing Privilege Function Execution
8887| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8888| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8889| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8890| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8891| [637] Apache HTTP Server UserDir Directive Username Enumeration
8892| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8893| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8894| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8895| [561] Apache Web Servers mod_status /server-status Information Disclosure
8896| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8897| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8898| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8899| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8900| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8901| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8902| [376] Apache Tomcat contextAdmin Arbitrary File Access
8903| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8904| [222] Apache HTTP Server test-cgi Arbitrary File Access
8905| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8906| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8907|_
8908110/tcp open pop3 Dovecot pop3d
8909| vulscan: VulDB - https://vuldb.com:
8910| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8911| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
8912| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
8913| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
8914| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
8915| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
8916| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
8917| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
8918| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
8919| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
8920| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
8921| [69835] Dovecot 2.2.0/2.2.1 denial of service
8922| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
8923| [65684] Dovecot up to 2.2.6 unknown vulnerability
8924| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
8925| [63692] Dovecot up to 2.0.15 spoofing
8926| [7062] Dovecot 2.1.10 mail-search.c denial of service
8927| [57517] Dovecot up to 2.0.12 Login directory traversal
8928| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
8929| [57515] Dovecot up to 2.0.12 Crash denial of service
8930| [54944] Dovecot up to 1.2.14 denial of service
8931| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
8932| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
8933| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
8934| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
8935| [53277] Dovecot up to 1.2.10 denial of service
8936| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
8937| [45256] Dovecot up to 1.1.5 directory traversal
8938| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
8939| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8940| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8941| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
8942| [40356] Dovecot 1.0.9 Cache unknown vulnerability
8943| [38222] Dovecot 1.0.2 directory traversal
8944| [36376] Dovecot up to 1.0.x directory traversal
8945| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
8946|
8947| MITRE CVE - https://cve.mitre.org:
8948| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
8949| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
8950| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
8951| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
8952| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
8953| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
8954| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
8955| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8956| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8957| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
8958| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
8959| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
8960| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
8961| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
8962| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
8963| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
8964| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
8965| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
8966| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
8967| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
8968| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
8969| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
8970| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
8971| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
8972| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
8973| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
8974| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
8975| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
8976| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
8977| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
8978| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
8979| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
8980| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
8981| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
8982| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
8983| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
8984| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
8985|
8986| SecurityFocus - https://www.securityfocus.com/bid/:
8987| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
8988| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
8989| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
8990| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
8991| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
8992| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
8993| [67306] Dovecot Denial of Service Vulnerability
8994| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
8995| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
8996| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
8997| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8998| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
8999| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9000| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9001| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9002| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9003| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9004| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9005| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9006| [39838] tpop3d Remote Denial of Service Vulnerability
9007| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9008| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9009| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9010| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9011| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9012| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9013| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9014| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9015| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9016| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9017| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9018| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9019| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9020| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9021| [17961] Dovecot Remote Information Disclosure Vulnerability
9022| [16672] Dovecot Double Free Denial of Service Vulnerability
9023| [8495] akpop3d User Name SQL Injection Vulnerability
9024| [8473] Vpop3d Remote Denial Of Service Vulnerability
9025| [3990] ZPop3D Bad Login Logging Failure Vulnerability
9026| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
9027|
9028| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9029| [86382] Dovecot POP3 Service denial of service
9030| [84396] Dovecot IMAP APPEND denial of service
9031| [80453] Dovecot mail-search.c denial of service
9032| [71354] Dovecot SSL Common Name (CN) weak security
9033| [67675] Dovecot script-login security bypass
9034| [67674] Dovecot script-login directory traversal
9035| [67589] Dovecot header name denial of service
9036| [63267] Apple Mac OS X Dovecot information disclosure
9037| [62340] Dovecot mailbox security bypass
9038| [62339] Dovecot IMAP or POP3 denial of service
9039| [62256] Dovecot mailbox security bypass
9040| [62255] Dovecot ACL entry security bypass
9041| [60639] Dovecot ACL plugin weak security
9042| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9043| [56763] Dovecot header denial of service
9044| [54363] Dovecot base_dir privilege escalation
9045| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9046| [46323] Dovecot dovecot.conf information disclosure
9047| [46227] Dovecot message parsing denial of service
9048| [45669] Dovecot ACL mailbox security bypass
9049| [45667] Dovecot ACL plugin rights security bypass
9050| [41085] Dovecot TAB characters authentication bypass
9051| [41009] Dovecot mail_extra_groups option unauthorized access
9052| [39342] Dovecot LDAP auth cache configuration security bypass
9053| [35767] Dovecot ACL plugin security bypass
9054| [34082] Dovecot mbox-storage.c directory traversal
9055| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9056| [26578] Cyrus IMAP pop3d buffer overflow
9057| [26536] Dovecot IMAP LIST information disclosure
9058| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9059| [24709] Dovecot APPEND command denial of service
9060| [13018] akpop3d authentication code SQL injection
9061| [7345] Slackware Linux imapd and ipop3d core dump
9062| [6269] imap, ipop2d and ipop3d buffer overflows
9063| [5923] Linuxconf vpop3d symbolic link
9064| [4918] IPOP3D, Buffer overflow attack
9065| [1560] IPOP3D, user login successful
9066| [1559] IPOP3D user login to remote host successful
9067| [1525] IPOP3D, user logout
9068| [1524] IPOP3D, user auto-logout
9069| [1523] IPOP3D, user login failure
9070| [1522] IPOP3D, brute force attack
9071| [1521] IPOP3D, user kiss of death logout
9072| [418] pop3d mktemp creates insecure temporary files
9073|
9074| Exploit-DB - https://www.exploit-db.com:
9075| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9076| [23053] Vpop3d Remote Denial of Service Vulnerability
9077| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9078| [11893] tPop3d 1.5.3 DoS
9079| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9080| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9081| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9082| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9083|
9084| OpenVAS (Nessus) - http://www.openvas.org:
9085| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9086| [901025] Dovecot Version Detection
9087| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9088| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9089| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9090| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9091| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9092| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9093| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9094| [863272] Fedora Update for dovecot FEDORA-2011-7612
9095| [863115] Fedora Update for dovecot FEDORA-2011-7258
9096| [861525] Fedora Update for dovecot FEDORA-2007-664
9097| [861394] Fedora Update for dovecot FEDORA-2007-493
9098| [861333] Fedora Update for dovecot FEDORA-2007-1485
9099| [860845] Fedora Update for dovecot FEDORA-2008-9202
9100| [860663] Fedora Update for dovecot FEDORA-2008-2475
9101| [860169] Fedora Update for dovecot FEDORA-2008-2464
9102| [860089] Fedora Update for dovecot FEDORA-2008-9232
9103| [840950] Ubuntu Update for dovecot USN-1295-1
9104| [840668] Ubuntu Update for dovecot USN-1143-1
9105| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9106| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9107| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9108| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9109| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9110| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9111| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9112| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9113| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9114| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9115| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9116| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9117| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9118| [70259] FreeBSD Ports: dovecot
9119| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9120| [66522] FreeBSD Ports: dovecot
9121| [65010] Ubuntu USN-838-1 (dovecot)
9122| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9123| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9124| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9125| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9126| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9127| [62854] FreeBSD Ports: dovecot-managesieve
9128| [61916] FreeBSD Ports: dovecot
9129| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9130| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9131| [60528] FreeBSD Ports: dovecot
9132| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9133| [60089] FreeBSD Ports: dovecot
9134| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9135| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9136|
9137| SecurityTracker - https://www.securitytracker.com:
9138| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9139| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9140| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9141|
9142| OSVDB - http://www.osvdb.org:
9143| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9144| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9145| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9146| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9147| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9148| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9149| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9150| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9151| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9152| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9153| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9154| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9155| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9156| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9157| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9158| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9159| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9160| [66110] Dovecot Multiple Unspecified Buffer Overflows
9161| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9162| [64783] Dovecot E-mail Message Header Unspecified DoS
9163| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9164| [62796] Dovecot mbox Format Email Header Handling DoS
9165| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9166| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9167| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9168| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9169| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9170| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9171| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9172| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9173| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9174| [39876] Dovecot LDAP Auth Cache Security Bypass
9175| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9176| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9177| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9178| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9179| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9180| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9181| [23280] Dovecot Malformed APPEND Command DoS
9182| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
9183| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9184| [5857] Linux pop3d Arbitrary Mail File Access
9185| [2471] akpop3d username SQL Injection
9186|_
9187139/tcp closed netbios-ssn
9188143/tcp open imap Dovecot imapd
9189| vulscan: VulDB - https://vuldb.com:
9190| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
9191| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
9192| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
9193| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
9194| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
9195| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
9196| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
9197| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
9198| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
9199| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
9200| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
9201| [69835] Dovecot 2.2.0/2.2.1 denial of service
9202| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
9203| [65684] Dovecot up to 2.2.6 unknown vulnerability
9204| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
9205| [63692] Dovecot up to 2.0.15 spoofing
9206| [7062] Dovecot 2.1.10 mail-search.c denial of service
9207| [59792] Cyrus IMAPd 2.4.11 weak authentication
9208| [57517] Dovecot up to 2.0.12 Login directory traversal
9209| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
9210| [57515] Dovecot up to 2.0.12 Crash denial of service
9211| [54944] Dovecot up to 1.2.14 denial of service
9212| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
9213| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
9214| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
9215| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
9216| [53277] Dovecot up to 1.2.10 denial of service
9217| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
9218| [45256] Dovecot up to 1.1.5 directory traversal
9219| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
9220| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9221| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9222| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
9223| [40356] Dovecot 1.0.9 Cache unknown vulnerability
9224| [38222] Dovecot 1.0.2 directory traversal
9225| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
9226| [36376] Dovecot up to 1.0.x directory traversal
9227| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
9228| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
9229|
9230| MITRE CVE - https://cve.mitre.org:
9231| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
9232| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
9233| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
9234| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
9235| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
9236| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
9237| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
9238| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
9239| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
9240| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
9241| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9242| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9243| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
9244| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
9245| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
9246| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
9247| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
9248| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9249| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
9250| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
9251| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
9252| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
9253| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
9254| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
9255| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
9256| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
9257| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
9258| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
9259| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
9260| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
9261| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
9262| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
9263| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
9264| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
9265| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
9266| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
9267| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
9268| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
9269| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
9270| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
9271| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
9272| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
9273| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
9274| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
9275| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
9276| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
9277| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
9278| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
9279| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
9280| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
9281| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
9282| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
9283| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
9284| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
9285| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
9286| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
9287| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
9288| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
9289| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
9290|
9291| SecurityFocus - https://www.securityfocus.com/bid/:
9292| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
9293| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
9294| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
9295| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
9296| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
9297| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
9298| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
9299| [67306] Dovecot Denial of Service Vulnerability
9300| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
9301| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
9302| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
9303| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9304| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
9305| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9306| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
9307| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9308| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
9309| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9310| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9311| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9312| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9313| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9314| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9315| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9316| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9317| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9318| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9319| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9320| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9321| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9322| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9323| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
9324| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
9325| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9326| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9327| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
9328| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9329| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9330| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9331| [17961] Dovecot Remote Information Disclosure Vulnerability
9332| [16672] Dovecot Double Free Denial of Service Vulnerability
9333| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
9334| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
9335| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
9336| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
9337| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
9338| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
9339| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
9340| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
9341| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
9342| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
9343| [130] imapd Buffer Overflow Vulnerability
9344|
9345| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9346| [86382] Dovecot POP3 Service denial of service
9347| [84396] Dovecot IMAP APPEND denial of service
9348| [80453] Dovecot mail-search.c denial of service
9349| [71354] Dovecot SSL Common Name (CN) weak security
9350| [70325] Cyrus IMAPd NNTP security bypass
9351| [67675] Dovecot script-login security bypass
9352| [67674] Dovecot script-login directory traversal
9353| [67589] Dovecot header name denial of service
9354| [63267] Apple Mac OS X Dovecot information disclosure
9355| [62340] Dovecot mailbox security bypass
9356| [62339] Dovecot IMAP or POP3 denial of service
9357| [62256] Dovecot mailbox security bypass
9358| [62255] Dovecot ACL entry security bypass
9359| [60639] Dovecot ACL plugin weak security
9360| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9361| [56763] Dovecot header denial of service
9362| [54363] Dovecot base_dir privilege escalation
9363| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9364| [47526] UW-imapd rfc822_output_char() denial of service
9365| [46323] Dovecot dovecot.conf information disclosure
9366| [46227] Dovecot message parsing denial of service
9367| [45669] Dovecot ACL mailbox security bypass
9368| [45667] Dovecot ACL plugin rights security bypass
9369| [41085] Dovecot TAB characters authentication bypass
9370| [41009] Dovecot mail_extra_groups option unauthorized access
9371| [39342] Dovecot LDAP auth cache configuration security bypass
9372| [35767] Dovecot ACL plugin security bypass
9373| [34082] Dovecot mbox-storage.c directory traversal
9374| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9375| [26536] Dovecot IMAP LIST information disclosure
9376| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9377| [24709] Dovecot APPEND command denial of service
9378| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
9379| [19460] Cyrus IMAP imapd buffer overflow
9380| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
9381| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
9382| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
9383| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
9384| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
9385| [7345] Slackware Linux imapd and ipop3d core dump
9386| [573] Imapd denial of service
9387|
9388| Exploit-DB - https://www.exploit-db.com:
9389| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
9390| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9391| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
9392| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
9393| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
9394| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
9395| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
9396| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
9397| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
9398| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
9399| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
9400| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9401| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
9402| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
9403| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
9404| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
9405| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
9406| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
9407| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9408| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
9409| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
9410| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
9411| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9412| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9413| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9414| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
9415| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
9416| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
9417| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
9418| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
9419| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
9420| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
9421| [340] Linux imapd Remote Overflow File Retrieve Exploit
9422|
9423| OpenVAS (Nessus) - http://www.openvas.org:
9424| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9425| [901025] Dovecot Version Detection
9426| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
9427| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
9428| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9429| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
9430| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
9431| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9432| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
9433| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
9434| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
9435| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
9436| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
9437| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9438| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
9439| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9440| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
9441| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
9442| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
9443| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
9444| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
9445| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9446| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
9447| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
9448| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9449| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
9450| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9451| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
9452| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
9453| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
9454| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
9455| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
9456| [863272] Fedora Update for dovecot FEDORA-2011-7612
9457| [863115] Fedora Update for dovecot FEDORA-2011-7258
9458| [861525] Fedora Update for dovecot FEDORA-2007-664
9459| [861394] Fedora Update for dovecot FEDORA-2007-493
9460| [861333] Fedora Update for dovecot FEDORA-2007-1485
9461| [860845] Fedora Update for dovecot FEDORA-2008-9202
9462| [860663] Fedora Update for dovecot FEDORA-2008-2475
9463| [860169] Fedora Update for dovecot FEDORA-2008-2464
9464| [860089] Fedora Update for dovecot FEDORA-2008-9232
9465| [840950] Ubuntu Update for dovecot USN-1295-1
9466| [840668] Ubuntu Update for dovecot USN-1143-1
9467| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9468| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9469| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9470| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9471| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9472| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
9473| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
9474| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
9475| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9476| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9477| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
9478| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9479| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9480| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9481| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9482| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
9483| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9484| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9485| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
9486| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
9487| [70259] FreeBSD Ports: dovecot
9488| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
9489| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9490| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
9491| [66522] FreeBSD Ports: dovecot
9492| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
9493| [66233] SLES10: Security update for Cyrus IMAPD
9494| [66226] SLES11: Security update for Cyrus IMAPD
9495| [66222] SLES9: Security update for Cyrus IMAPD
9496| [65938] SLES10: Security update for Cyrus IMAPD
9497| [65723] SLES11: Security update for Cyrus IMAPD
9498| [65523] SLES9: Security update for Cyrus IMAPD
9499| [65479] SLES9: Security update for cyrus-imapd
9500| [65094] SLES9: Security update for cyrus-imapd
9501| [65010] Ubuntu USN-838-1 (dovecot)
9502| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
9503| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9504| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
9505| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
9506| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
9507| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9508| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9509| [64898] FreeBSD Ports: cyrus-imapd
9510| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
9511| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9512| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
9513| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
9514| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
9515| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
9516| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9517| [62854] FreeBSD Ports: dovecot-managesieve
9518| [61916] FreeBSD Ports: dovecot
9519| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9520| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9521| [60528] FreeBSD Ports: dovecot
9522| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9523| [60089] FreeBSD Ports: dovecot
9524| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9525| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9526| [55807] Slackware Advisory SSA:2005-310-06 imapd
9527| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
9528| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
9529| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
9530| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
9531| [52297] FreeBSD Ports: cyrus-imapd
9532| [52296] FreeBSD Ports: cyrus-imapd
9533| [52295] FreeBSD Ports: cyrus-imapd
9534| [52294] FreeBSD Ports: cyrus-imapd
9535| [52172] FreeBSD Ports: cyrus-imapd
9536|
9537| SecurityTracker - https://www.securitytracker.com:
9538| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9539| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9540| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9541| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
9542|
9543| OSVDB - http://www.osvdb.org:
9544| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9545| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9546| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9547| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9548| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
9549| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9550| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
9551| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9552| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9553| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9554| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9555| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9556| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9557| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9558| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9559| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9560| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9561| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9562| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9563| [66110] Dovecot Multiple Unspecified Buffer Overflows
9564| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9565| [64783] Dovecot E-mail Message Header Unspecified DoS
9566| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9567| [62796] Dovecot mbox Format Email Header Handling DoS
9568| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9569| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9570| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
9571| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
9572| [52906] UW-imapd c-client Initial Request Remote Format String
9573| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
9574| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
9575| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9576| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9577| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
9578| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
9579| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9580| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9581| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9582| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9583| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9584| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
9585| [39876] Dovecot LDAP Auth Cache Security Bypass
9586| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
9587| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9588| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9589| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
9590| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
9591| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
9592| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9593| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9594| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9595| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9596| [23280] Dovecot Malformed APPEND Command DoS
9597| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
9598| [13242] UW-imapd CRAM-MD5 Authentication Bypass
9599| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
9600| [12042] UoW imapd Multiple Unspecified Overflows
9601| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
9602| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9603| [911] UoW imapd AUTHENTICATE Command Remote Overflow
9604| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
9605| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
9606|_
9607443/tcp open ssl/http Apache httpd
9608|_http-server-header: Apache
9609| vulscan: VulDB - https://vuldb.com:
9610| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
9611| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
9612| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
9613| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
9614| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
9615| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
9616| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
9617| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
9618| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
9619| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
9620| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
9621| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
9622| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
9623| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
9624| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
9625| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
9626| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
9627| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
9628| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
9629| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
9630| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
9631| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
9632| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
9633| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
9634| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9635| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
9636| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
9637| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
9638| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
9639| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
9640| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
9641| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
9642| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9643| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9644| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
9645| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9646| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
9647| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
9648| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
9649| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
9650| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9651| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9652| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
9653| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
9654| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
9655| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9656| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9657| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
9658| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
9659| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9660| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9661| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
9662| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
9663| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
9664| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
9665| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
9666| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
9667| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
9668| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
9669| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
9670| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
9671| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9672| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9673| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
9674| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
9675| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9676| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
9677| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
9678| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
9679| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
9680| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
9681| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
9682| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
9683| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
9684| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
9685| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
9686| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
9687| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
9688| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
9689| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
9690| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
9691| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
9692| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
9693| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
9694| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
9695| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
9696| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
9697| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
9698| [136370] Apache Fineract up to 1.2.x sql injection
9699| [136369] Apache Fineract up to 1.2.x sql injection
9700| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
9701| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
9702| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
9703| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
9704| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
9705| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9706| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9707| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9708| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9709| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9710| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9711| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9712| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9713| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9714| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9715| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9716| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9717| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9718| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9719| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9720| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9721| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9722| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9723| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9724| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9725| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9726| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9727| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9728| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9729| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9730| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9731| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9732| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9733| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9734| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9735| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9736| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9737| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9738| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9739| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9740| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9741| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9742| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9743| [130629] Apache Guacamole Cookie Flag weak encryption
9744| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9745| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9746| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9747| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9748| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9749| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9750| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9751| [130123] Apache Airflow up to 1.8.2 information disclosure
9752| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9753| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9754| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9755| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9756| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9757| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9758| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9759| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9760| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9761| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9762| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9763| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9764| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9765| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9766| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9767| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9768| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9769| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9770| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9771| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9772| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9773| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9774| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9775| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9776| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9777| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9778| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9779| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9780| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9781| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9782| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9783| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9784| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9785| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9786| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9787| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9788| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9789| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9790| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9791| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9792| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9793| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9794| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9795| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9796| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9797| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9798| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9799| [127007] Apache Spark Request Code Execution
9800| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9801| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9802| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9803| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9804| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9805| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9806| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9807| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9808| [126346] Apache Tomcat Path privilege escalation
9809| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9810| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9811| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9812| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9813| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9814| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9815| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9816| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9817| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9818| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9819| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9820| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9821| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9822| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9823| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9824| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9825| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9826| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9827| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9828| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9829| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9830| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9831| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9832| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9833| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9834| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9835| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9836| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9837| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9838| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9839| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9840| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9841| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9842| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9843| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9844| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9845| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9846| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9847| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9848| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9849| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9850| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9851| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9852| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9853| [123197] Apache Sentry up to 2.0.0 privilege escalation
9854| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9855| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9856| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9857| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9858| [122800] Apache Spark 1.3.0 REST API weak authentication
9859| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9860| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9861| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9862| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9863| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9864| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9865| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9866| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9867| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9868| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9869| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9870| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9871| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9872| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9873| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9874| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9875| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9876| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9877| [121354] Apache CouchDB HTTP API Code Execution
9878| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9879| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9880| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9881| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9882| [120168] Apache CXF weak authentication
9883| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9884| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9885| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9886| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9887| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9888| [119306] Apache MXNet Network Interface privilege escalation
9889| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9890| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9891| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9892| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9893| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9894| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9895| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9896| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9897| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9898| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9899| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9900| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9901| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9902| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9903| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9904| [117115] Apache Tika up to 1.17 tika-server command injection
9905| [116929] Apache Fineract getReportType Parameter privilege escalation
9906| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9907| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9908| [116926] Apache Fineract REST Parameter privilege escalation
9909| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9910| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9911| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9912| [115883] Apache Hive up to 2.3.2 privilege escalation
9913| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9914| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9915| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9916| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9917| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9918| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9919| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9920| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9921| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9922| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9923| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9924| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9925| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9926| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9927| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9928| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9929| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9930| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9931| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9932| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9933| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9934| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9935| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9936| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9937| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9938| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9939| [113895] Apache Geode up to 1.3.x Code Execution
9940| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9941| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9942| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9943| [113747] Apache Tomcat Servlets privilege escalation
9944| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9945| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9946| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9947| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9948| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9949| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9950| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9951| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9952| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9953| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9954| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9955| [112885] Apache Allura up to 1.8.0 File information disclosure
9956| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9957| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9958| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9959| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9960| [112625] Apache POI up to 3.16 Loop denial of service
9961| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9962| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9963| [112339] Apache NiFi 1.5.0 Header privilege escalation
9964| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9965| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9966| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9967| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9968| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9969| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9970| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9971| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9972| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9973| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9974| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9975| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9976| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9977| [112114] Oracle 9.1 Apache Log4j privilege escalation
9978| [112113] Oracle 9.1 Apache Log4j privilege escalation
9979| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9980| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9981| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9982| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9983| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9984| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9985| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9986| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9987| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9988| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9989| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9990| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9991| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9992| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9993| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9994| [110701] Apache Fineract Query Parameter sql injection
9995| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9996| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9997| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9998| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9999| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
10000| [110106] Apache CXF Fediz Spring cross site request forgery
10001| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
10002| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
10003| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
10004| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
10005| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
10006| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
10007| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
10008| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
10009| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
10010| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
10011| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
10012| [108938] Apple macOS up to 10.13.1 apache denial of service
10013| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
10014| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
10015| [108935] Apple macOS up to 10.13.1 apache denial of service
10016| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
10017| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
10018| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
10019| [108931] Apple macOS up to 10.13.1 apache denial of service
10020| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
10021| [108929] Apple macOS up to 10.13.1 apache denial of service
10022| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
10023| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
10024| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
10025| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
10026| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
10027| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
10028| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
10029| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
10030| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
10031| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
10032| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
10033| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
10034| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
10035| [108782] Apache Xerces2 XML Service denial of service
10036| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
10037| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
10038| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
10039| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
10040| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
10041| [108629] Apache OFBiz up to 10.04.01 privilege escalation
10042| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
10043| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
10044| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
10045| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
10046| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
10047| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
10048| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
10049| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
10050| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
10051| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
10052| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
10053| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
10054| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
10055| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
10056| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
10057| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
10058| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
10059| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
10060| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
10061| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
10062| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
10063| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
10064| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
10065| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
10066| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
10067| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
10068| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
10069| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
10070| [107639] Apache NiFi 1.4.0 XML External Entity
10071| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
10072| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
10073| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
10074| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
10075| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
10076| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
10077| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
10078| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
10079| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
10080| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
10081| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
10082| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
10083| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
10084| [107197] Apache Xerces Jelly Parser XML File XML External Entity
10085| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
10086| [107084] Apache Struts up to 2.3.19 cross site scripting
10087| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
10088| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
10089| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
10090| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
10091| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
10092| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
10093| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
10094| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
10095| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
10096| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
10097| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
10098| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
10099| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
10100| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
10101| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
10102| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
10103| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
10104| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
10105| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
10106| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
10107| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
10108| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
10109| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
10110| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
10111| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
10112| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
10113| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
10114| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
10115| [105878] Apache Struts up to 2.3.24.0 privilege escalation
10116| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
10117| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
10118| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
10119| [105643] Apache Pony Mail up to 0.8b weak authentication
10120| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
10121| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
10122| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
10123| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
10124| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
10125| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
10126| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
10127| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
10128| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
10129| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
10130| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
10131| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
10132| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
10133| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
10134| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
10135| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
10136| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
10137| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
10138| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
10139| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
10140| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
10141| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
10142| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
10143| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
10144| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
10145| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
10146| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
10147| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
10148| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
10149| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
10150| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
10151| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
10152| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
10153| [103690] Apache OpenMeetings 1.0.0 sql injection
10154| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
10155| [103688] Apache OpenMeetings 1.0.0 weak encryption
10156| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
10157| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
10158| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
10159| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
10160| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
10161| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
10162| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
10163| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
10164| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
10165| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
10166| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
10167| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
10168| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
10169| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
10170| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
10171| [103352] Apache Solr Node weak authentication
10172| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
10173| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
10174| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
10175| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
10176| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
10177| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
10178| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
10179| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
10180| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
10181| [102536] Apache Ranger up to 0.6 Stored cross site scripting
10182| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
10183| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
10184| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
10185| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
10186| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
10187| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
10188| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
10189| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
10190| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
10191| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
10192| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
10193| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
10194| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
10195| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
10196| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
10197| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
10198| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
10199| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
10200| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
10201| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
10202| [99937] Apache Batik up to 1.8 privilege escalation
10203| [99936] Apache FOP up to 2.1 privilege escalation
10204| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
10205| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
10206| [99930] Apache Traffic Server up to 6.2.0 denial of service
10207| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
10208| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
10209| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
10210| [117569] Apache Hadoop up to 2.7.3 privilege escalation
10211| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
10212| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
10213| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
10214| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
10215| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
10216| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
10217| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
10218| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
10219| [99014] Apache Camel Jackson/JacksonXML privilege escalation
10220| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10221| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
10222| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10223| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
10224| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
10225| [98605] Apple macOS up to 10.12.3 Apache denial of service
10226| [98604] Apple macOS up to 10.12.3 Apache denial of service
10227| [98603] Apple macOS up to 10.12.3 Apache denial of service
10228| [98602] Apple macOS up to 10.12.3 Apache denial of service
10229| [98601] Apple macOS up to 10.12.3 Apache denial of service
10230| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
10231| [98405] Apache Hadoop up to 0.23.10 privilege escalation
10232| [98199] Apache Camel Validation XML External Entity
10233| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
10234| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
10235| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
10236| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
10237| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
10238| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
10239| [97081] Apache Tomcat HTTPS Request denial of service
10240| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
10241| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
10242| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
10243| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
10244| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
10245| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
10246| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
10247| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
10248| [95311] Apache Storm UI Daemon privilege escalation
10249| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
10250| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
10251| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
10252| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
10253| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
10254| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
10255| [94540] Apache Tika 1.9 tika-server File information disclosure
10256| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
10257| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
10258| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
10259| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
10260| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
10261| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
10262| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10263| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10264| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
10265| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
10266| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
10267| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
10268| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
10269| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
10270| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10271| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10272| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
10273| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
10274| [93532] Apache Commons Collections Library Java privilege escalation
10275| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
10276| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
10277| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
10278| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
10279| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
10280| [93098] Apache Commons FileUpload privilege escalation
10281| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
10282| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
10283| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
10284| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
10285| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
10286| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
10287| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
10288| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
10289| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
10290| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
10291| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
10292| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
10293| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
10294| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
10295| [92549] Apache Tomcat on Red Hat privilege escalation
10296| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
10297| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
10298| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
10299| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
10300| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
10301| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
10302| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
10303| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
10304| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
10305| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
10306| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
10307| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
10308| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
10309| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
10310| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
10311| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
10312| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
10313| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
10314| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
10315| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
10316| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
10317| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
10318| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
10319| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
10320| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
10321| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
10322| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
10323| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
10324| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
10325| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
10326| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
10327| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
10328| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
10329| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
10330| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
10331| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
10332| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
10333| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
10334| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
10335| [90263] Apache Archiva Header denial of service
10336| [90262] Apache Archiva Deserialize privilege escalation
10337| [90261] Apache Archiva XML DTD Connection privilege escalation
10338| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
10339| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
10340| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
10341| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
10342| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10343| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10344| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
10345| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
10346| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
10347| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
10348| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
10349| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
10350| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
10351| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
10352| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
10353| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
10354| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
10355| [87765] Apache James Server 2.3.2 Command privilege escalation
10356| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
10357| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
10358| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
10359| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
10360| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
10361| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
10362| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
10363| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
10364| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
10365| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10366| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10367| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
10368| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
10369| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
10370| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10371| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10372| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
10373| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
10374| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
10375| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
10376| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
10377| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
10378| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
10379| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
10380| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
10381| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
10382| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
10383| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
10384| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
10385| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
10386| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
10387| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
10388| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
10389| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
10390| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
10391| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
10392| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
10393| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
10394| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
10395| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
10396| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
10397| [82076] Apache Ranger up to 0.5.1 privilege escalation
10398| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
10399| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
10400| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
10401| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
10402| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
10403| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
10404| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
10405| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
10406| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
10407| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
10408| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
10409| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
10410| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10411| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10412| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
10413| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
10414| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
10415| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
10416| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
10417| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
10418| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
10419| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
10420| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
10421| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
10422| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
10423| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
10424| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
10425| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
10426| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
10427| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
10428| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
10429| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
10430| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
10431| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
10432| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
10433| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
10434| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
10435| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
10436| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
10437| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
10438| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
10439| [79791] Cisco Products Apache Commons Collections Library privilege escalation
10440| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10441| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10442| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
10443| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
10444| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
10445| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
10446| [78989] Apache Ambari up to 2.1.1 Open Redirect
10447| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
10448| [78987] Apache Ambari up to 2.0.x cross site scripting
10449| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
10450| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10451| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10452| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10453| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10454| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10455| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10456| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10457| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
10458| [77406] Apache Flex BlazeDS AMF Message XML External Entity
10459| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
10460| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
10461| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
10462| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
10463| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
10464| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
10465| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
10466| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
10467| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
10468| [76567] Apache Struts 2.3.20 unknown vulnerability
10469| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
10470| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
10471| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
10472| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
10473| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
10474| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
10475| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
10476| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
10477| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
10478| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
10479| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
10480| [74793] Apache Tomcat File Upload denial of service
10481| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
10482| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
10483| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
10484| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
10485| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
10486| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
10487| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
10488| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
10489| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
10490| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
10491| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
10492| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
10493| [74468] Apache Batik up to 1.6 denial of service
10494| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
10495| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
10496| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
10497| [74174] Apache WSS4J up to 2.0.0 privilege escalation
10498| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
10499| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
10500| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
10501| [73731] Apache XML Security unknown vulnerability
10502| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
10503| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
10504| [73593] Apache Traffic Server up to 5.1.0 denial of service
10505| [73511] Apache POI up to 3.10 Deadlock denial of service
10506| [73510] Apache Solr up to 4.3.0 cross site scripting
10507| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
10508| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
10509| [73173] Apache CloudStack Stack-Based unknown vulnerability
10510| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
10511| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
10512| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
10513| [72890] Apache Qpid 0.30 unknown vulnerability
10514| [72887] Apache Hive 0.13.0 File Permission privilege escalation
10515| [72878] Apache Cordova 3.5.0 cross site request forgery
10516| [72877] Apache Cordova 3.5.0 cross site request forgery
10517| [72876] Apache Cordova 3.5.0 cross site request forgery
10518| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
10519| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
10520| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
10521| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
10522| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10523| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10524| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
10525| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
10526| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
10527| [71629] Apache Axis2/C spoofing
10528| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
10529| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
10530| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
10531| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
10532| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
10533| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10534| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10535| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10536| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10537| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10538| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10539| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10540| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10541| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10542| [70809] Apache POI up to 3.11 Crash denial of service
10543| [70808] Apache POI up to 3.10 unknown vulnerability
10544| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10545| [70749] Apache Axis up to 1.4 getCN spoofing
10546| [70701] Apache Traffic Server up to 3.3.5 denial of service
10547| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10548| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10549| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10550| [70661] Apache Subversion up to 1.6.17 denial of service
10551| [70660] Apache Subversion up to 1.6.17 spoofing
10552| [70659] Apache Subversion up to 1.6.17 spoofing
10553| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10554| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10555| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10556| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10557| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10558| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10559| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10560| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10561| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10562| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10563| [69846] Apache HBase up to 0.94.8 information disclosure
10564| [69783] Apache CouchDB up to 1.2.0 memory corruption
10565| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10566| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
10567| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10568| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10569| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10570| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10571| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10572| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10573| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10574| [69431] Apache Archiva up to 1.3.6 cross site scripting
10575| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10576| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10577| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
10578| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10579| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10580| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10581| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10582| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10583| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10584| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10585| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10586| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10587| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10588| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10589| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10590| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10591| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10592| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10593| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10594| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10595| [66356] Apache Wicket up to 6.8.0 information disclosure
10596| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10597| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10598| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10599| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10600| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10601| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10602| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10603| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10604| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10605| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10606| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10607| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10608| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10609| [65668] Apache Solr 4.0.0 Updater denial of service
10610| [65665] Apache Solr up to 4.3.0 denial of service
10611| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10612| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10613| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10614| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10615| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10616| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10617| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10618| [65410] Apache Struts 2.3.15.3 cross site scripting
10619| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10620| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10621| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10622| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10623| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10624| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10625| [65340] Apache Shindig 2.5.0 information disclosure
10626| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10627| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10628| [10826] Apache Struts 2 File privilege escalation
10629| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10630| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10631| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10632| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10633| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
10634| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10635| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10636| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10637| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10638| [64722] Apache XML Security for C++ Heap-based memory corruption
10639| [64719] Apache XML Security for C++ Heap-based memory corruption
10640| [64718] Apache XML Security for C++ verify denial of service
10641| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10642| [64716] Apache XML Security for C++ spoofing
10643| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10644| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10645| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10646| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10647| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10648| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10649| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10650| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10651| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10652| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10653| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10654| [64467] Apache Geronimo 3.0 memory corruption
10655| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10656| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10657| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10658| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10659| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10660| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10661| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10662| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10663| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10664| [8873] Apache Struts 2.3.14 privilege escalation
10665| [8872] Apache Struts 2.3.14 privilege escalation
10666| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10667| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10668| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10669| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10670| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10671| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10672| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10673| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10674| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10675| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10676| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10677| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10678| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10679| [8427] Apache Tomcat Session Transaction weak authentication
10680| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10681| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10682| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10683| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10684| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10685| [63747] Apache Rave up to 0.20 User Account information disclosure
10686| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10687| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10688| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10689| [7687] Apache CXF up to 2.7.2 Token weak authentication
10690| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10691| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10692| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10693| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10694| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10695| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10696| [63090] Apache Tomcat up to 4.1.24 denial of service
10697| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10698| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10699| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10700| [62833] Apache CXF -/2.6.0 spoofing
10701| [62832] Apache Axis2 up to 1.6.2 spoofing
10702| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10703| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10704| [62826] Apache Libcloud up to 0.11.0 spoofing
10705| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10706| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10707| [62661] Apache Axis2 unknown vulnerability
10708| [62658] Apache Axis2 unknown vulnerability
10709| [62467] Apache Qpid up to 0.17 denial of service
10710| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10711| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10712| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10713| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10714| [62035] Apache Struts up to 2.3.4 denial of service
10715| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
10716| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10717| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10718| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10719| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10720| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10721| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10722| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10723| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10724| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10725| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10726| [61229] Apache Sling up to 2.1.1 denial of service
10727| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10728| [61094] Apache Roller up to 5.0 cross site scripting
10729| [61093] Apache Roller up to 5.0 cross site request forgery
10730| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10731| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10732| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
10733| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10734| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10735| [60708] Apache Qpid 0.12 unknown vulnerability
10736| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10737| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10738| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10739| [4882] Apache Wicket up to 1.5.4 directory traversal
10740| [4881] Apache Wicket up to 1.4.19 cross site scripting
10741| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10742| [60352] Apache Struts up to 2.2.3 memory corruption
10743| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10744| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10745| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10746| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10747| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10748| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10749| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10750| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10751| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10752| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10753| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10754| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10755| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10756| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10757| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10758| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10759| [59888] Apache Tomcat up to 6.0.6 denial of service
10760| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10761| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10762| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
10763| [59850] Apache Geronimo up to 2.2.1 denial of service
10764| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10765| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10766| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10767| [58413] Apache Tomcat up to 6.0.10 spoofing
10768| [58381] Apache Wicket up to 1.4.17 cross site scripting
10769| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10770| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10771| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10772| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10773| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10774| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10775| [57568] Apache Archiva up to 1.3.4 cross site scripting
10776| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10777| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10778| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10779| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10780| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10781| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10782| [57025] Apache Tomcat up to 7.0.11 information disclosure
10783| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10784| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10785| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10786| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10787| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10788| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10789| [56512] Apache Continuum up to 1.4.0 cross site scripting
10790| [4285] Apache Tomcat 5.x JVM getLocale denial of service
10791| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
10792| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10793| [56441] Apache Tomcat up to 7.0.6 denial of service
10794| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10795| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10796| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10797| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10798| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10799| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10800| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10801| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10802| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10803| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10804| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10805| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10806| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10807| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10808| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10809| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10810| [54012] Apache Tomcat up to 6.0.10 denial of service
10811| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10812| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10813| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10814| [52894] Apache Tomcat up to 6.0.7 information disclosure
10815| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10816| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10817| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10818| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10819| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10820| [52584] Apache CouchDB up to 0.10.1 information disclosure
10821| [51757] Apache HTTP Server 2.0.44 cross site scripting
10822| [51756] Apache HTTP Server 2.0.44 spoofing
10823| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10824| [51690] Apache Tomcat up to 6.0 directory traversal
10825| [51689] Apache Tomcat up to 6.0 information disclosure
10826| [51688] Apache Tomcat up to 6.0 directory traversal
10827| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10828| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10829| [50626] Apache Solr 1.0.0 cross site scripting
10830| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10831| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10832| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10833| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10834| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10835| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10836| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10837| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10838| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10839| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10840| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10841| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10842| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10843| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10844| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10845| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10846| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10847| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10848| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10849| [47214] Apachefriends xampp 1.6.8 spoofing
10850| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10851| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10852| [47065] Apache Tomcat 4.1.23 cross site scripting
10853| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10854| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10855| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10856| [86625] Apache Struts directory traversal
10857| [44461] Apache Tomcat up to 5.5.0 information disclosure
10858| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10859| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10860| [43663] Apache Tomcat up to 6.0.16 directory traversal
10861| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10862| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10863| [43516] Apache Tomcat up to 4.1.20 directory traversal
10864| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10865| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10866| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10867| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10868| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10869| [40924] Apache Tomcat up to 6.0.15 information disclosure
10870| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10871| [40922] Apache Tomcat up to 6.0 information disclosure
10872| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10873| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10874| [40656] Apache Tomcat 5.5.20 information disclosure
10875| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10876| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10877| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10878| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10879| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10880| [40234] Apache Tomcat up to 6.0.15 directory traversal
10881| [40221] Apache HTTP Server 2.2.6 information disclosure
10882| [40027] David Castro Apache Authcas 0.4 sql injection
10883| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
10884| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10885| [3414] Apache Tomcat WebDAV Stored privilege escalation
10886| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10887| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10888| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10889| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10890| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10891| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10892| [38524] Apache Geronimo 2.0 unknown vulnerability
10893| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10894| [38331] Apache Tomcat 4.1.24 information disclosure
10895| [38330] Apache Tomcat 4.1.24 information disclosure
10896| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10897| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10898| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10899| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10900| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10901| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10902| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10903| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10904| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10905| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10906| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10907| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10908| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10909| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10910| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10911| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10912| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10913| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10914| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10915| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10916| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10917| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10918| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10919| [34252] Apache HTTP Server denial of service
10920| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10921| [33877] Apache Opentaps 0.9.3 cross site scripting
10922| [33876] Apache Open For Business Project unknown vulnerability
10923| [33875] Apache Open For Business Project cross site scripting
10924| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
10925| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10926|
10927| MITRE CVE - https://cve.mitre.org:
10928| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10929| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10930| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10931| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10932| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10933| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10934| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10935| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10936| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10937| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10938| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10939| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10940| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10941| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10942| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10943| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10944| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10945| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10946| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10947| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10948| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10949| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10950| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10951| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10952| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10953| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10954| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10955| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10956| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10957| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10958| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10959| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10960| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10961| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10962| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10963| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10964| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10965| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10966| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10967| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10968| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10969| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10970| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10971| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10972| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10973| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10974| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10975| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10976| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10977| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10978| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10979| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10980| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10981| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10982| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10983| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10984| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10985| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10986| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10987| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10988| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10989| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10990| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10991| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10992| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10993| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10994| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10995| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10996| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10997| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10998| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10999| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
11000| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
11001| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
11002| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
11003| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
11004| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
11005| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
11006| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
11007| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
11008| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
11009| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
11010| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
11011| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
11012| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
11013| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
11014| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
11015| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
11016| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
11017| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
11018| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
11019| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
11020| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
11021| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
11022| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
11023| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
11024| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
11025| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
11026| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
11027| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
11028| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
11029| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
11030| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
11031| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
11032| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
11033| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
11034| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
11035| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
11036| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
11037| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
11038| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
11039| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
11040| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
11041| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
11042| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
11043| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
11044| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
11045| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
11046| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
11047| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
11048| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
11049| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
11050| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
11051| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
11052| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
11053| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
11054| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
11055| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
11056| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
11057| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
11058| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
11059| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
11060| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
11061| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
11062| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
11063| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
11064| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
11065| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
11066| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
11067| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
11068| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
11069| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
11070| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
11071| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
11072| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
11073| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
11074| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
11075| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
11076| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
11077| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
11078| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
11079| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
11080| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
11081| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
11082| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
11083| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
11084| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
11085| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
11086| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
11087| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
11088| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
11089| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
11090| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
11091| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11092| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
11093| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
11094| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
11095| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
11096| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
11097| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
11098| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
11099| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
11100| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
11101| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
11102| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
11103| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
11104| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
11105| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
11106| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
11107| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11108| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
11109| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
11110| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
11111| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
11112| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
11113| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
11114| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
11115| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
11116| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
11117| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
11118| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
11119| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
11120| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
11121| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
11122| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
11123| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
11124| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
11125| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
11126| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
11127| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
11128| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
11129| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
11130| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
11131| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
11132| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
11133| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
11134| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
11135| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
11136| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
11137| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
11138| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
11139| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
11140| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
11141| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
11142| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
11143| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
11144| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
11145| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
11146| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
11147| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
11148| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11149| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
11150| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
11151| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
11152| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
11153| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
11154| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
11155| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
11156| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
11157| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
11158| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
11159| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
11160| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
11161| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
11162| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
11163| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
11164| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
11165| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
11166| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
11167| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
11168| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
11169| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
11170| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
11171| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
11172| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
11173| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
11174| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
11175| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
11176| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
11177| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
11178| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
11179| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
11180| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
11181| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
11182| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
11183| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
11184| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
11185| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
11186| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
11187| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
11188| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
11189| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
11190| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
11191| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
11192| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
11193| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
11194| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
11195| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
11196| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
11197| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11198| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
11199| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
11200| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
11201| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
11202| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
11203| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
11204| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
11205| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
11206| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
11207| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
11208| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
11209| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
11210| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
11211| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
11212| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
11213| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
11214| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
11215| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
11216| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
11217| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
11218| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
11219| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
11220| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
11221| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11222| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11223| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
11224| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
11225| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
11226| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
11227| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
11228| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
11229| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
11230| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
11231| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
11232| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
11233| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11234| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11235| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
11236| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
11237| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
11238| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11239| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
11240| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
11241| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
11242| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
11243| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
11244| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
11245| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
11246| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
11247| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11248| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
11249| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
11250| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
11251| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
11252| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
11253| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
11254| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
11255| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
11256| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
11257| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
11258| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
11259| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
11260| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
11261| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
11262| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
11263| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
11264| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
11265| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
11266| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
11267| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
11268| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
11269| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
11270| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
11271| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
11272| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
11273| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
11274| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
11275| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11276| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11277| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
11278| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
11279| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
11280| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11281| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
11282| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
11283| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
11284| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
11285| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
11286| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
11287| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
11288| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
11289| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
11290| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
11291| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
11292| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
11293| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
11294| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11295| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11296| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
11297| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
11298| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
11299| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
11300| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
11301| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
11302| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
11303| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11304| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
11305| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11306| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
11307| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
11308| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
11309| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11310| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
11311| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11312| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
11313| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
11314| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11315| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
11316| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
11317| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
11318| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
11319| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
11320| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
11321| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
11322| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
11323| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11324| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
11325| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
11326| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
11327| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
11328| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
11329| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
11330| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
11331| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
11332| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
11333| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
11334| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
11335| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
11336| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
11337| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
11338| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
11339| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
11340| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
11341| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
11342| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
11343| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
11344| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
11345| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11346| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11347| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
11348| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
11349| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
11350| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
11351| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
11352| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
11353| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
11354| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
11355| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
11356| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
11357| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
11358| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
11359| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
11360| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
11361| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
11362| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
11363| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
11364| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
11365| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
11366| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
11367| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
11368| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
11369| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
11370| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11371| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11372| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11373| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
11374| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
11375| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
11376| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
11377| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
11378| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
11379| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
11380| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
11381| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
11382| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
11383| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
11384| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
11385| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
11386| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
11387| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
11388| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11389| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11390| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
11391| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
11392| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
11393| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
11394| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
11395| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
11396| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
11397| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
11398| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
11399| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
11400| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
11401| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
11402| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
11403| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
11404| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
11405| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
11406| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
11407| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
11408| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
11409| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
11410| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
11411| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
11412| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
11413| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
11414| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
11415| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11416| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11417| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
11418| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
11419| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
11420| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
11421| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
11422| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
11423| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
11424| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
11425| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
11426| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
11427| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
11428| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
11429| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
11430| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
11431| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
11432| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
11433| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
11434| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
11435| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
11436| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
11437| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
11438| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
11439| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
11440| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
11441| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
11442| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
11443| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
11444| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
11445| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
11446| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
11447| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
11448| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
11449| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
11450| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
11451| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
11452| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
11453| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
11454| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
11455| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
11456| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
11457| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
11458| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
11459| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
11460| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
11461| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
11462| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11463| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
11464| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
11465| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
11466| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
11467| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
11468| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
11469| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
11470| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
11471| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
11472| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
11473| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
11474| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
11475| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
11476| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
11477| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
11478| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
11479| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
11480| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
11481| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
11482| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
11483| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
11484| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
11485| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
11486| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
11487| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
11488| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
11489| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
11490| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
11491| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
11492| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
11493| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
11494| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
11495| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
11496| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
11497| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
11498| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
11499| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
11500| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
11501| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
11502| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
11503| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
11504| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
11505| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
11506| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
11507| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
11508| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
11509| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
11510| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
11511| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
11512| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
11513| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
11514| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
11515| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
11516| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
11517| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
11518| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
11519| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
11520| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
11521| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
11522| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
11523| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
11524| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11525| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
11526| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11527| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11528| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11529| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11530| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11531| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11532| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11533| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11534| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11535| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11536| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11537|
11538| SecurityFocus - https://www.securityfocus.com/bid/:
11539| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11540| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11541| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11542| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11543| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11544| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11545| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11546| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11547| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11548| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11549| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11550| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11551| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11552| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11553| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11554| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11555| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11556| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11557| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11558| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11559| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11560| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11561| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11562| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11563| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11564| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11565| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11566| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11567| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11568| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11569| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11570| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11571| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11572| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11573| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11574| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11575| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11576| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11577| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11578| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11579| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11580| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11581| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11582| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11583| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11584| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11585| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11586| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11587| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11588| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11589| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11590| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11591| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11592| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11593| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11594| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11595| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11596| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11597| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11598| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
11599| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11600| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11601| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11602| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11603| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11604| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11605| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11606| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11607| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11608| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11609| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11610| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11611| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11612| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11613| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11614| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11615| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11616| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11617| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11618| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11619| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11620| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11621| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11622| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
11623| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11624| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11625| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11626| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11627| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11628| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11629| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11630| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11631| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11632| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11633| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11634| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11635| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11636| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11637| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11638| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11639| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11640| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11641| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11642| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11643| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11644| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11645| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11646| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11647| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11648| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11649| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11650| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11651| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11652| [100447] Apache2Triad Multiple Security Vulnerabilities
11653| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11654| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11655| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11656| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11657| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11658| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11659| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11660| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11661| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11662| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11663| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11664| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11665| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11666| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11667| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11668| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11669| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11670| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11671| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11672| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11673| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11674| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11675| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11676| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11677| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11678| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11679| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11680| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11681| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11682| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11683| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11684| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11685| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11686| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11687| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11688| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11689| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11690| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11691| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11692| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11693| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11694| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11695| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11696| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11697| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11698| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11699| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11700| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11701| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11702| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11703| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11704| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11705| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11706| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11707| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11708| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11709| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11710| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11711| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11712| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11713| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11714| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11715| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11716| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11717| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11718| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11719| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11720| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11721| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11722| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11723| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11724| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11725| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11726| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11727| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11728| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11729| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11730| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11731| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11732| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11733| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11734| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11735| [95675] Apache Struts Remote Code Execution Vulnerability
11736| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11737| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11738| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11739| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11740| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11741| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11742| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11743| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11744| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11745| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11746| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11747| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11748| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11749| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11750| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11751| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11752| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11753| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11754| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11755| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11756| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11757| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11758| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11759| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11760| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11761| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11762| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11763| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11764| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11765| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11766| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11767| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11768| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11769| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11770| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11771| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11772| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11773| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11774| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11775| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11776| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11777| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11778| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11779| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11780| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11781| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11782| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11783| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11784| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11785| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11786| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11787| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11788| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11789| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11790| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11791| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11792| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11793| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11794| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11795| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11796| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11797| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11798| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11799| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11800| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11801| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11802| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11803| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11804| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11805| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11806| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11807| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11808| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11809| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11810| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11811| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11812| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11813| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11814| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11815| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11816| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11817| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11818| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11819| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11820| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11821| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11822| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11823| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11824| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11825| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11826| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11827| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11828| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11829| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11830| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11831| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11832| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11833| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11834| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11835| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11836| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11837| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11838| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11839| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11840| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11841| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11842| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11843| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11844| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11845| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11846| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11847| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11848| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11849| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11850| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11851| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11852| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11853| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11854| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11855| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11856| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11857| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11858| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11859| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11860| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11861| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11862| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11863| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11864| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11865| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11866| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11867| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11868| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11869| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11870| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11871| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11872| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11873| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11874| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11875| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11876| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11877| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11878| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11879| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11880| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11881| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11882| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11883| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11884| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11885| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11886| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11887| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11888| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11889| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11890| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11891| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11892| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11893| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11894| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11895| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11896| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11897| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11898| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11899| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11900| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11901| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11902| [76933] Apache James Server Unspecified Command Execution Vulnerability
11903| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11904| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11905| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11906| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11907| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11908| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11909| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11910| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11911| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11912| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11913| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11914| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11915| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11916| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11917| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11918| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11919| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11920| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11921| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11922| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11923| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11924| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11925| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11926| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11927| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11928| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11929| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11930| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11931| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11932| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11933| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11934| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11935| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11936| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11937| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11938| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11939| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11940| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11941| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11942| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11943| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11944| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11945| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11946| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11947| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11948| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11949| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11950| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11951| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11952| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11953| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11954| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11955| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11956| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11957| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11958| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11959| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11960| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11961| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11962| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11963| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11964| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11965| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11966| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11967| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11968| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11969| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11970| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11971| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11972| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11973| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11974| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11975| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11976| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11977| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11978| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11979| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11980| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11981| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11982| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11983| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11984| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11985| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11986| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11987| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11988| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11989| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11990| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11991| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11992| [68229] Apache Harmony PRNG Entropy Weakness
11993| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11994| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11995| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11996| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11997| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11998| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11999| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
12000| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
12001| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
12002| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
12003| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
12004| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
12005| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
12006| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
12007| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
12008| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
12009| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
12010| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
12011| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
12012| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
12013| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
12014| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
12015| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
12016| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
12017| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
12018| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
12019| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
12020| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
12021| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
12022| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
12023| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
12024| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
12025| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
12026| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
12027| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
12028| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
12029| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
12030| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
12031| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
12032| [64780] Apache CloudStack Unauthorized Access Vulnerability
12033| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
12034| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
12035| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
12036| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
12037| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
12038| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
12039| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
12040| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
12041| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
12042| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
12043| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
12044| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12045| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
12046| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
12047| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
12048| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
12049| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
12050| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
12051| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
12052| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
12053| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
12054| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
12055| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
12056| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
12057| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
12058| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
12059| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
12060| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
12061| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
12062| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
12063| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
12064| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
12065| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
12066| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
12067| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
12068| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
12069| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
12070| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
12071| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
12072| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
12073| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
12074| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
12075| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
12076| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
12077| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
12078| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
12079| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
12080| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
12081| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
12082| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
12083| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
12084| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
12085| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
12086| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
12087| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
12088| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
12089| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
12090| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
12091| [59670] Apache VCL Multiple Input Validation Vulnerabilities
12092| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
12093| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
12094| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
12095| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
12096| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
12097| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
12098| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
12099| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
12100| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
12101| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
12102| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
12103| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
12104| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
12105| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
12106| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
12107| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
12108| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
12109| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
12110| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
12111| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
12112| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
12113| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
12114| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
12115| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
12116| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
12117| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
12118| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
12119| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
12120| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
12121| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
12122| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
12123| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
12124| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
12125| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
12126| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
12127| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
12128| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
12129| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
12130| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
12131| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
12132| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
12133| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
12134| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
12135| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
12136| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
12137| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
12138| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
12139| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
12140| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
12141| [54798] Apache Libcloud Man In The Middle Vulnerability
12142| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
12143| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
12144| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
12145| [54189] Apache Roller Cross Site Request Forgery Vulnerability
12146| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
12147| [53880] Apache CXF Child Policies Security Bypass Vulnerability
12148| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
12149| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
12150| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
12151| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
12152| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
12153| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
12154| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
12155| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12156| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
12157| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
12158| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
12159| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
12160| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
12161| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
12162| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
12163| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
12164| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
12165| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
12166| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
12167| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
12168| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12169| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12170| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
12171| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
12172| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
12173| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
12174| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
12175| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
12176| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
12177| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12178| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
12179| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
12180| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
12181| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
12182| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12183| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12184| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
12185| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
12186| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12187| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
12188| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
12189| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
12190| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
12191| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
12192| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
12193| [49290] Apache Wicket Cross Site Scripting Vulnerability
12194| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
12195| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
12196| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
12197| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
12198| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
12199| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
12200| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
12201| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12202| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
12203| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
12204| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
12205| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
12206| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
12207| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
12208| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
12209| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
12210| [46953] Apache MPM-ITK Module Security Weakness
12211| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
12212| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
12213| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
12214| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
12215| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
12216| [46166] Apache Tomcat JVM Denial of Service Vulnerability
12217| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
12218| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12219| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
12220| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
12221| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
12222| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
12223| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
12224| [44616] Apache Shiro Directory Traversal Vulnerability
12225| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
12226| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
12227| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
12228| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
12229| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
12230| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12231| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
12232| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
12233| [42492] Apache CXF XML DTD Processing Security Vulnerability
12234| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
12235| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12236| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12237| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
12238| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
12239| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12240| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
12241| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
12242| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
12243| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12244| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12245| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
12246| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
12247| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12248| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
12249| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
12250| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
12251| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
12252| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
12253| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
12254| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
12255| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
12256| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
12257| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
12258| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
12259| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
12260| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
12261| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
12262| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
12263| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
12264| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12265| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
12266| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
12267| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
12268| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
12269| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12270| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
12271| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
12272| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
12273| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
12274| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
12275| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12276| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12277| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
12278| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
12279| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
12280| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
12281| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
12282| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
12283| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12284| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
12285| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
12286| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12287| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
12288| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
12289| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
12290| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
12291| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
12292| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
12293| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
12294| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12295| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
12296| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
12297| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
12298| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
12299| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
12300| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
12301| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
12302| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
12303| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
12304| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12305| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
12306| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12307| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
12308| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
12309| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
12310| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
12311| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
12312| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12313| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
12314| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
12315| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
12316| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
12317| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
12318| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
12319| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
12320| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
12321| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
12322| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
12323| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
12324| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
12325| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
12326| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
12327| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
12328| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
12329| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
12330| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
12331| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
12332| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
12333| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
12334| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
12335| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
12336| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12337| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
12338| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
12339| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
12340| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
12341| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
12342| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
12343| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
12344| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
12345| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
12346| [20527] Apache Mod_TCL Remote Format String Vulnerability
12347| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
12348| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
12349| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
12350| [19106] Apache Tomcat Information Disclosure Vulnerability
12351| [18138] Apache James SMTP Denial Of Service Vulnerability
12352| [17342] Apache Struts Multiple Remote Vulnerabilities
12353| [17095] Apache Log4Net Denial Of Service Vulnerability
12354| [16916] Apache mod_python FileSession Code Execution Vulnerability
12355| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
12356| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
12357| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
12358| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
12359| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
12360| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
12361| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
12362| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
12363| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
12364| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
12365| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
12366| [15177] PHP Apache 2 Local Denial of Service Vulnerability
12367| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
12368| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
12369| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
12370| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
12371| [14106] Apache HTTP Request Smuggling Vulnerability
12372| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
12373| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
12374| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
12375| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
12376| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
12377| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
12378| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
12379| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
12380| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
12381| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
12382| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
12383| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
12384| [11471] Apache mod_include Local Buffer Overflow Vulnerability
12385| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
12386| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
12387| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
12388| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
12389| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12390| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
12391| [11094] Apache mod_ssl Denial Of Service Vulnerability
12392| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
12393| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
12394| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
12395| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
12396| [10478] ClueCentral Apache Suexec Patch Security Weakness
12397| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
12398| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
12399| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
12400| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
12401| [9921] Apache Connection Blocking Denial Of Service Vulnerability
12402| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
12403| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
12404| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
12405| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
12406| [9733] Apache Cygwin Directory Traversal Vulnerability
12407| [9599] Apache mod_php Global Variables Information Disclosure Weakness
12408| [9590] Apache-SSL Client Certificate Forging Vulnerability
12409| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
12410| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
12411| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
12412| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
12413| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
12414| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
12415| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
12416| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
12417| [8898] Red Hat Apache Directory Index Default Configuration Error
12418| [8883] Apache Cocoon Directory Traversal Vulnerability
12419| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
12420| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
12421| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
12422| [8707] Apache htpasswd Password Entropy Weakness
12423| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
12424| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
12425| [8226] Apache HTTP Server Multiple Vulnerabilities
12426| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
12427| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
12428| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
12429| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
12430| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
12431| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
12432| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
12433| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
12434| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
12435| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
12436| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
12437| [7255] Apache Web Server File Descriptor Leakage Vulnerability
12438| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12439| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
12440| [6939] Apache Web Server ETag Header Information Disclosure Weakness
12441| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
12442| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
12443| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
12444| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
12445| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
12446| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
12447| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
12448| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
12449| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
12450| [6117] Apache mod_php File Descriptor Leakage Vulnerability
12451| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
12452| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
12453| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
12454| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
12455| [5992] Apache HTDigest Insecure Temporary File Vulnerability
12456| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
12457| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
12458| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
12459| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
12460| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
12461| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12462| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
12463| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
12464| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
12465| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
12466| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12467| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
12468| [5485] Apache 2.0 Path Disclosure Vulnerability
12469| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12470| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
12471| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
12472| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
12473| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
12474| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
12475| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
12476| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
12477| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
12478| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
12479| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
12480| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
12481| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
12482| [4437] Apache Error Message Cross-Site Scripting Vulnerability
12483| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
12484| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
12485| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
12486| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
12487| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
12488| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
12489| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
12490| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
12491| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
12492| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
12493| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
12494| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
12495| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
12496| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
12497| [3596] Apache Split-Logfile File Append Vulnerability
12498| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
12499| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
12500| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
12501| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
12502| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
12503| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
12504| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
12505| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
12506| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
12507| [3169] Apache Server Address Disclosure Vulnerability
12508| [3009] Apache Possible Directory Index Disclosure Vulnerability
12509| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
12510| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
12511| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
12512| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
12513| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
12514| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
12515| [2216] Apache Web Server DoS Vulnerability
12516| [2182] Apache /tmp File Race Vulnerability
12517| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
12518| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
12519| [1821] Apache mod_cookies Buffer Overflow Vulnerability
12520| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
12521| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
12522| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
12523| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
12524| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
12525| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12526| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12527| [1457] Apache::ASP source.asp Example Script Vulnerability
12528| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12529| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12530|
12531| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12532| [86258] Apache CloudStack text fields cross-site scripting
12533| [85983] Apache Subversion mod_dav_svn module denial of service
12534| [85875] Apache OFBiz UEL code execution
12535| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12536| [85871] Apache HTTP Server mod_session_dbd unspecified
12537| [85756] Apache Struts OGNL expression command execution
12538| [85755] Apache Struts DefaultActionMapper class open redirect
12539| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12540| [85574] Apache HTTP Server mod_dav denial of service
12541| [85573] Apache Struts Showcase App OGNL code execution
12542| [85496] Apache CXF denial of service
12543| [85423] Apache Geronimo RMI classloader code execution
12544| [85326] Apache Santuario XML Security for C++ buffer overflow
12545| [85323] Apache Santuario XML Security for Java spoofing
12546| [85319] Apache Qpid Python client SSL spoofing
12547| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12548| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12549| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12550| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12551| [84952] Apache Tomcat CVE-2012-3544 denial of service
12552| [84763] Apache Struts CVE-2013-2135 security bypass
12553| [84762] Apache Struts CVE-2013-2134 security bypass
12554| [84719] Apache Subversion CVE-2013-2088 command execution
12555| [84718] Apache Subversion CVE-2013-2112 denial of service
12556| [84717] Apache Subversion CVE-2013-1968 denial of service
12557| [84577] Apache Tomcat security bypass
12558| [84576] Apache Tomcat symlink
12559| [84543] Apache Struts CVE-2013-2115 security bypass
12560| [84542] Apache Struts CVE-2013-1966 security bypass
12561| [84154] Apache Tomcat session hijacking
12562| [84144] Apache Tomcat denial of service
12563| [84143] Apache Tomcat information disclosure
12564| [84111] Apache HTTP Server command execution
12565| [84043] Apache Virtual Computing Lab cross-site scripting
12566| [84042] Apache Virtual Computing Lab cross-site scripting
12567| [83782] Apache CloudStack information disclosure
12568| [83781] Apache CloudStack security bypass
12569| [83720] Apache ActiveMQ cross-site scripting
12570| [83719] Apache ActiveMQ denial of service
12571| [83718] Apache ActiveMQ denial of service
12572| [83263] Apache Subversion denial of service
12573| [83262] Apache Subversion denial of service
12574| [83261] Apache Subversion denial of service
12575| [83259] Apache Subversion denial of service
12576| [83035] Apache mod_ruid2 security bypass
12577| [82852] Apache Qpid federation_tag security bypass
12578| [82851] Apache Qpid qpid::framing::Buffer denial of service
12579| [82758] Apache Rave User RPC API information disclosure
12580| [82663] Apache Subversion svn_fs_file_length() denial of service
12581| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12582| [82641] Apache Qpid AMQP denial of service
12583| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
12584| [82618] Apache Commons FileUpload symlink
12585| [82360] Apache HTTP Server manager interface cross-site scripting
12586| [82359] Apache HTTP Server hostnames cross-site scripting
12587| [82338] Apache Tomcat log/logdir information disclosure
12588| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12589| [82268] Apache OpenJPA deserialization command execution
12590| [81981] Apache CXF UsernameTokens security bypass
12591| [81980] Apache CXF WS-Security security bypass
12592| [81398] Apache OFBiz cross-site scripting
12593| [81240] Apache CouchDB directory traversal
12594| [81226] Apache CouchDB JSONP code execution
12595| [81225] Apache CouchDB Futon user interface cross-site scripting
12596| [81211] Apache Axis2/C SSL spoofing
12597| [81167] Apache CloudStack DeployVM information disclosure
12598| [81166] Apache CloudStack AddHost API information disclosure
12599| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12600| [80518] Apache Tomcat cross-site request forgery security bypass
12601| [80517] Apache Tomcat FormAuthenticator security bypass
12602| [80516] Apache Tomcat NIO denial of service
12603| [80408] Apache Tomcat replay-countermeasure security bypass
12604| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12605| [80317] Apache Tomcat slowloris denial of service
12606| [79984] Apache Commons HttpClient SSL spoofing
12607| [79983] Apache CXF SSL spoofing
12608| [79830] Apache Axis2/Java SSL spoofing
12609| [79829] Apache Axis SSL spoofing
12610| [79809] Apache Tomcat DIGEST security bypass
12611| [79806] Apache Tomcat parseHeaders() denial of service
12612| [79540] Apache OFBiz unspecified
12613| [79487] Apache Axis2 SAML security bypass
12614| [79212] Apache Cloudstack code execution
12615| [78734] Apache CXF SOAP Action security bypass
12616| [78730] Apache Qpid broker denial of service
12617| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12618| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12619| [78562] Apache mod_pagespeed module security bypass
12620| [78454] Apache Axis2 security bypass
12621| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12622| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12623| [78321] Apache Wicket unspecified cross-site scripting
12624| [78183] Apache Struts parameters denial of service
12625| [78182] Apache Struts cross-site request forgery
12626| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12627| [77987] mod_rpaf module for Apache denial of service
12628| [77958] Apache Struts skill name code execution
12629| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12630| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12631| [77568] Apache Qpid broker security bypass
12632| [77421] Apache Libcloud spoofing
12633| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12634| [77046] Oracle Solaris Apache HTTP Server information disclosure
12635| [76837] Apache Hadoop information disclosure
12636| [76802] Apache Sling CopyFrom denial of service
12637| [76692] Apache Hadoop symlink
12638| [76535] Apache Roller console cross-site request forgery
12639| [76534] Apache Roller weblog cross-site scripting
12640| [76152] Apache CXF elements security bypass
12641| [76151] Apache CXF child policies security bypass
12642| [75983] MapServer for Windows Apache file include
12643| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12644| [75558] Apache POI denial of service
12645| [75545] PHP apache_request_headers() buffer overflow
12646| [75302] Apache Qpid SASL security bypass
12647| [75211] Debian GNU/Linux apache 2 cross-site scripting
12648| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12649| [74871] Apache OFBiz FlexibleStringExpander code execution
12650| [74870] Apache OFBiz multiple cross-site scripting
12651| [74750] Apache Hadoop unspecified spoofing
12652| [74319] Apache Struts XSLTResult.java file upload
12653| [74313] Apache Traffic Server header buffer overflow
12654| [74276] Apache Wicket directory traversal
12655| [74273] Apache Wicket unspecified cross-site scripting
12656| [74181] Apache HTTP Server mod_fcgid module denial of service
12657| [73690] Apache Struts OGNL code execution
12658| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12659| [73100] Apache MyFaces in directory traversal
12660| [73096] Apache APR hash denial of service
12661| [73052] Apache Struts name cross-site scripting
12662| [73030] Apache CXF UsernameToken security bypass
12663| [72888] Apache Struts lastName cross-site scripting
12664| [72758] Apache HTTP Server httpOnly information disclosure
12665| [72757] Apache HTTP Server MPM denial of service
12666| [72585] Apache Struts ParameterInterceptor security bypass
12667| [72438] Apache Tomcat Digest security bypass
12668| [72437] Apache Tomcat Digest security bypass
12669| [72436] Apache Tomcat DIGEST security bypass
12670| [72425] Apache Tomcat parameter denial of service
12671| [72422] Apache Tomcat request object information disclosure
12672| [72377] Apache HTTP Server scoreboard security bypass
12673| [72345] Apache HTTP Server HTTP request denial of service
12674| [72229] Apache Struts ExceptionDelegator command execution
12675| [72089] Apache Struts ParameterInterceptor directory traversal
12676| [72088] Apache Struts CookieInterceptor command execution
12677| [72047] Apache Geronimo hash denial of service
12678| [72016] Apache Tomcat hash denial of service
12679| [71711] Apache Struts OGNL expression code execution
12680| [71654] Apache Struts interfaces security bypass
12681| [71620] Apache ActiveMQ failover denial of service
12682| [71617] Apache HTTP Server mod_proxy module information disclosure
12683| [71508] Apache MyFaces EL security bypass
12684| [71445] Apache HTTP Server mod_proxy security bypass
12685| [71203] Apache Tomcat servlets privilege escalation
12686| [71181] Apache HTTP Server ap_pregsub() denial of service
12687| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12688| [70336] Apache HTTP Server mod_proxy information disclosure
12689| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12690| [69472] Apache Tomcat AJP security bypass
12691| [69396] Apache HTTP Server ByteRange filter denial of service
12692| [69394] Apache Wicket multi window support cross-site scripting
12693| [69176] Apache Tomcat XML information disclosure
12694| [69161] Apache Tomcat jsvc information disclosure
12695| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12696| [68541] Apache Tomcat sendfile information disclosure
12697| [68420] Apache XML Security denial of service
12698| [68238] Apache Tomcat JMX information disclosure
12699| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12700| [67804] Apache Subversion control rules information disclosure
12701| [67803] Apache Subversion control rules denial of service
12702| [67802] Apache Subversion baselined denial of service
12703| [67672] Apache Archiva multiple cross-site scripting
12704| [67671] Apache Archiva multiple cross-site request forgery
12705| [67564] Apache APR apr_fnmatch() denial of service
12706| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12707| [67515] Apache Tomcat annotations security bypass
12708| [67480] Apache Struts s:submit information disclosure
12709| [67414] Apache APR apr_fnmatch() denial of service
12710| [67356] Apache Struts javatemplates cross-site scripting
12711| [67354] Apache Struts Xwork cross-site scripting
12712| [66676] Apache Tomcat HTTP BIO information disclosure
12713| [66675] Apache Tomcat web.xml security bypass
12714| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12715| [66241] Apache HttpComponents information disclosure
12716| [66154] Apache Tomcat ServletSecurity security bypass
12717| [65971] Apache Tomcat ServletSecurity security bypass
12718| [65876] Apache Subversion mod_dav_svn denial of service
12719| [65343] Apache Continuum unspecified cross-site scripting
12720| [65162] Apache Tomcat NIO connector denial of service
12721| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12722| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12723| [65159] Apache Tomcat ServletContect security bypass
12724| [65050] Apache CouchDB web-based administration UI cross-site scripting
12725| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12726| [64473] Apache Subversion blame -g denial of service
12727| [64472] Apache Subversion walk() denial of service
12728| [64407] Apache Axis2 CVE-2010-0219 code execution
12729| [63926] Apache Archiva password privilege escalation
12730| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12731| [63493] Apache Archiva credentials cross-site request forgery
12732| [63477] Apache Tomcat HttpOnly session hijacking
12733| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12734| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12735| [62959] Apache Shiro filters security bypass
12736| [62790] Apache Perl cgi module denial of service
12737| [62576] Apache Qpid exchange denial of service
12738| [62575] Apache Qpid AMQP denial of service
12739| [62354] Apache Qpid SSL denial of service
12740| [62235] Apache APR-util apr_brigade_split_line() denial of service
12741| [62181] Apache XML-RPC SAX Parser information disclosure
12742| [61721] Apache Traffic Server cache poisoning
12743| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12744| [61186] Apache CouchDB Futon cross-site request forgery
12745| [61169] Apache CXF DTD denial of service
12746| [61070] Apache Jackrabbit search.jsp SQL injection
12747| [61006] Apache SLMS Quoting cross-site request forgery
12748| [60962] Apache Tomcat time cross-site scripting
12749| [60883] Apache mod_proxy_http information disclosure
12750| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12751| [60264] Apache Tomcat Transfer-Encoding denial of service
12752| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12753| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12754| [59413] Apache mod_proxy_http timeout information disclosure
12755| [59058] Apache MyFaces unencrypted view state cross-site scripting
12756| [58827] Apache Axis2 xsd file include
12757| [58790] Apache Axis2 modules cross-site scripting
12758| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12759| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12760| [58056] Apache ActiveMQ .jsp source code disclosure
12761| [58055] Apache Tomcat realm name information disclosure
12762| [58046] Apache HTTP Server mod_auth_shadow security bypass
12763| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12764| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12765| [57429] Apache CouchDB algorithms information disclosure
12766| [57398] Apache ActiveMQ Web console cross-site request forgery
12767| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12768| [56653] Apache HTTP Server DNS spoofing
12769| [56652] Apache HTTP Server DNS cross-site scripting
12770| [56625] Apache HTTP Server request header information disclosure
12771| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12772| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12773| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12774| [55857] Apache Tomcat WAR files directory traversal
12775| [55856] Apache Tomcat autoDeploy attribute security bypass
12776| [55855] Apache Tomcat WAR directory traversal
12777| [55210] Intuit component for Joomla! Apache information disclosure
12778| [54533] Apache Tomcat 404 error page cross-site scripting
12779| [54182] Apache Tomcat admin default password
12780| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12781| [53666] Apache HTTP Server Solaris pollset support denial of service
12782| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12783| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12784| [53041] mod_proxy_ftp module for Apache denial of service
12785| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12786| [51953] Apache Tomcat Path Disclosure
12787| [51952] Apache Tomcat Path Traversal
12788| [51951] Apache stronghold-status Information Disclosure
12789| [51950] Apache stronghold-info Information Disclosure
12790| [51949] Apache PHP Source Code Disclosure
12791| [51948] Apache Multiviews Attack
12792| [51946] Apache JServ Environment Status Information Disclosure
12793| [51945] Apache error_log Information Disclosure
12794| [51944] Apache Default Installation Page Pattern Found
12795| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12796| [51942] Apache AXIS XML External Entity File Retrieval
12797| [51941] Apache AXIS Sample Servlet Information Leak
12798| [51940] Apache access_log Information Disclosure
12799| [51626] Apache mod_deflate denial of service
12800| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12801| [51365] Apache Tomcat RequestDispatcher security bypass
12802| [51273] Apache HTTP Server Incomplete Request denial of service
12803| [51195] Apache Tomcat XML information disclosure
12804| [50994] Apache APR-util xml/apr_xml.c denial of service
12805| [50993] Apache APR-util apr_brigade_vprintf denial of service
12806| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12807| [50930] Apache Tomcat j_security_check information disclosure
12808| [50928] Apache Tomcat AJP denial of service
12809| [50884] Apache HTTP Server XML ENTITY denial of service
12810| [50808] Apache HTTP Server AllowOverride privilege escalation
12811| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12812| [50059] Apache mod_proxy_ajp information disclosure
12813| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12814| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12815| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12816| [49921] Apache ActiveMQ Web interface cross-site scripting
12817| [49898] Apache Geronimo Services/Repository directory traversal
12818| [49725] Apache Tomcat mod_jk module information disclosure
12819| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12820| [49712] Apache Struts unspecified cross-site scripting
12821| [49213] Apache Tomcat cal2.jsp cross-site scripting
12822| [48934] Apache Tomcat POST doRead method information disclosure
12823| [48211] Apache Tomcat header HTTP request smuggling
12824| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12825| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12826| [47709] Apache Roller "
12827| [47104] Novell Netware ApacheAdmin console security bypass
12828| [47086] Apache HTTP Server OS fingerprinting unspecified
12829| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12830| [45791] Apache Tomcat RemoteFilterValve security bypass
12831| [44435] Oracle WebLogic Apache Connector buffer overflow
12832| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12833| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12834| [44156] Apache Tomcat RequestDispatcher directory traversal
12835| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12836| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12837| [42987] Apache HTTP Server mod_proxy module denial of service
12838| [42915] Apache Tomcat JSP files path disclosure
12839| [42914] Apache Tomcat MS-DOS path disclosure
12840| [42892] Apache Tomcat unspecified unauthorized access
12841| [42816] Apache Tomcat Host Manager cross-site scripting
12842| [42303] Apache 403 error cross-site scripting
12843| [41618] Apache-SSL ExpandCert() authentication bypass
12844| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12845| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12846| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12847| [40562] Apache Geronimo init information disclosure
12848| [40478] Novell Web Manager webadmin-apache.conf security bypass
12849| [40411] Apache Tomcat exception handling information disclosure
12850| [40409] Apache Tomcat native (APR based) connector weak security
12851| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12852| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12853| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12854| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12855| [39804] Apache Tomcat SingleSignOn information disclosure
12856| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12857| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12858| [39608] Apache HTTP Server balancer manager cross-site request forgery
12859| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12860| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12861| [39472] Apache HTTP Server mod_status cross-site scripting
12862| [39201] Apache Tomcat JULI logging weak security
12863| [39158] Apache HTTP Server Windows SMB shares information disclosure
12864| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12865| [38951] Apache::AuthCAS Perl module cookie SQL injection
12866| [38800] Apache HTTP Server 413 error page cross-site scripting
12867| [38211] Apache Geronimo SQLLoginModule authentication bypass
12868| [37243] Apache Tomcat WebDAV directory traversal
12869| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12870| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12871| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12872| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12873| [36782] Apache Geronimo MEJB unauthorized access
12874| [36586] Apache HTTP Server UTF-7 cross-site scripting
12875| [36468] Apache Geronimo LoginModule security bypass
12876| [36467] Apache Tomcat functions.jsp cross-site scripting
12877| [36402] Apache Tomcat calendar cross-site request forgery
12878| [36354] Apache HTTP Server mod_proxy module denial of service
12879| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12880| [36336] Apache Derby lock table privilege escalation
12881| [36335] Apache Derby schema privilege escalation
12882| [36006] Apache Tomcat "
12883| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12884| [35999] Apache Tomcat \"
12885| [35795] Apache Tomcat CookieExample cross-site scripting
12886| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12887| [35384] Apache HTTP Server mod_cache module denial of service
12888| [35097] Apache HTTP Server mod_status module cross-site scripting
12889| [35095] Apache HTTP Server Prefork MPM module denial of service
12890| [34984] Apache HTTP Server recall_headers information disclosure
12891| [34966] Apache HTTP Server MPM content spoofing
12892| [34965] Apache HTTP Server MPM information disclosure
12893| [34963] Apache HTTP Server MPM multiple denial of service
12894| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12895| [34869] Apache Tomcat JSP example Web application cross-site scripting
12896| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12897| [34496] Apache Tomcat JK Connector security bypass
12898| [34377] Apache Tomcat hello.jsp cross-site scripting
12899| [34212] Apache Tomcat SSL configuration security bypass
12900| [34210] Apache Tomcat Accept-Language cross-site scripting
12901| [34209] Apache Tomcat calendar application cross-site scripting
12902| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12903| [34167] Apache Axis WSDL file path disclosure
12904| [34068] Apache Tomcat AJP connector information disclosure
12905| [33584] Apache HTTP Server suEXEC privilege escalation
12906| [32988] Apache Tomcat proxy module directory traversal
12907| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12908| [32708] Debian Apache tty privilege escalation
12909| [32441] ApacheStats extract() PHP call unspecified
12910| [32128] Apache Tomcat default account
12911| [31680] Apache Tomcat RequestParamExample cross-site scripting
12912| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12913| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12914| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12915| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12916| [29550] Apache mod_tcl set_var() format string
12917| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12918| [28357] Apache HTTP Server mod_alias script source information disclosure
12919| [28063] Apache mod_rewrite off-by-one buffer overflow
12920| [27902] Apache Tomcat URL information disclosure
12921| [26786] Apache James SMTP server denial of service
12922| [25680] libapache2 /tmp/svn file upload
12923| [25614] Apache Struts lookupMap cross-site scripting
12924| [25613] Apache Struts ActionForm denial of service
12925| [25612] Apache Struts isCancelled() security bypass
12926| [24965] Apache mod_python FileSession command execution
12927| [24716] Apache James spooler memory leak denial of service
12928| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12929| [24158] Apache Geronimo jsp-examples cross-site scripting
12930| [24030] Apache auth_ldap module multiple format strings
12931| [24008] Apache mod_ssl custom error message denial of service
12932| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12933| [23612] Apache mod_imap referer field cross-site scripting
12934| [23173] Apache Struts error message cross-site scripting
12935| [22942] Apache Tomcat directory listing denial of service
12936| [22858] Apache Multi-Processing Module code allows denial of service
12937| [22602] RHSA-2005:582 updates for Apache httpd not installed
12938| [22520] Apache mod-auth-shadow "
12939| [22466] ApacheTop symlink
12940| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12941| [22006] Apache HTTP Server byte-range filter denial of service
12942| [21567] Apache mod_ssl off-by-one buffer overflow
12943| [21195] Apache HTTP Server header HTTP request smuggling
12944| [20383] Apache HTTP Server htdigest buffer overflow
12945| [19681] Apache Tomcat AJP12 request denial of service
12946| [18993] Apache HTTP server check_forensic symlink attack
12947| [18790] Apache Tomcat Manager cross-site scripting
12948| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12949| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12950| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12951| [17961] Apache Web server ServerTokens has not been set
12952| [17930] Apache HTTP Server HTTP GET request denial of service
12953| [17785] Apache mod_include module buffer overflow
12954| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12955| [17473] Apache HTTP Server Satisfy directive allows access to resources
12956| [17413] Apache htpasswd buffer overflow
12957| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12958| [17382] Apache HTTP Server IPv6 apr_util denial of service
12959| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12960| [17273] Apache HTTP Server speculative mode denial of service
12961| [17200] Apache HTTP Server mod_ssl denial of service
12962| [16890] Apache HTTP Server server-info request has been detected
12963| [16889] Apache HTTP Server server-status request has been detected
12964| [16705] Apache mod_ssl format string attack
12965| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12966| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12967| [16230] Apache HTTP Server PHP denial of service
12968| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12969| [15958] Apache HTTP Server authentication modules memory corruption
12970| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12971| [15540] Apache HTTP Server socket starvation denial of service
12972| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12973| [15422] Apache HTTP Server mod_access information disclosure
12974| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12975| [15293] Apache for Cygwin "
12976| [15065] Apache-SSL has a default password
12977| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12978| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12979| [14751] Apache Mod_python output filter information disclosure
12980| [14125] Apache HTTP Server mod_userdir module information disclosure
12981| [14075] Apache HTTP Server mod_php file descriptor leak
12982| [13703] Apache HTTP Server account
12983| [13689] Apache HTTP Server configuration allows symlinks
12984| [13688] Apache HTTP Server configuration allows SSI
12985| [13687] Apache HTTP Server Server: header value
12986| [13685] Apache HTTP Server ServerTokens value
12987| [13684] Apache HTTP Server ServerSignature value
12988| [13672] Apache HTTP Server config allows directory autoindexing
12989| [13671] Apache HTTP Server default content
12990| [13670] Apache HTTP Server config file directive references outside content root
12991| [13668] Apache HTTP Server httpd not running in chroot environment
12992| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12993| [13664] Apache HTTP Server config file contains ScriptAlias entry
12994| [13663] Apache HTTP Server CGI support modules loaded
12995| [13661] Apache HTTP Server config file contains AddHandler entry
12996| [13660] Apache HTTP Server 500 error page not CGI script
12997| [13659] Apache HTTP Server 413 error page not CGI script
12998| [13658] Apache HTTP Server 403 error page not CGI script
12999| [13657] Apache HTTP Server 401 error page not CGI script
13000| [13552] Apache HTTP Server mod_cgid module information disclosure
13001| [13550] Apache GET request directory traversal
13002| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
13003| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
13004| [13429] Apache Tomcat non-HTTP request denial of service
13005| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
13006| [13295] Apache weak password encryption
13007| [13254] Apache Tomcat .jsp cross-site scripting
13008| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
13009| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
13010| [12681] Apache HTTP Server mod_proxy could allow mail relaying
13011| [12662] Apache HTTP Server rotatelogs denial of service
13012| [12554] Apache Tomcat stores password in plain text
13013| [12553] Apache HTTP Server redirects and subrequests denial of service
13014| [12552] Apache HTTP Server FTP proxy server denial of service
13015| [12551] Apache HTTP Server prefork MPM denial of service
13016| [12550] Apache HTTP Server weaker than expected encryption
13017| [12549] Apache HTTP Server type-map file denial of service
13018| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
13019| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
13020| [12091] Apache HTTP Server apr_password_validate denial of service
13021| [12090] Apache HTTP Server apr_psprintf code execution
13022| [11804] Apache HTTP Server mod_access_referer denial of service
13023| [11750] Apache HTTP Server could leak sensitive file descriptors
13024| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
13025| [11703] Apache long slash path allows directory listing
13026| [11695] Apache HTTP Server LF (Line Feed) denial of service
13027| [11694] Apache HTTP Server filestat.c denial of service
13028| [11438] Apache HTTP Server MIME message boundaries information disclosure
13029| [11412] Apache HTTP Server error log terminal escape sequence injection
13030| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
13031| [11195] Apache Tomcat web.xml could be used to read files
13032| [11194] Apache Tomcat URL appended with a null character could list directories
13033| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
13034| [11126] Apache HTTP Server illegal character file disclosure
13035| [11125] Apache HTTP Server DOS device name HTTP POST code execution
13036| [11124] Apache HTTP Server DOS device name denial of service
13037| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
13038| [10938] Apache HTTP Server printenv test CGI cross-site scripting
13039| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
13040| [10575] Apache mod_php module could allow an attacker to take over the httpd process
13041| [10499] Apache HTTP Server WebDAV HTTP POST view source
13042| [10457] Apache HTTP Server mod_ssl "
13043| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
13044| [10414] Apache HTTP Server htdigest multiple buffer overflows
13045| [10413] Apache HTTP Server htdigest temporary file race condition
13046| [10412] Apache HTTP Server htpasswd temporary file race condition
13047| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
13048| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
13049| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
13050| [10280] Apache HTTP Server shared memory scorecard overwrite
13051| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
13052| [10241] Apache HTTP Server Host: header cross-site scripting
13053| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
13054| [10208] Apache HTTP Server mod_dav denial of service
13055| [10206] HP VVOS Apache mod_ssl denial of service
13056| [10200] Apache HTTP Server stderr denial of service
13057| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
13058| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
13059| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
13060| [10098] Slapper worm targets OpenSSL/Apache systems
13061| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
13062| [9875] Apache HTTP Server .var file request could disclose installation path
13063| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
13064| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
13065| [9623] Apache HTTP Server ap_log_rerror() path disclosure
13066| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
13067| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
13068| [9396] Apache Tomcat null character to threads denial of service
13069| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
13070| [9249] Apache HTTP Server chunked encoding heap buffer overflow
13071| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
13072| [8932] Apache Tomcat example class information disclosure
13073| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
13074| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
13075| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
13076| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
13077| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
13078| [8400] Apache HTTP Server mod_frontpage buffer overflows
13079| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
13080| [8308] Apache "
13081| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
13082| [8119] Apache and PHP OPTIONS request reveals "
13083| [8054] Apache is running on the system
13084| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
13085| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
13086| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
13087| [7836] Apache HTTP Server log directory denial of service
13088| [7815] Apache for Windows "
13089| [7810] Apache HTTP request could result in unexpected behavior
13090| [7599] Apache Tomcat reveals installation path
13091| [7494] Apache "
13092| [7419] Apache Web Server could allow remote attackers to overwrite .log files
13093| [7363] Apache Web Server hidden HTTP requests
13094| [7249] Apache mod_proxy denial of service
13095| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
13096| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
13097| [7059] Apache "
13098| [7057] Apache "
13099| [7056] Apache "
13100| [7055] Apache "
13101| [7054] Apache "
13102| [6997] Apache Jakarta Tomcat error message may reveal information
13103| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
13104| [6970] Apache crafted HTTP request could reveal the internal IP address
13105| [6921] Apache long slash path allows directory listing
13106| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
13107| [6527] Apache Web Server for Windows and OS2 denial of service
13108| [6316] Apache Jakarta Tomcat may reveal JSP source code
13109| [6305] Apache Jakarta Tomcat directory traversal
13110| [5926] Linux Apache symbolic link
13111| [5659] Apache Web server discloses files when used with php script
13112| [5310] Apache mod_rewrite allows attacker to view arbitrary files
13113| [5204] Apache WebDAV directory listings
13114| [5197] Apache Web server reveals CGI script source code
13115| [5160] Apache Jakarta Tomcat default installation
13116| [5099] Trustix Secure Linux installs Apache with world writable access
13117| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
13118| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
13119| [4931] Apache source.asp example file allows users to write to files
13120| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
13121| [4205] Apache Jakarta Tomcat delivers file contents
13122| [2084] Apache on Debian by default serves the /usr/doc directory
13123| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
13124| [697] Apache HTTP server beck exploit
13125| [331] Apache cookies buffer overflow
13126|
13127| Exploit-DB - https://www.exploit-db.com:
13128| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
13129| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
13130| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
13131| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
13132| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
13133| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
13134| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
13135| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
13136| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
13137| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
13138| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
13139| [29859] Apache Roller OGNL Injection
13140| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
13141| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
13142| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
13143| [29290] Apache / PHP 5.x Remote Code Execution Exploit
13144| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
13145| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
13146| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
13147| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
13148| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
13149| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
13150| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
13151| [27096] Apache Geronimo 1.0 Error Page XSS
13152| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
13153| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
13154| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
13155| [25986] Plesk Apache Zeroday Remote Exploit
13156| [25980] Apache Struts includeParams Remote Code Execution
13157| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
13158| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
13159| [24874] Apache Struts ParametersInterceptor Remote Code Execution
13160| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
13161| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
13162| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
13163| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
13164| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
13165| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
13166| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
13167| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
13168| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
13169| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
13170| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
13171| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
13172| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
13173| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
13174| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
13175| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
13176| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
13177| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
13178| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
13179| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
13180| [21719] Apache 2.0 Path Disclosure Vulnerability
13181| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
13182| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
13183| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
13184| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
13185| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
13186| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
13187| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
13188| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
13189| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
13190| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
13191| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
13192| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
13193| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
13194| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
13195| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
13196| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
13197| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
13198| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
13199| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
13200| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
13201| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
13202| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
13203| [20558] Apache 1.2 Web Server DoS Vulnerability
13204| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
13205| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
13206| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
13207| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
13208| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
13209| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
13210| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
13211| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
13212| [19231] PHP apache_request_headers Function Buffer Overflow
13213| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
13214| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
13215| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
13216| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
13217| [18442] Apache httpOnly Cookie Disclosure
13218| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
13219| [18221] Apache HTTP Server Denial of Service
13220| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
13221| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
13222| [17691] Apache Struts < 2.2.0 - Remote Command Execution
13223| [16798] Apache mod_jk 1.2.20 Buffer Overflow
13224| [16782] Apache Win32 Chunked Encoding
13225| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
13226| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
13227| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
13228| [15319] Apache 2.2 (Windows) Local Denial of Service
13229| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
13230| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13231| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
13232| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
13233| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
13234| [12330] Apache OFBiz - Multiple XSS
13235| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
13236| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
13237| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
13238| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
13239| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
13240| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
13241| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
13242| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
13243| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13244| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
13245| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
13246| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
13247| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13248| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
13249| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
13250| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
13251| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
13252| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
13253| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
13254| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
13255| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
13256| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
13257| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
13258| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
13259| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
13260| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
13261| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
13262| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
13263| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
13264| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
13265| [466] htpasswd Apache 1.3.31 - Local Exploit
13266| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
13267| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
13268| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
13269| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
13270| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
13271| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
13272| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
13273| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
13274| [9] Apache HTTP Server 2.x Memory Leak Exploit
13275|
13276| OpenVAS (Nessus) - http://www.openvas.org:
13277| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
13278| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
13279| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
13280| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
13281| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
13282| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
13283| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
13284| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
13285| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
13286| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
13287| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
13288| [900571] Apache APR-Utils Version Detection
13289| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
13290| [900496] Apache Tiles Multiple XSS Vulnerability
13291| [900493] Apache Tiles Version Detection
13292| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
13293| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
13294| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
13295| [870175] RedHat Update for apache RHSA-2008:0004-01
13296| [864591] Fedora Update for apache-poi FEDORA-2012-10835
13297| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
13298| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
13299| [864250] Fedora Update for apache-poi FEDORA-2012-7683
13300| [864249] Fedora Update for apache-poi FEDORA-2012-7686
13301| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
13302| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
13303| [855821] Solaris Update for Apache 1.3 122912-19
13304| [855812] Solaris Update for Apache 1.3 122911-19
13305| [855737] Solaris Update for Apache 1.3 122911-17
13306| [855731] Solaris Update for Apache 1.3 122912-17
13307| [855695] Solaris Update for Apache 1.3 122911-16
13308| [855645] Solaris Update for Apache 1.3 122912-16
13309| [855587] Solaris Update for kernel update and Apache 108529-29
13310| [855566] Solaris Update for Apache 116973-07
13311| [855531] Solaris Update for Apache 116974-07
13312| [855524] Solaris Update for Apache 2 120544-14
13313| [855494] Solaris Update for Apache 1.3 122911-15
13314| [855478] Solaris Update for Apache Security 114145-11
13315| [855472] Solaris Update for Apache Security 113146-12
13316| [855179] Solaris Update for Apache 1.3 122912-15
13317| [855147] Solaris Update for kernel update and Apache 108528-29
13318| [855077] Solaris Update for Apache 2 120543-14
13319| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
13320| [850088] SuSE Update for apache2 SUSE-SA:2007:061
13321| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
13322| [841209] Ubuntu Update for apache2 USN-1627-1
13323| [840900] Ubuntu Update for apache2 USN-1368-1
13324| [840798] Ubuntu Update for apache2 USN-1259-1
13325| [840734] Ubuntu Update for apache2 USN-1199-1
13326| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
13327| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
13328| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
13329| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
13330| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
13331| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
13332| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
13333| [835253] HP-UX Update for Apache Web Server HPSBUX02645
13334| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
13335| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
13336| [835236] HP-UX Update for Apache with PHP HPSBUX02543
13337| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
13338| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
13339| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
13340| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
13341| [835188] HP-UX Update for Apache HPSBUX02308
13342| [835181] HP-UX Update for Apache With PHP HPSBUX02332
13343| [835180] HP-UX Update for Apache with PHP HPSBUX02342
13344| [835172] HP-UX Update for Apache HPSBUX02365
13345| [835168] HP-UX Update for Apache HPSBUX02313
13346| [835148] HP-UX Update for Apache HPSBUX01064
13347| [835139] HP-UX Update for Apache with PHP HPSBUX01090
13348| [835131] HP-UX Update for Apache HPSBUX00256
13349| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
13350| [835104] HP-UX Update for Apache HPSBUX00224
13351| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
13352| [835101] HP-UX Update for Apache HPSBUX01232
13353| [835080] HP-UX Update for Apache HPSBUX02273
13354| [835078] HP-UX Update for ApacheStrong HPSBUX00255
13355| [835044] HP-UX Update for Apache HPSBUX01019
13356| [835040] HP-UX Update for Apache PHP HPSBUX00207
13357| [835025] HP-UX Update for Apache HPSBUX00197
13358| [835023] HP-UX Update for Apache HPSBUX01022
13359| [835022] HP-UX Update for Apache HPSBUX02292
13360| [835005] HP-UX Update for Apache HPSBUX02262
13361| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
13362| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
13363| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
13364| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
13365| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
13366| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
13367| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
13368| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
13369| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
13370| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
13371| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
13372| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
13373| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
13374| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
13375| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
13376| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
13377| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
13378| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
13379| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
13380| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
13381| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
13382| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
13383| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
13384| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
13385| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
13386| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
13387| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
13388| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
13389| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
13390| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
13391| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
13392| [801942] Apache Archiva Multiple Vulnerabilities
13393| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
13394| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
13395| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
13396| [801284] Apache Derby Information Disclosure Vulnerability
13397| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
13398| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
13399| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
13400| [800680] Apache APR Version Detection
13401| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
13402| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
13403| [800677] Apache Roller Version Detection
13404| [800279] Apache mod_jk Module Version Detection
13405| [800278] Apache Struts Cross Site Scripting Vulnerability
13406| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
13407| [800276] Apache Struts Version Detection
13408| [800271] Apache Struts Directory Traversal Vulnerability
13409| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
13410| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
13411| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
13412| [103122] Apache Web Server ETag Header Information Disclosure Weakness
13413| [103074] Apache Continuum Cross Site Scripting Vulnerability
13414| [103073] Apache Continuum Detection
13415| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
13416| [101023] Apache Open For Business Weak Password security check
13417| [101020] Apache Open For Business HTML injection vulnerability
13418| [101019] Apache Open For Business service detection
13419| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
13420| [100923] Apache Archiva Detection
13421| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
13422| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
13423| [100813] Apache Axis2 Detection
13424| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
13425| [100795] Apache Derby Detection
13426| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
13427| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
13428| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
13429| [100514] Apache Multiple Security Vulnerabilities
13430| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
13431| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
13432| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
13433| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13434| [72626] Debian Security Advisory DSA 2579-1 (apache2)
13435| [72612] FreeBSD Ports: apache22
13436| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
13437| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
13438| [71512] FreeBSD Ports: apache
13439| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
13440| [71256] Debian Security Advisory DSA 2452-1 (apache2)
13441| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
13442| [70737] FreeBSD Ports: apache
13443| [70724] Debian Security Advisory DSA 2405-1 (apache2)
13444| [70600] FreeBSD Ports: apache
13445| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
13446| [70235] Debian Security Advisory DSA 2298-2 (apache2)
13447| [70233] Debian Security Advisory DSA 2298-1 (apache2)
13448| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
13449| [69338] Debian Security Advisory DSA 2202-1 (apache2)
13450| [67868] FreeBSD Ports: apache
13451| [66816] FreeBSD Ports: apache
13452| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
13453| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
13454| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
13455| [66081] SLES11: Security update for Apache 2
13456| [66074] SLES10: Security update for Apache 2
13457| [66070] SLES9: Security update for Apache 2
13458| [65998] SLES10: Security update for apache2-mod_python
13459| [65893] SLES10: Security update for Apache 2
13460| [65888] SLES10: Security update for Apache 2
13461| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
13462| [65510] SLES9: Security update for Apache 2
13463| [65472] SLES9: Security update for Apache
13464| [65467] SLES9: Security update for Apache
13465| [65450] SLES9: Security update for apache2
13466| [65390] SLES9: Security update for Apache2
13467| [65363] SLES9: Security update for Apache2
13468| [65309] SLES9: Security update for Apache and mod_ssl
13469| [65296] SLES9: Security update for webdav apache module
13470| [65283] SLES9: Security update for Apache2
13471| [65249] SLES9: Security update for Apache 2
13472| [65230] SLES9: Security update for Apache 2
13473| [65228] SLES9: Security update for Apache 2
13474| [65212] SLES9: Security update for apache2-mod_python
13475| [65209] SLES9: Security update for apache2-worker
13476| [65207] SLES9: Security update for Apache 2
13477| [65168] SLES9: Security update for apache2-mod_python
13478| [65142] SLES9: Security update for Apache2
13479| [65136] SLES9: Security update for Apache 2
13480| [65132] SLES9: Security update for apache
13481| [65131] SLES9: Security update for Apache 2 oes/CORE
13482| [65113] SLES9: Security update for apache2
13483| [65072] SLES9: Security update for apache and mod_ssl
13484| [65017] SLES9: Security update for Apache 2
13485| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
13486| [64783] FreeBSD Ports: apache
13487| [64774] Ubuntu USN-802-2 (apache2)
13488| [64653] Ubuntu USN-813-2 (apache2)
13489| [64559] Debian Security Advisory DSA 1834-2 (apache2)
13490| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
13491| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
13492| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
13493| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
13494| [64443] Ubuntu USN-802-1 (apache2)
13495| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
13496| [64423] Debian Security Advisory DSA 1834-1 (apache2)
13497| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
13498| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
13499| [64251] Debian Security Advisory DSA 1816-1 (apache2)
13500| [64201] Ubuntu USN-787-1 (apache2)
13501| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
13502| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
13503| [63565] FreeBSD Ports: apache
13504| [63562] Ubuntu USN-731-1 (apache2)
13505| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
13506| [61185] FreeBSD Ports: apache
13507| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
13508| [60387] Slackware Advisory SSA:2008-045-02 apache
13509| [58826] FreeBSD Ports: apache-tomcat
13510| [58825] FreeBSD Ports: apache-tomcat
13511| [58804] FreeBSD Ports: apache
13512| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
13513| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
13514| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
13515| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
13516| [57335] Debian Security Advisory DSA 1167-1 (apache)
13517| [57201] Debian Security Advisory DSA 1131-1 (apache)
13518| [57200] Debian Security Advisory DSA 1132-1 (apache2)
13519| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
13520| [57145] FreeBSD Ports: apache
13521| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
13522| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
13523| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
13524| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
13525| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
13526| [56067] FreeBSD Ports: apache
13527| [55803] Slackware Advisory SSA:2005-310-04 apache
13528| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13529| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13530| [55355] FreeBSD Ports: apache
13531| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13532| [55261] Debian Security Advisory DSA 805-1 (apache2)
13533| [55259] Debian Security Advisory DSA 803-1 (apache)
13534| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13535| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13536| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13537| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13538| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13539| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13540| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13541| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13542| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13543| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13544| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13545| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13546| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13547| [54439] FreeBSD Ports: apache
13548| [53931] Slackware Advisory SSA:2004-133-01 apache
13549| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
13550| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
13551| [53878] Slackware Advisory SSA:2003-308-01 apache security update
13552| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13553| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13554| [53848] Debian Security Advisory DSA 131-1 (apache)
13555| [53784] Debian Security Advisory DSA 021-1 (apache)
13556| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13557| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13558| [53735] Debian Security Advisory DSA 187-1 (apache)
13559| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13560| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13561| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13562| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13563| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13564| [53282] Debian Security Advisory DSA 594-1 (apache)
13565| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13566| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13567| [53215] Debian Security Advisory DSA 525-1 (apache)
13568| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13569| [52529] FreeBSD Ports: apache+ssl
13570| [52501] FreeBSD Ports: apache
13571| [52461] FreeBSD Ports: apache
13572| [52390] FreeBSD Ports: apache
13573| [52389] FreeBSD Ports: apache
13574| [52388] FreeBSD Ports: apache
13575| [52383] FreeBSD Ports: apache
13576| [52339] FreeBSD Ports: apache+mod_ssl
13577| [52331] FreeBSD Ports: apache
13578| [52329] FreeBSD Ports: ru-apache+mod_ssl
13579| [52314] FreeBSD Ports: apache
13580| [52310] FreeBSD Ports: apache
13581| [15588] Detect Apache HTTPS
13582| [15555] Apache mod_proxy content-length buffer overflow
13583| [15554] Apache mod_include priviledge escalation
13584| [14771] Apache <= 1.3.33 htpasswd local overflow
13585| [14177] Apache mod_access rule bypass
13586| [13644] Apache mod_rootme Backdoor
13587| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13588| [12280] Apache Connection Blocking Denial of Service
13589| [12239] Apache Error Log Escape Sequence Injection
13590| [12123] Apache Tomcat source.jsp malformed request information disclosure
13591| [12085] Apache Tomcat servlet/JSP container default files
13592| [11438] Apache Tomcat Directory Listing and File disclosure
13593| [11204] Apache Tomcat Default Accounts
13594| [11092] Apache 2.0.39 Win32 directory traversal
13595| [11046] Apache Tomcat TroubleShooter Servlet Installed
13596| [11042] Apache Tomcat DOS Device Name XSS
13597| [11041] Apache Tomcat /servlet Cross Site Scripting
13598| [10938] Apache Remote Command Execution via .bat files
13599| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13600| [10773] MacOS X Finder reveals contents of Apache Web files
13601| [10766] Apache UserDir Sensitive Information Disclosure
13602| [10756] MacOS X Finder reveals contents of Apache Web directories
13603| [10752] Apache Auth Module SQL Insertion Attack
13604| [10704] Apache Directory Listing
13605| [10678] Apache /server-info accessible
13606| [10677] Apache /server-status accessible
13607| [10440] Check for Apache Multiple / vulnerability
13608|
13609| SecurityTracker - https://www.securitytracker.com:
13610| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13611| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13612| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13613| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13614| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13615| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13616| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13617| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13618| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13619| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13620| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13621| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13622| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13623| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13624| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13625| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13626| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13627| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13628| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13629| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13630| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13631| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13632| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13633| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13634| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13635| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13636| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13637| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13638| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13639| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13640| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13641| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13642| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13643| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13644| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13645| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13646| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13647| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13648| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13649| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13650| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13651| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13652| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13653| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13654| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13655| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13656| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13657| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13658| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13659| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13660| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13661| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13662| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13663| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13664| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13665| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13666| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13667| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13668| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13669| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13670| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13671| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13672| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13673| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13674| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13675| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13676| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13677| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13678| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13679| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13680| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13681| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13682| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13683| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13684| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13685| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13686| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13687| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13688| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13689| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13690| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13691| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13692| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13693| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13694| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13695| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13696| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13697| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13698| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13699| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13700| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13701| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13702| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13703| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13704| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13705| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13706| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13707| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13708| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13709| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13710| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13711| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13712| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13713| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13714| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13715| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13716| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13717| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13718| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13719| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13720| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13721| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13722| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13723| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13724| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13725| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13726| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13727| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13728| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13729| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13730| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13731| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13732| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13733| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13734| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13735| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13736| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13737| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13738| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13739| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13740| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13741| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13742| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13743| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13744| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13745| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13746| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13747| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13748| [1008920] Apache mod_digest May Validate Replayed Client Responses
13749| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13750| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13751| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13752| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13753| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13754| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13755| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13756| [1008029] Apache mod_alias Contains a Buffer Overflow
13757| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13758| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13759| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13760| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13761| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13762| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13763| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13764| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13765| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13766| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13767| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13768| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13769| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13770| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13771| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13772| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13773| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13774| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13775| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13776| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13777| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13778| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13779| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13780| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13781| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13782| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13783| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13784| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13785| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13786| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13787| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13788| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13789| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13790| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13791| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13792| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13793| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13794| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13795| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13796| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13797| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13798| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13799| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13800| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13801| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13802| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13803| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13804| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13805| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13806| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13807| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13808| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13809| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13810| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13811| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13812| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13813|
13814| OSVDB - http://www.osvdb.org:
13815| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13816| [96077] Apache CloudStack Global Settings Multiple Field XSS
13817| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13818| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13819| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13820| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13821| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13822| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13823| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13824| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13825| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13826| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13827| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13828| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13829| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13830| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13831| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13832| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13833| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13834| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13835| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13836| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13837| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13838| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13839| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13840| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13841| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13842| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13843| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13844| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13845| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13846| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13847| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13848| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13849| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13850| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13851| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13852| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13853| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13854| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13855| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13856| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13857| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13858| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13859| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13860| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13861| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13862| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13863| [94279] Apache Qpid CA Certificate Validation Bypass
13864| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13865| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13866| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13867| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13868| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13869| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13870| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13871| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13872| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13873| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13874| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13875| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13876| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13877| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13878| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13879| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13880| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13881| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13882| [93541] Apache Solr json.wrf Callback XSS
13883| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13884| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13885| [93520] Apache CloudStack Default SSL Key Weakness
13886| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13887| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13888| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13889| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13890| [93515] Apache HBase table.jsp name Parameter XSS
13891| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13892| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13893| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13894| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13895| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13896| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13897| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13898| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13899| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13900| [93252] Apache Tomcat FORM Authenticator Session Fixation
13901| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13902| [93171] Apache Sling HtmlResponse Error Message XSS
13903| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13904| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13905| [93168] Apache Click ErrorReport.java id Parameter XSS
13906| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13907| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13908| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13909| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13910| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13911| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13912| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13913| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13914| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13915| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13916| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13917| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13918| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13919| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13920| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13921| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13922| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13923| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13924| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13925| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13926| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13927| [93144] Apache Solr Admin Command Execution CSRF
13928| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13929| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13930| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13931| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13932| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13933| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13934| [92748] Apache CloudStack VM Console Access Restriction Bypass
13935| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13936| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13937| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13938| [92706] Apache ActiveMQ Debug Log Rendering XSS
13939| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13940| [92270] Apache Tomcat Unspecified CSRF
13941| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13942| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13943| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13944| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13945| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13946| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13947| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13948| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13949| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13950| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13951| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13952| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13953| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13954| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13955| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13956| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13957| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13958| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13959| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13960| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13961| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13962| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13963| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13964| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13965| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13966| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13967| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13968| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13969| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13970| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13971| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13972| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13973| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13974| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13975| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13976| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13977| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13978| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13979| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13980| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13981| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13982| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13983| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13984| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13985| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13986| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13987| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13988| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13989| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13990| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13991| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13992| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13993| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13994| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13995| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13996| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13997| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13998| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13999| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
14000| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
14001| [86901] Apache Tomcat Error Message Path Disclosure
14002| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
14003| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
14004| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
14005| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
14006| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
14007| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
14008| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
14009| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
14010| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
14011| [85430] Apache mod_pagespeed Module Unspecified XSS
14012| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
14013| [85249] Apache Wicket Unspecified XSS
14014| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
14015| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
14016| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
14017| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
14018| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
14019| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
14020| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
14021| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
14022| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
14023| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
14024| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
14025| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
14026| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
14027| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
14028| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
14029| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
14030| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
14031| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
14032| [83339] Apache Roller Blogger Roll Unspecified XSS
14033| [83270] Apache Roller Unspecified Admin Action CSRF
14034| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
14035| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
14036| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
14037| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
14038| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
14039| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
14040| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
14041| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
14042| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
14043| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
14044| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
14045| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
14046| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
14047| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
14048| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
14049| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
14050| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
14051| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
14052| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
14053| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
14054| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
14055| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
14056| [80300] Apache Wicket wicket:pageMapName Parameter XSS
14057| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
14058| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
14059| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
14060| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
14061| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
14062| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
14063| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
14064| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
14065| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
14066| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
14067| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
14068| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
14069| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
14070| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
14071| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
14072| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
14073| [78331] Apache Tomcat Request Object Recycling Information Disclosure
14074| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
14075| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
14076| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
14077| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
14078| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
14079| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
14080| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
14081| [77593] Apache Struts Conversion Error OGNL Expression Injection
14082| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
14083| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
14084| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
14085| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
14086| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
14087| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
14088| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
14089| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
14090| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
14091| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
14092| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
14093| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
14094| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
14095| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
14096| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
14097| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
14098| [74725] Apache Wicket Multi Window Support Unspecified XSS
14099| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
14100| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
14101| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
14102| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
14103| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
14104| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
14105| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
14106| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
14107| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
14108| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
14109| [73644] Apache XML Security Signature Key Parsing Overflow DoS
14110| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
14111| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
14112| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
14113| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
14114| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
14115| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
14116| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
14117| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
14118| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
14119| [73154] Apache Archiva Multiple Unspecified CSRF
14120| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
14121| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
14122| [72238] Apache Struts Action / Method Names <
14123| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
14124| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
14125| [71557] Apache Tomcat HTML Manager Multiple XSS
14126| [71075] Apache Archiva User Management Page XSS
14127| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
14128| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
14129| [70924] Apache Continuum Multiple Admin Function CSRF
14130| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
14131| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
14132| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
14133| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
14134| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
14135| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
14136| [69520] Apache Archiva Administrator Credential Manipulation CSRF
14137| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
14138| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
14139| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
14140| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
14141| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
14142| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
14143| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
14144| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
14145| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
14146| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
14147| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
14148| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
14149| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
14150| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
14151| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
14152| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
14153| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
14154| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
14155| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
14156| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
14157| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
14158| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
14159| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
14160| [65054] Apache ActiveMQ Jetty Error Handler XSS
14161| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
14162| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
14163| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
14164| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
14165| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
14166| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
14167| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
14168| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
14169| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
14170| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
14171| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
14172| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
14173| [63895] Apache HTTP Server mod_headers Unspecified Issue
14174| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
14175| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
14176| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
14177| [63140] Apache Thrift Service Malformed Data Remote DoS
14178| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
14179| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
14180| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
14181| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
14182| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
14183| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
14184| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
14185| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
14186| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
14187| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
14188| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
14189| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
14190| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
14191| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
14192| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
14193| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
14194| [60678] Apache Roller Comment Email Notification Manipulation DoS
14195| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
14196| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
14197| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
14198| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
14199| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
14200| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
14201| [60232] PHP on Apache php.exe Direct Request Remote DoS
14202| [60176] Apache Tomcat Windows Installer Admin Default Password
14203| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
14204| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
14205| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
14206| [59944] Apache Hadoop jobhistory.jsp XSS
14207| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
14208| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
14209| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
14210| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
14211| [59019] Apache mod_python Cookie Salting Weakness
14212| [59018] Apache Harmony Error Message Handling Overflow
14213| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
14214| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
14215| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
14216| [59010] Apache Solr get-file.jsp XSS
14217| [59009] Apache Solr action.jsp XSS
14218| [59008] Apache Solr analysis.jsp XSS
14219| [59007] Apache Solr schema.jsp Multiple Parameter XSS
14220| [59006] Apache Beehive select / checkbox Tag XSS
14221| [59005] Apache Beehive jpfScopeID Global Parameter XSS
14222| [59004] Apache Beehive Error Message XSS
14223| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
14224| [59002] Apache Jetspeed default-page.psml URI XSS
14225| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
14226| [59000] Apache CXF Unsigned Message Policy Bypass
14227| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
14228| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
14229| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
14230| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
14231| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
14232| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
14233| [58993] Apache Hadoop browseBlock.jsp XSS
14234| [58991] Apache Hadoop browseDirectory.jsp XSS
14235| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
14236| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
14237| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
14238| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
14239| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
14240| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
14241| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
14242| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
14243| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
14244| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
14245| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
14246| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
14247| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
14248| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
14249| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
14250| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
14251| [58974] Apache Sling /apps Script User Session Management Access Weakness
14252| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
14253| [58931] Apache Geronimo Cookie Parameters Validation Weakness
14254| [58930] Apache Xalan-C++ XPath Handling Remote DoS
14255| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
14256| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
14257| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
14258| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
14259| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
14260| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
14261| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
14262| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
14263| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
14264| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
14265| [58805] Apache Derby Unauthenticated Database / Admin Access
14266| [58804] Apache Wicket Header Contribution Unspecified Issue
14267| [58803] Apache Wicket Session Fixation
14268| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
14269| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
14270| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
14271| [58799] Apache Tapestry Logging Cleartext Password Disclosure
14272| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
14273| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
14274| [58796] Apache Jetspeed Unsalted Password Storage Weakness
14275| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
14276| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
14277| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
14278| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
14279| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
14280| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
14281| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
14282| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
14283| [58775] Apache JSPWiki preview.jsp action Parameter XSS
14284| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14285| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
14286| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
14287| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
14288| [58770] Apache JSPWiki Group.jsp group Parameter XSS
14289| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
14290| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
14291| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
14292| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
14293| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14294| [58763] Apache JSPWiki Include Tag Multiple Script XSS
14295| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
14296| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
14297| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
14298| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
14299| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
14300| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
14301| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
14302| [58755] Apache Harmony DRLVM Non-public Class Member Access
14303| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
14304| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
14305| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
14306| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
14307| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
14308| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
14309| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
14310| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
14311| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
14312| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
14313| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
14314| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
14315| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
14316| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
14317| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
14318| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
14319| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
14320| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
14321| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
14322| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
14323| [58725] Apache Tapestry Basic String ACL Bypass Weakness
14324| [58724] Apache Roller Logout Functionality Failure Session Persistence
14325| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
14326| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
14327| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
14328| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
14329| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
14330| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
14331| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
14332| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
14333| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
14334| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
14335| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
14336| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
14337| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
14338| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
14339| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
14340| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
14341| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
14342| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
14343| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
14344| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
14345| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
14346| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
14347| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
14348| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
14349| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
14350| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
14351| [58687] Apache Axis Invalid wsdl Request XSS
14352| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
14353| [58685] Apache Velocity Template Designer Privileged Code Execution
14354| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
14355| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
14356| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
14357| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
14358| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
14359| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
14360| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
14361| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
14362| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
14363| [58667] Apache Roller Database Cleartext Passwords Disclosure
14364| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
14365| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
14366| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
14367| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
14368| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
14369| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
14370| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
14371| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
14372| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
14373| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
14374| [56984] Apache Xerces2 Java Malformed XML Input DoS
14375| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
14376| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
14377| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
14378| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
14379| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
14380| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
14381| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
14382| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
14383| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
14384| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
14385| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
14386| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
14387| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
14388| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
14389| [55056] Apache Tomcat Cross-application TLD File Manipulation
14390| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
14391| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
14392| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
14393| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
14394| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
14395| [54589] Apache Jserv Nonexistent JSP Request XSS
14396| [54122] Apache Struts s:a / s:url Tag href Element XSS
14397| [54093] Apache ActiveMQ Web Console JMS Message XSS
14398| [53932] Apache Geronimo Multiple Admin Function CSRF
14399| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
14400| [53930] Apache Geronimo /console/portal/ URI XSS
14401| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
14402| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
14403| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
14404| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
14405| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
14406| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
14407| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
14408| [53380] Apache Struts Unspecified XSS
14409| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
14410| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
14411| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
14412| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
14413| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
14414| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
14415| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
14416| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
14417| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
14418| [51151] Apache Roller Search Function q Parameter XSS
14419| [50482] PHP with Apache php_value Order Unspecified Issue
14420| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
14421| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
14422| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
14423| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
14424| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
14425| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
14426| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
14427| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
14428| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
14429| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
14430| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
14431| [47096] Oracle Weblogic Apache Connector POST Request Overflow
14432| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
14433| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
14434| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
14435| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
14436| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
14437| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
14438| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
14439| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
14440| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
14441| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
14442| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
14443| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
14444| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
14445| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
14446| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
14447| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
14448| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
14449| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
14450| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
14451| [43452] Apache Tomcat HTTP Request Smuggling
14452| [43309] Apache Geronimo LoginModule Login Method Bypass
14453| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
14454| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
14455| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
14456| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
14457| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
14458| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
14459| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
14460| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
14461| [42091] Apache Maven Site Plugin Installation Permission Weakness
14462| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
14463| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
14464| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
14465| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
14466| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
14467| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
14468| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
14469| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
14470| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
14471| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
14472| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
14473| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
14474| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
14475| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
14476| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
14477| [40262] Apache HTTP Server mod_status refresh XSS
14478| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
14479| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
14480| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
14481| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
14482| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
14483| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
14484| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
14485| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
14486| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
14487| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
14488| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
14489| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
14490| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
14491| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
14492| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
14493| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
14494| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
14495| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
14496| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
14497| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
14498| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
14499| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
14500| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
14501| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
14502| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
14503| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
14504| [36080] Apache Tomcat JSP Examples Crafted URI XSS
14505| [36079] Apache Tomcat Manager Uploaded Filename XSS
14506| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
14507| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
14508| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
14509| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
14510| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
14511| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
14512| [34881] Apache Tomcat Malformed Accept-Language Header XSS
14513| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
14514| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
14515| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14516| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
14517| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
14518| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
14519| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
14520| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
14521| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
14522| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
14523| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
14524| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
14525| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
14526| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14527| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14528| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14529| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14530| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14531| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14532| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14533| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14534| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14535| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14536| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14537| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14538| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14539| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14540| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14541| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14542| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14543| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14544| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14545| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14546| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14547| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14548| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14549| [24365] Apache Struts Multiple Function Error Message XSS
14550| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14551| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14552| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14553| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14554| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14555| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14556| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14557| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14558| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14559| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14560| [22459] Apache Geronimo Error Page XSS
14561| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14562| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14563| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14564| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14565| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14566| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14567| [21021] Apache Struts Error Message XSS
14568| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14569| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14570| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14571| [20439] Apache Tomcat Directory Listing Saturation DoS
14572| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14573| [20285] Apache HTTP Server Log File Control Character Injection
14574| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14575| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14576| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14577| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14578| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14579| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14580| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14581| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14582| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14583| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14584| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14585| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14586| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14587| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14588| [18233] Apache HTTP Server htdigest user Variable Overfow
14589| [17738] Apache HTTP Server HTTP Request Smuggling
14590| [16586] Apache HTTP Server Win32 GET Overflow DoS
14591| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14592| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14593| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14594| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14595| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14596| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14597| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14598| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14599| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14600| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14601| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14602| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14603| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14604| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14605| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14606| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14607| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14608| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14609| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14610| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14611| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14612| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14613| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14614| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14615| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14616| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14617| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14618| [13304] Apache Tomcat realPath.jsp Path Disclosure
14619| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14620| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14621| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14622| [12848] Apache HTTP Server htdigest realm Variable Overflow
14623| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14624| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14625| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14626| [12557] Apache HTTP Server prefork MPM accept Error DoS
14627| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14628| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14629| [12231] Apache Tomcat web.xml Arbitrary File Access
14630| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14631| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14632| [12178] Apache Jakarta Lucene results.jsp XSS
14633| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14634| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14635| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14636| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14637| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14638| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14639| [10471] Apache Xerces-C++ XML Parser DoS
14640| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14641| [10068] Apache HTTP Server htpasswd Local Overflow
14642| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14643| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14644| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14645| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14646| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14647| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14648| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14649| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14650| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14651| [9714] Apache Authentication Module Threaded MPM DoS
14652| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14653| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14654| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14655| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14656| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14657| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14658| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14659| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14660| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14661| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14662| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14663| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14664| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14665| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14666| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14667| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14668| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14669| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14670| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14671| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14672| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14673| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14674| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14675| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14676| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14677| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14678| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14679| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14680| [9208] Apache Tomcat .jsp Encoded Newline XSS
14681| [9204] Apache Tomcat ROOT Application XSS
14682| [9203] Apache Tomcat examples Application XSS
14683| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14684| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14685| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14686| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14687| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14688| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14689| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14690| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14691| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14692| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14693| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14694| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14695| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14696| [7611] Apache HTTP Server mod_alias Local Overflow
14697| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14698| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14699| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14700| [6882] Apache mod_python Malformed Query String Variant DoS
14701| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14702| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14703| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14704| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14705| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14706| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14707| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14708| [5278] Apache Tomcat web.xml Restriction Bypass
14709| [5051] Apache Tomcat Null Character DoS
14710| [4973] Apache Tomcat servlet Mapping XSS
14711| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14712| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14713| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14714| [4568] mod_survey For Apache ENV Tags SQL Injection
14715| [4553] Apache HTTP Server ApacheBench Overflow DoS
14716| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14717| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14718| [4383] Apache HTTP Server Socket Race Condition DoS
14719| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14720| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14721| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14722| [4231] Apache Cocoon Error Page Server Path Disclosure
14723| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14724| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14725| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14726| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14727| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14728| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14729| [3322] mod_php for Apache HTTP Server Process Hijack
14730| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14731| [2885] Apache mod_python Malformed Query String DoS
14732| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14733| [2733] Apache HTTP Server mod_rewrite Local Overflow
14734| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14735| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14736| [2149] Apache::Gallery Privilege Escalation
14737| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14738| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14739| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14740| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14741| [872] Apache Tomcat Multiple Default Accounts
14742| [862] Apache HTTP Server SSI Error Page XSS
14743| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14744| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14745| [845] Apache Tomcat MSDOS Device XSS
14746| [844] Apache Tomcat Java Servlet Error Page XSS
14747| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14748| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14749| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14750| [775] Apache mod_python Module Importing Privilege Function Execution
14751| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14752| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14753| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14754| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14755| [637] Apache HTTP Server UserDir Directive Username Enumeration
14756| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14757| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14758| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14759| [561] Apache Web Servers mod_status /server-status Information Disclosure
14760| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14761| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14762| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14763| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14764| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14765| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14766| [376] Apache Tomcat contextAdmin Arbitrary File Access
14767| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14768| [222] Apache HTTP Server test-cgi Arbitrary File Access
14769| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14770| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14771|_
14772445/tcp closed microsoft-ds
14773465/tcp open ssl/smtp Exim smtpd 4.92
14774| vulscan: VulDB - https://vuldb.com:
14775| [141327] Exim up to 4.92.1 Backslash privilege escalation
14776| [138827] Exim up to 4.92 Expansion Code Execution
14777| [135932] Exim up to 4.92 privilege escalation
14778| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14779|
14780| MITRE CVE - https://cve.mitre.org:
14781| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14782| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14783| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14784| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14785| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14786| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14787| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14788| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14789| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14790| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14791| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14792| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14793| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14794| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14795| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14796| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14797|
14798| SecurityFocus - https://www.securityfocus.com/bid/:
14799| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14800| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14801| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14802| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14803| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14804| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14805| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14806| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14807| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14808| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14809| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14810| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14811| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14812| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14813| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14814| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14815| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14816| [17110] sa-exim Unauthorized File Access Vulnerability
14817| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14818| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14819| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14820| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14821| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14822| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14823| [6314] Exim Internet Mailer Format String Vulnerability
14824| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14825| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14826| [2828] Exim Format String Vulnerability
14827| [1859] Exim Buffer Overflow Vulnerability
14828|
14829| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14830| [84758] Exim sender_address parameter command execution
14831| [84015] Exim command execution
14832| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14833| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14834| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14835| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14836| [67455] Exim DKIM processing code execution
14837| [67299] Exim dkim_exim_verify_finish() format string
14838| [65028] Exim open_log privilege escalation
14839| [63967] Exim config file privilege escalation
14840| [63960] Exim header buffer overflow
14841| [59043] Exim mail directory privilege escalation
14842| [59042] Exim MBX symlink
14843| [52922] ikiwiki teximg plugin information disclosure
14844| [34265] Exim spamd buffer overflow
14845| [25286] Sa-exim greylistclean.cron file deletion
14846| [22687] RHSA-2005:025 updates for exim not installed
14847| [18901] Exim dns_build_reverse buffer overflow
14848| [18764] Exim spa_base64_to_bits function buffer overflow
14849| [18763] Exim host_aton buffer overflow
14850| [16079] Exim require_verify buffer overflow
14851| [16077] Exim header_check_syntax buffer overflow
14852| [16075] Exim sender_verify buffer overflow
14853| [13067] Exim HELO or EHLO command heap overflow
14854| [10761] Exim daemon.c format string
14855| [8194] Exim configuration file -c command-line argument buffer overflow
14856| [7738] Exim allows attacker to hide commands in localhost names using pipes
14857| [6671] Exim "
14858| [1893] Exim MTA allows local users to gain root privileges
14859|
14860| Exploit-DB - https://www.exploit-db.com:
14861| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14862| [15725] Exim 4.63 Remote Root Exploit
14863| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14864| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14865| [796] Exim <= 4.42 Local Root Exploit
14866| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14867|
14868| OpenVAS (Nessus) - http://www.openvas.org:
14869| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14870|
14871| SecurityTracker - https://www.securitytracker.com:
14872| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14873| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14874| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14875| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14876| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14877| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14878| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14879| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14880| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14881| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14882| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14883| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14884|
14885| OSVDB - http://www.osvdb.org:
14886| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14887| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14888| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14889| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14890| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14891| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14892| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14893| [70696] Exim log.c open_log() Function Local Privilege Escalation
14894| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14895| [69685] Exim string_format Function Remote Overflow
14896| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14897| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14898| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14899| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14900| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14901| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14902| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14903| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14904| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14905| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14906| [10032] libXpm CreateXImage Function Integer Overflow
14907| [7160] Exim .forward :include: Option Privilege Escalation
14908| [6479] Vexim COOKIE Authentication Credential Disclosure
14909| [6478] Vexim Multiple Parameter SQL Injection
14910| [5930] Exim Parenthesis File Name Filter Bypass
14911| [5897] Exim header_syntax Function Remote Overflow
14912| [5896] Exim sender_verify Function Remote Overflow
14913| [5530] Exim Localhost Name Arbitrary Command Execution
14914| [5330] Exim Configuration File Variable Overflow
14915| [1855] Exim Batched SMTP Mail Header Format String
14916|_
14917587/tcp open smtp Exim smtpd 4.92
14918| vulscan: VulDB - https://vuldb.com:
14919| [141327] Exim up to 4.92.1 Backslash privilege escalation
14920| [138827] Exim up to 4.92 Expansion Code Execution
14921| [135932] Exim up to 4.92 privilege escalation
14922| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14923|
14924| MITRE CVE - https://cve.mitre.org:
14925| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14926| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14927| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14928| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14929| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14930| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14931| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14932| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14933| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14934| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14935| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14936| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14937| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14938| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14939| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14940| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14941|
14942| SecurityFocus - https://www.securityfocus.com/bid/:
14943| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14944| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14945| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14946| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14947| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14948| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14949| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14950| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14951| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14952| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14953| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14954| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14955| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14956| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14957| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14958| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14959| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14960| [17110] sa-exim Unauthorized File Access Vulnerability
14961| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14962| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14963| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14964| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14965| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14966| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14967| [6314] Exim Internet Mailer Format String Vulnerability
14968| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14969| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14970| [2828] Exim Format String Vulnerability
14971| [1859] Exim Buffer Overflow Vulnerability
14972|
14973| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14974| [84758] Exim sender_address parameter command execution
14975| [84015] Exim command execution
14976| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14977| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14978| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14979| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14980| [67455] Exim DKIM processing code execution
14981| [67299] Exim dkim_exim_verify_finish() format string
14982| [65028] Exim open_log privilege escalation
14983| [63967] Exim config file privilege escalation
14984| [63960] Exim header buffer overflow
14985| [59043] Exim mail directory privilege escalation
14986| [59042] Exim MBX symlink
14987| [52922] ikiwiki teximg plugin information disclosure
14988| [34265] Exim spamd buffer overflow
14989| [25286] Sa-exim greylistclean.cron file deletion
14990| [22687] RHSA-2005:025 updates for exim not installed
14991| [18901] Exim dns_build_reverse buffer overflow
14992| [18764] Exim spa_base64_to_bits function buffer overflow
14993| [18763] Exim host_aton buffer overflow
14994| [16079] Exim require_verify buffer overflow
14995| [16077] Exim header_check_syntax buffer overflow
14996| [16075] Exim sender_verify buffer overflow
14997| [13067] Exim HELO or EHLO command heap overflow
14998| [10761] Exim daemon.c format string
14999| [8194] Exim configuration file -c command-line argument buffer overflow
15000| [7738] Exim allows attacker to hide commands in localhost names using pipes
15001| [6671] Exim "
15002| [1893] Exim MTA allows local users to gain root privileges
15003|
15004| Exploit-DB - https://www.exploit-db.com:
15005| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
15006| [15725] Exim 4.63 Remote Root Exploit
15007| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
15008| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
15009| [796] Exim <= 4.42 Local Root Exploit
15010| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
15011|
15012| OpenVAS (Nessus) - http://www.openvas.org:
15013| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
15014|
15015| SecurityTracker - https://www.securitytracker.com:
15016| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
15017| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
15018| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
15019| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
15020| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
15021| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
15022| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
15023| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
15024| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
15025| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
15026| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
15027| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
15028|
15029| OSVDB - http://www.osvdb.org:
15030| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
15031| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
15032| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
15033| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
15034| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
15035| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
15036| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
15037| [70696] Exim log.c open_log() Function Local Privilege Escalation
15038| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
15039| [69685] Exim string_format Function Remote Overflow
15040| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
15041| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
15042| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
15043| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
15044| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
15045| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
15046| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
15047| [12726] Exim -be Command Line Option host_aton Function Local Overflow
15048| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
15049| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
15050| [10032] libXpm CreateXImage Function Integer Overflow
15051| [7160] Exim .forward :include: Option Privilege Escalation
15052| [6479] Vexim COOKIE Authentication Credential Disclosure
15053| [6478] Vexim Multiple Parameter SQL Injection
15054| [5930] Exim Parenthesis File Name Filter Bypass
15055| [5897] Exim header_syntax Function Remote Overflow
15056| [5896] Exim sender_verify Function Remote Overflow
15057| [5530] Exim Localhost Name Arbitrary Command Execution
15058| [5330] Exim Configuration File Variable Overflow
15059| [1855] Exim Batched SMTP Mail Header Format String
15060|_
15061993/tcp open ssl/imaps?
15062995/tcp open ssl/pop3s?
15063###################################################################################################################################
15064[+] URL: http://www.islam-iea.com/
15065[+] Started: Fri Feb 7 06:31:22 2020
15066
15067Interesting Finding(s):
15068
15069[+] http://www.islam-iea.com/
15070 | Interesting Entry: Server: Apache
15071 | Found By: Headers (Passive Detection)
15072 | Confidence: 100%
15073
15074[+] http://www.islam-iea.com/robots.txt
15075 | Interesting Entries:
15076 | - /wp-admin/
15077 | - /wp-admin/admin-ajax.php
15078 | Found By: Robots Txt (Aggressive Detection)
15079 | Confidence: 100%
15080
15081[+] http://www.islam-iea.com/xmlrpc.php
15082 | Found By: Direct Access (Aggressive Detection)
15083 | Confidence: 100%
15084 | References:
15085 | - http://codex.wordpress.org/XML-RPC_Pingback_API
15086 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
15087 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
15088 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
15089 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
15090
15091[+] http://www.islam-iea.com/readme.html
15092 | Found By: Direct Access (Aggressive Detection)
15093 | Confidence: 100%
15094
15095[+] Upload directory has listing enabled: http://www.islam-iea.com/wp-content/uploads/
15096 | Found By: Direct Access (Aggressive Detection)
15097 | Confidence: 100%
15098
15099[+] http://www.islam-iea.com/wp-cron.php
15100 | Found By: Direct Access (Aggressive Detection)
15101 | Confidence: 60%
15102 | References:
15103 | - https://www.iplocation.net/defend-wordpress-from-ddos
15104 | - https://github.com/wpscanteam/wpscan/issues/1299
15105
15106[+] WordPress version 5.2.5 identified (Latest, released on 2019-12-12).
15107 | Found By: Meta Generator (Passive Detection)
15108 | - http://www.islam-iea.com/, Match: 'WordPress 5.2.5'
15109 | Confirmed By: Rss Generator (Aggressive Detection)
15110 | - http://www.islam-iea.com/feed/, <generator>https://wordpress.org/?v=5.2.5</generator>
15111 | - http://www.islam-iea.com/comments/feed/, <generator>https://wordpress.org/?v=5.2.5</generator>
15112
15113[i] The main theme could not be detected.
15114
15115[+] Enumerating All Plugins (via Passive Methods)
15116
15117[i] No plugins Found.
15118
15119[+] Enumerating Config Backups (via Passive and Aggressive Methods)
15120 Checking Config Backups - Time: 00:00:04 <=============> (21 / 21) 100.00% Time: 00:00:04
15121
15122[i] No Config Backups Found.
15123
15124[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
15125[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
15126
15127[+] Finished: Fri Feb 7 06:32:07 2020
15128[+] Requests Done: 48
15129[+] Cached Requests: 6
15130[+] Data Sent: 11.004 KB
15131[+] Data Received: 879.599 KB
15132[+] Memory used: 144.133 MB
15133[+] Elapsed time: 00:00:44
15134###################################################################################################################################
15135[+] URL: http://www.islam-iea.com/
15136[+] Started: Fri Feb 7 06:31:22 2020
15137
15138Interesting Finding(s):
15139
15140[+] http://www.islam-iea.com/
15141 | Interesting Entry: Server: Apache
15142 | Found By: Headers (Passive Detection)
15143 | Confidence: 100%
15144
15145[+] http://www.islam-iea.com/robots.txt
15146 | Interesting Entries:
15147 | - /wp-admin/
15148 | - /wp-admin/admin-ajax.php
15149 | Found By: Robots Txt (Aggressive Detection)
15150 | Confidence: 100%
15151
15152[+] http://www.islam-iea.com/xmlrpc.php
15153 | Found By: Direct Access (Aggressive Detection)
15154 | Confidence: 100%
15155 | References:
15156 | - http://codex.wordpress.org/XML-RPC_Pingback_API
15157 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
15158 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
15159 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
15160 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
15161
15162[+] http://www.islam-iea.com/readme.html
15163 | Found By: Direct Access (Aggressive Detection)
15164 | Confidence: 100%
15165
15166[+] Upload directory has listing enabled: http://www.islam-iea.com/wp-content/uploads/
15167 | Found By: Direct Access (Aggressive Detection)
15168 | Confidence: 100%
15169
15170[+] http://www.islam-iea.com/wp-cron.php
15171 | Found By: Direct Access (Aggressive Detection)
15172 | Confidence: 60%
15173 | References:
15174 | - https://www.iplocation.net/defend-wordpress-from-ddos
15175 | - https://github.com/wpscanteam/wpscan/issues/1299
15176
15177[+] WordPress version 5.2.5 identified (Latest, released on 2019-12-12).
15178 | Found By: Meta Generator (Passive Detection)
15179 | - http://www.islam-iea.com/, Match: 'WordPress 5.2.5'
15180 | Confirmed By: Rss Generator (Aggressive Detection)
15181 | - http://www.islam-iea.com/feed/, <generator>https://wordpress.org/?v=5.2.5</generator>
15182 | - http://www.islam-iea.com/comments/feed/, <generator>https://wordpress.org/?v=5.2.5</generator>
15183
15184[i] The main theme could not be detected.
15185
15186[+] Enumerating Users (via Passive and Aggressive Methods)
15187 Brute Forcing Author IDs - Time: 00:00:22 <==> (10 / 10) 100.00% Time: 00:00:22
15188
15189[i] User(s) Identified:
15190
15191[+] admin
15192 | Found By: Wp Json Api (Aggressive Detection)
15193 | - http://www.islam-iea.com/wp-json/wp/v2/users/?per_page=100&page=1
15194 | Confirmed By:
15195 | Rss Generator (Aggressive Detection)
15196 | Login Error Messages (Aggressive Detection)
15197
15198[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
15199[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
15200
15201[+] Finished: Fri Feb 7 06:32:30 2020
15202[+] Requests Done: 44
15203[+] Cached Requests: 7
15204[+] Data Sent: 9.942 KB
15205[+] Data Received: 1.773 MB
15206[+] Memory used: 117.668 MB
15207[+] Elapsed time: 00:01:08
15208################################################################################################################################
15209[+] URL: http://www.islam-iea.com/
15210[+] Started: Fri Feb 7 06:37:15 2020
15211
15212Interesting Finding(s):
15213
15214[+] http://www.islam-iea.com/
15215 | Interesting Entry: Server: Apache
15216 | Found By: Headers (Passive Detection)
15217 | Confidence: 100%
15218
15219[+] http://www.islam-iea.com/robots.txt
15220 | Interesting Entries:
15221 | - /wp-admin/
15222 | - /wp-admin/admin-ajax.php
15223 | Found By: Robots Txt (Aggressive Detection)
15224 | Confidence: 100%
15225
15226[+] http://www.islam-iea.com/xmlrpc.php
15227 | Found By: Direct Access (Aggressive Detection)
15228 | Confidence: 100%
15229 | References:
15230 | - http://codex.wordpress.org/XML-RPC_Pingback_API
15231 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
15232 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
15233 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
15234 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
15235
15236[+] http://www.islam-iea.com/readme.html
15237 | Found By: Direct Access (Aggressive Detection)
15238 | Confidence: 100%
15239
15240[+] Upload directory has listing enabled: http://www.islam-iea.com/wp-content/uploads/
15241 | Found By: Direct Access (Aggressive Detection)
15242 | Confidence: 100%
15243
15244[+] http://www.islam-iea.com/wp-cron.php
15245 | Found By: Direct Access (Aggressive Detection)
15246 | Confidence: 60%
15247 | References:
15248 | - https://www.iplocation.net/defend-wordpress-from-ddos
15249 | - https://github.com/wpscanteam/wpscan/issues/1299
15250
15251[+] WordPress version 5.2.5 identified (Latest, released on 2019-12-12).
15252 | Found By: Meta Generator (Passive Detection)
15253 | - http://www.islam-iea.com/, Match: 'WordPress 5.2.5'
15254 | Confirmed By: Rss Generator (Aggressive Detection)
15255 | - http://www.islam-iea.com/feed/, <generator>https://wordpress.org/?v=5.2.5</generator>
15256 | - http://www.islam-iea.com/comments/feed/, <generator>https://wordpress.org/?v=5.2.5</generator>
15257
15258[i] The main theme could not be detected.
15259
15260[+] Enumerating Users (via Passive and Aggressive Methods)
15261 Brute Forcing Author IDs - Time: 00:00:10 <============> (10 / 10) 100.00% Time: 00:00:10
15262
15263[i] User(s) Identified:
15264
15265[+] admin
15266 | Found By: Wp Json Api (Aggressive Detection)
15267 | - http://www.islam-iea.com/wp-json/wp/v2/users/?per_page=100&page=1
15268 | Confirmed By:
15269 | Rss Generator (Aggressive Detection)
15270 | Login Error Messages (Aggressive Detection)
15271
15272[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
15273[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
15274
15275[+] Finished: Fri Feb 7 06:37:41 2020
15276[+] Requests Done: 14
15277[+] Cached Requests: 37
15278[+] Data Sent: 3.268 KB
15279[+] Data Received: 32.556 KB
15280[+] Memory used: 118.84 MB
15281[+] Elapsed time: 00:00:25
15282#######################################################################################################################################
15283[INFO] ------TARGET info------
15284[*] TARGET: http://www.islam-iea.com/
15285[*] TARGET IP: 141.105.65.111
15286[INFO] NO load balancer detected for www.islam-iea.com...
15287[*] DNS servers: ns1.afraid.org.
15288[*] TARGET server: Apache
15289[*] CC: RU
15290[*] Country: Russia
15291[*] RegionCode: MOW
15292[*] RegionName: Moscow
15293[*] City: Moscow
15294[*] ASN: AS49335
15295[*] BGP_PREFIX: 141.105.65.0/24
15296[*] ISP: NCONNECT-AS LLC "Server v arendy", RU
15297[INFO] DNS enumeration:
15298[INFO] Possible abuse mails are:
15299[*] abuse@hostkey.com
15300[*] abuse@hostkey.ru
15301[*] abuse@islam-iea.com
15302[*] abuse@www.islam-iea.com
15303[INFO] NO PAC (Proxy Auto Configuration) file FOUND
15304[ALERT] robots.txt file FOUND in http://www.islam-iea.com/robots.txt
15305[INFO] Checking for HTTP status codes recursively from http://www.islam-iea.com/robots.txt
15306[INFO] Status code Folders
15307[*] 200 http://www.islam-iea.com/wp-admin/
15308[INFO] Starting FUZZing in http://www.islam-iea.com/FUzZzZzZzZz...
15309[INFO] Status code Folders
15310[ALERT] Look in the source code. It may contain passwords
15311[INFO] Links found from http://www.islam-iea.com/ http://141.105.65.111/:
15312[*] http://141.105.65.111/cgi-sys/defaultwebpage.cgi
15313[*] http://alemara1.org/
15314[*] http://alemarahislam.com/
15315[*] http://alemarahislam.com/2015/12/16/سیرت-نظامی-رسول-الله-صلی-الله-علیه-وسل-18/
15316[*] http://alemarahislam.com/2015/12/17/1379/
15317[*] http://alemarahislam.com/2015/12/26/1385/
15318[*] http://alemarahislam.com/2015/12/26/1387/
15319[*] http://alemarahislam.com/2015/12/31/1405/
15320[*] http://alemarahislam.com/2016/01/03/1412/
15321[*] http://alemarahislam.com/2016/01/04/1414/
15322[*] http://alemarahislam.com/2016/01/05/1419/
15323[*] http://alemarahislam.com/2016/01/23/%d8%b3%db%8c%d8%b1%d8%aa-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88%d8%b3%d9%84-20/
15324[*] http://alemarahislam.com/2016/01/23/سیرت-نظامی-رسول-الله-صلی-الله-علیه-وسل-19/
15325[*] http://alemarahislam.com/2016/01/23/سیرت-نظامی-رسول-الله-صلی-الله-علیه-وسل-20/
15326[*] http://alemarahislam.com/2016/06/16/%d8%af%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b0-%d8%a8%d8%b1%d8%ae%d9%87/
15327[*] http://alemarahislam.com/2016/06/16/دروژې-طبي-ګټې-۱۰-برخه/
15328[*] http://alemarahislam.com/2016/06/17/%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
15329[*] http://alemarahislam.com/2016/06/17/روژې-طبي-ګټې-۱۱-برخه/
15330[*] http://alemarahislam.com/2016/06/18/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%d8%af%d9%88%d9%88%d9%84%d8%b3%d9%85%d9%87-%d8%a8%d8%b1%d8%ae%d9%87/
15331[*] http://alemarahislam.com/2016/06/18/د-روژې-طبي-ګټې-دوولسمه-برخه/
15332[*] http://alemarahislam.com/2016/06/19/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b3-%d8%a8%d8%b1%d8%ae%d9%87/
15333[*] http://alemarahislam.com/2016/06/19/د-روژې-طبي-ګټې-۱۳-برخه/
15334[*] http://alemarahislam.com/2016/06/21/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b4-%d8%a8%d8%b1%d8%ae%d9%87/
15335[*] http://alemarahislam.com/2016/06/21/د-روژې-طبي-ګټې-۱۴-برخه/
15336[*] http://alemarahislam.com/2016/06/22/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%d9%8a-%db%b1%db%b6-%d8%a8%d8%b1%d8%ae%d9%87/
15337[*] http://alemarahislam.com/2016/06/22/%d8%af-%d8%b1%d9%88%da%98%db%90-%d8%b7%d8%a8%d9%8a-%da%ab%d9%bc%db%90-%db%b1%db%b5-%d8%a8%d8%b1%d8%ae%d9%87/
15338[*] http://alemarahislam.com/2016/06/22/د-روژې-طبي-ګټي-۱۶-برخه/
15339[*] http://alemarahislam.com/2016/06/22/د-روژې-طبي-ګټې-۱۵-برخه/
15340[*] http://alemarahislam.com/2016/06/23/2067/
15341[*] http://alemarahislam.com/2016/08/31/%d8%af%d8%a7%d9%85%d8%a7%d9%85-%d8%aa%d8%b1%d9%85%d8%b0%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af%d8%aa%d9%87-%d9%84%d9%86%da%89%d9%87-%da%a9%d8%aa%d9%86%d9%87/
15342[*] http://alemarahislam.com/2016/08/31/دامام-ترمذي-رحمه-الله-ژوندته-لنډه-کتنه/
15343[*] http://alemarahislam.com/2016/09/18/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b1/
15344[*] http://alemarahislam.com/2016/09/18/رانجه-سرمه-په-اسلام-اوساینس-کې-۱/
15345[*] http://alemarahislam.com/2016/09/20/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
15346[*] http://alemarahislam.com/2016/09/20/رانجه-سرمه-په-اسلام-اوساینس-کې-۲-برخه/
15347[*] http://alemarahislam.com/2016/09/26/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%db%90-%db%b3-%d8%a8%d8%b1%d8%ae%d9%87/
15348[*] http://alemarahislam.com/2016/09/26/رانجه-سرمهپه-اسلام-اوساینس-کې-۳-برخه/
15349[*] http://alemarahislam.com/2016/10/02/%d8%b1%d8%a7%d9%86%d8%ac%d9%87-%d8%b3%d8%b1%d9%85%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7%d9%88-%d8%b3%d8%a7%db%8c%d9%86%d8%b3-%da%a9%d9%8a-%db%b4/
15350[*] http://alemarahislam.com/2016/10/02/رانجه-سرمه-په-اسلام-او-ساینس-کي-۴/
15351[*] http://alemarahislam.com/2016/10/15/رسول-الله-صلی-الله-علیه-وسلم-په-مدینه-کې/
15352[*] http://alemarahislam.com/2016/11/20/%d9%85%d9%84%d8%a7-%d8%b9%d9%84%d9%8a-%d9%82%d8%a7%d8%b1%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%85%d9%88%da%a9-%d8%a4/
15353[*] http://alemarahislam.com/2016/11/20/ملا-علي-قاري-رحمه-الله-څوک-ؤ/
15354[*] http://alemarahislam.com/2016/12/25/%d9%86%da%af%d8%a7%d9%87%db%8c-%d8%a8%d9%87-%d8%b2%d9%86%d8%af%da%af%d8%a7%d9%86%db%8c-%d9%85%d9%88%d9%84%d8%a7%d9%86%d8%a7-%d8%b1%d8%b4%db%8c%d8%af%d8%a7%d8%ad%d9%85%d8%af-%da%af%d9%86%da%af%d9%88/
15355[*] http://alemarahislam.com/2016/12/25/نگاهی-به-زندگانی-مولانا-رشیداحمد-گنگو/
15356[*] http://alemarahislam.com/2017/01/01/%d8%af-%d8%b1%d8%b3%d9%88%d9%84-%d8%a7%d9%84%d9%84%d9%87-%d8%b5%d9%84%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%b9%d9%84%db%8c%d9%87-%d9%88-%d8%b3%d9%84%d9%85-%d9%be%d9%87-%d8%ba%d8%b2%d8%a7%da%ab%d8%a7/
15357[*] http://alemarahislam.com/2017/01/01/د-رسول-الله-صلی-الله-علیه-و-سلم-په-غزاګا/
15358[*] http://alemarahislam.com/2017/07/08/%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%d9%8a-%d8%b9%d9%84%d8%a7%d9%85%d9%87-%d9%87%d8%b4%d8%a7%d9%85-%d8%a7%d8%a8/
15359[*] http://alemarahislam.com/2017/07/08/د-اسلامي-نړۍ-ځلانده-ستوري-علامه-هشام-اب/
15360[*] http://alemarahislam.com/2017/10/05/%d8%af%d8%b3%d8%b9%db%8c%d8%af%d8%a8%d9%86-%d9%85%d8%b3%db%8c%d8%a8-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af%d8%aa%d9%87-%d9%84%d9%86%da%89%d9%87-%da%a9%d8%aa/
15361[*] http://alemarahislam.com/2017/10/05/دسعیدبن-مسیب-رحمه-الله-ژوندته-لنډه-کت/
15362[*] http://alemarahislam.com/2017/11/09/%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%db%8c-%d8%a7%d9%85%d8%a7%d9%85-%d8%a7%d8%a8%d9%86-%d8%ad%d8%a8%d8%a7%d9%86/
15363[*] http://alemarahislam.com/2017/11/09/د-اسلامي-نړۍ-ځلانده-ستوری-امام-ابن-حبان/
15364[*] http://alemarahislam.com/2018/05/16/%d8%af%d9%85%d9%88%d8%b6%d9%88%d8%b9%d9%8a-%d8%a7%d8%ad%d8%a7%d8%af%db%8c%d8%ab%d9%88-%da%81%d9%8a%d9%86%d9%8a-%d8%b9%d9%84%d8%a7%d9%85%d8%a7%d8%aa/
15365[*] http://alemarahislam.com/2018/05/16/دموضوعي-احادیثو-ځيني-علامات/
15366[*] http://alemarahislam.com/2018/05/19/%d8%b4%d9%87%d8%b1%d8%a7%d9%84%d9%82%d8%b1%d8%a2%d9%86/
15367[*] http://alemarahislam.com/2018/05/19/شهرالقرآن/
15368[*] http://alemarahislam.com/2018/05/28/%d8%af-%d8%b9%d9%84%d9%85-%d9%81%d9%82%d9%87%db%90-%d9%be%d9%87-%d8%aa%d8%a7%d8%b1%db%8c%d8%ae-%da%a9%db%90-%d8%af-%d9%87%d8%af%d8%a7%db%8c%d9%87-%d8%a7%d9%88-%d8%b5%d8%a7%d8%ad%d8%a8-%d8%a7%d9%84/
15369[*] http://alemarahislam.com/2018/05/28/د-علم-فقهې-په-تاریخ-کې-د-هدایه-او-صاحب-ال/
15370[*] http://alemarahislam.com/2018/12/14/%d9%87%d8%ba%d9%87-%d8%aa%d9%86-%da%86%db%90-%d9%84%d9%87-%d8%b2%d8%b1%d9%88%d8%aa%d9%86%d9%88%d8%a8%d9%87%d8%aa%d8%b1%d8%af%d9%87/
15371[*] http://alemarahislam.com/2018/12/14/هغه-تن-چې-له-زروتنوبهترده/
15372[*] http://alemarahislam.com/2018/12/28/%d8%af%d8%a7%d9%85%d8%a7%d9%85-%d9%85%d8%a7%d9%84%da%a9-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%98%d9%88%d9%86%d8%af-%d8%aa%d9%87-%da%81%d8%ba%d9%84%d9%86%d8%af%d9%87-%da%a9%d8%aa%d9%86/
15373[*] http://alemarahislam.com/2018/12/28/دامام-مالک-رحمه-الله-ژوند-ته-ځغلنده-کتن/
15374[*] http://alemarahislam.com/2019/01/23/%d8%a7%d9%85%d8%a7%d9%85-%d8%b9%d9%84%d9%82%d9%85%d9%87-%d8%a8%d9%86-%d9%82%db%8c%d8%b3-%d9%88%d9%81%d8%a7%d8%aa-%db%b6%db%b2%d9%87%d9%80/
15375[*] http://alemarahislam.com/2019/01/23/امام-علقمه-بن-قیس-وفات-۶۲هـ/
15376[*] http://alemarahislam.com/2019/03/18/%d8%af%d8%b3%d9%81%db%8c%d8%a7%d9%86-%d8%a7%d9%84%d8%ab%d9%88%d8%b1%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%db%8c%d9%88%d9%87-%d9%be%d9%87-%d8%b2%da%93/
15377[*] http://alemarahislam.com/2019/03/18/دسفیان-الثوري-رحمه-الله-تعالی-یوه-په-زړ/
15378[*] http://alemarahislam.com/2019/04/12/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d9%be%d9%87-%d9%87%da%a9%d9%84%d9%87-%d8%af%d9%85%d9%88%d8%b1-%d8%a7%d9%88%d9%be%d9%84%d8%a7%d8%b1%da%81%db%8c%d9%86%d9%8a-%d9%87%db%8c%d8%b1/
15379[*] http://alemarahislam.com/2019/04/12/دماشومانو-په-هکله-دمور-اوپلارځیني-هیر/
15380[*] http://alemarahislam.com/2019/04/17/%d8%af%da%a9%d8%aa%d8%a7%d8%a8%d9%88%d9%86%d9%88-%d8%b3%d8%b1%d9%87-%d8%af%d9%85%d9%88%d9%85%d9%86%d8%a7%d9%86%d9%88-%d9%85%db%8c%d9%86%d9%87-%d8%a7%d9%88%d8%af%da%a9%d8%a7%d9%81%d8%b1%d8%a7%d9%86/
15381[*] http://alemarahislam.com/2019/04/17/دکتابونو-سره-دمومنانو-مینه-اودکافران/
15382[*] http://alemarahislam.com/2019/04/21/%da%9a%da%81%d9%87-%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%da%a9%db%90/
15383[*] http://alemarahislam.com/2019/04/21/ښځه-په-اسلام-کې/
15384[*] http://alemarahislam.com/2019/04/22/%d9%be%d9%87-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%da%a9%db%90-%d8%af%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%88-%d8%ad%db%8c%d8%ab%db%8c%d8%aa/
15385[*] http://alemarahislam.com/2019/04/22/په-اسلام-کې-دمیرمنو-حیثیت/
15386[*] http://alemarahislam.com/2019/05/01/%d8%af%d8%a7%d8%b3%d9%84%d8%a7%d9%85%d9%8a-%d9%86%da%93%db%8d-%da%81%d9%84%d8%a7%d9%86%d8%af%d9%87-%d8%b3%d8%aa%d9%88%d8%b1%db%8c-%d8%b4%d9%8a%d8%ae-%d8%a7%d9%84%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d8%a7/
15387[*] http://alemarahislam.com/2019/05/01/داسلامي-نړۍ-ځلانده-ستوری-شيخ-الاسلام-ا/
15388[*] http://alemarahislam.com/2019/05/05/%d8%af%d8%b1%d8%a4%db%8c%d8%a9-%d8%a7%d9%84%d9%87%d9%84%d8%a7%d9%84-%d9%be%d9%87-%d9%85%d8%b3%d8%a6%d9%84%d9%87-%db%8c%d9%88%d8%b9%d9%84%d9%85%d9%8a-%d8%aa%d8%ad%d9%82%db%8c%d9%82/
15389[*] http://alemarahislam.com/2019/05/05/%d8%af%da%9a%da%81%d9%88%d8%af%d9%84%d9%85%d8%a7%d9%86%da%81%d9%87-%d8%b7%d8%b1%db%8c%d9%82%d9%87/
15390[*] http://alemarahislam.com/2019/05/05/درؤیة-الهلال-په-مسئله-یوعلمي-تحقیق/
15391[*] http://alemarahislam.com/2019/05/05/دښځودلمانځه-طریقه/
15392[*] http://alemarahislam.com/2019/05/16/%d8%af%d9%81%d9%82%d9%87-%d8%ad%d9%86%d9%81%d9%8a-%d8%af-%d8%b3%d8%aa%d8%b1-%d8%a7%d9%88-%d9%85%d8%ad%d9%82%d9%82-%d8%b9%d8%a7%d9%84%d9%85-%d8%a7%d8%a8%d9%86-%da%a9%d9%85%d8%a7%d9%84-%d8%a8/
15393[*] http://alemarahislam.com/2019/05/16/دفقه-حنفي-د-ستر-او-محقق-عالم-ابن-کمال-ب/
15394[*] http://alemarahislam.com/2019/05/29/%d8%af%d9%82%d8%af%d8%b1%d8%b4%d9%be%d9%87-%da%a9%d9%84%d9%87-%d9%88%d9%8a-%d8%9f/
15395[*] http://alemarahislam.com/2019/05/29/دقدرشپه-کله-وي-؟/
15396[*] http://alemarahislam.com/2019/05/30/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
15397[*] http://alemarahislam.com/2019/05/30/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d8%b3%d8%a7%d8%a6%d9%84-%db%b2/
15398[*] http://alemarahislam.com/2019/05/30/دصدقة-الفطر-مسائل/
15399[*] http://alemarahislam.com/2019/05/30/دصدقة-الفطر-مسائل-۲/
15400[*] http://alemarahislam.com/2019/06/01/%d8%af%d8%b5%d8%af%d9%82%d8%a9-%d8%a7%d9%84%d9%81%d8%b7%d8%b1-%d9%85%d9%82%d8%af%d8%a7%d8%b1-%d8%a7%d9%88%da%85%d8%b1%d9%86%da%ab%d9%88%d8%a7%d9%84%db%8c/
15401[*] http://alemarahislam.com/2019/06/01/%d8%b4%d9%85%d8%aa%d9%86-%d8%ae%d9%84%da%ab-%d8%a8%d8%a7%d9%8a%d8%af-%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%af%d9%84%d9%88%da%93%d8%b4%d9%8a-%d9%82%d9%8a%d9%85%d8%aa-%d9%88/
15402[*] http://alemarahislam.com/2019/06/01/%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%a8%d9%87%d8%aa%d8%b1-%d8%af%d8%a7%d8%ac%d9%86%d8%a7%d8%b3%d9%88%d9%82%d9%8a%d9%85%d8%aa-%d8%af%d9%87/
15403[*] http://alemarahislam.com/2019/06/01/%d9%be%d9%87-%d8%b3%d8%b1%d8%b3%d8%a7%d9%8a%d9%87-%da%a9%db%90-%d8%af%da%9a%d8%a7%d8%b1%d8%b9%d8%a7%d9%85-%d9%86%d8%b1%d8%ae-%d8%a7%d8%b9%d8%aa%d8%a8%d8%a7%d8%b1%d9%84%d8%b1%d9%8a/
15404[*] http://alemarahislam.com/2019/06/01/په-سرسايه-کې-بهتر-داجناسوقيمت-ده/
15405[*] http://alemarahislam.com/2019/06/01/په-سرسايه-کې-دښارعام-نرخ-اعتبارلري/
15406[*] http://alemarahislam.com/2019/06/01/دصدقة-الفطر-مقدار-اوڅرنګوالی/
15407[*] http://alemarahislam.com/2019/06/01/شمتن-خلګ-بايد-په-سرسايه-کې-دلوړشي-قيمت-و/
15408[*] http://alemarahislam.com/2019/07/09/%da%85%d9%88-%d8%ba%d9%88%d8%b1%d9%87-%d8%a7%d9%88%d8%b9%d8%ac%db%8c%d8%a8%d9%87/
15409[*] http://alemarahislam.com/2019/07/09/څو-غوره-اوعجیبه/
15410[*] http://alemarahislam.com/2019/07/15/%d8%aa%d8%a7%d8%b3%d9%88-%d8%af%d8%a7-%d8%b3%d8%aa%d8%b1%d9%87-%d9%87%d8%b3%d8%aa%db%90-%d9%be%d9%8a%da%98%d9%86%d8%a6-%d8%9f/
15411[*] http://alemarahislam.com/2019/07/15/%d9%be%d9%87-%d9%85%d8%b9%d8%a7%d8%b5%d8%b1-%d9%85%d8%b9%d8%a7%d9%85%d9%84%d8%a7%d8%aa%d9%88%da%a9%db%90-%d9%85%d9%87%d9%85%db%90-%d8%a7%d8%af%d8%a7%d8%b1%db%90/
15412[*] http://alemarahislam.com/2019/07/15/په-معاصر-معاملاتوکې-مهمې-ادارې/
15413[*] http://alemarahislam.com/2019/07/15/تاسو-دا-ستره-هستې-پيژنئ-؟/
15414[*] http://alemarahislam.com/2019/07/31/%d8%af-%d8%b0%d9%88%d8%a7%d9%84%d8%ad%d8%ac%d8%a9-%d8%af%d9%84%d9%85%da%93%db%8d-%d9%84%d8%b3%db%8c%d8%b2%d9%8a-%d9%81%d8%b6%d8%a7%d8%a6%d9%84/
15415[*] http://alemarahislam.com/2019/07/31/د-ذوالحجة-دلمړۍ-لسیزي-فضائل/
15416[*] http://alemarahislam.com/2019/08/04/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8d-%d9%84%d9%be%d8%a7%d8%b1%d9%87-%d8%af-%d8%b1%d8%a7%d9%86%db%8c%d9%88%d9%84-%d8%b4%d9%88%d9%8a-%d8%ad%db%8c%d9%88%d8%a7%d9%86-%d8%ae%d8%b1%da%85%d9%88%d9%84/
15417[*] http://alemarahislam.com/2019/08/04/دقربانۍ-لپاره-د-رانیول-شوي-حیوان-خرڅول/
15418[*] http://alemarahislam.com/2019/08/05/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%85%d8%ae%d8%aa%d8%b5%d8%b1-%d8%aa%d8%a7%d8%b1%d9%8a%d8%ae/
15419[*] http://alemarahislam.com/2019/08/05/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8c-%d9%81%d8%b6%db%8c%d9%84%d8%aa-%d8%a3%d9%88-%d9%81%d9%88%d8%a7%d8%a6%d8%af/
15420[*] http://alemarahislam.com/2019/08/05/دقرباني-مختصر-تاريخ/
15421[*] http://alemarahislam.com/2019/08/05/دقربانی-فضیلت-أو-فوائد/
15422[*] http://alemarahislam.com/2019/08/06/%d8%af%d8%a7%d8%b6%d8%ad%db%8c%d8%a9-%da%a9%d9%88%d9%86%da%a9%d9%8a-%d9%84%d9%be%d8%a7%d8%b1%d9%87-%d9%85%d8%b3%d8%aa%d8%ad%d8%a8-%d8%a7%d8%b9%d9%85%d8%a7%d9%84/
15423[*] http://alemarahislam.com/2019/08/06/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%db%8d-%da%85%d8%a7%d8%b1%d9%88%db%8c-%d8%a8%d8%a7%db%8c%d8%af-%da%85%d9%88%d9%85%d8%b1%d9%87-%d8%b9%d9%85%d8%b1-%d9%88%d9%84%d8%b1%d9%8a-%d8%9f/
15424[*] http://alemarahislam.com/2019/08/06/%d9%87%d8%ba%d9%87-%d8%b9%db%8c%d8%a8%d9%88%d9%86%d9%87-%da%86%db%90-%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%85%d8%a7%d9%86%d8%b9-%d8%af%d9%8a/
15425[*] http://alemarahislam.com/2019/08/06/داضحیة-کونکي-لپاره-مستحب-اعمال/
15426[*] http://alemarahislam.com/2019/08/06/دقربانۍ-څاروی-باید-څومره-عمر-ولري-؟/
15427[*] http://alemarahislam.com/2019/08/06/هغه-عیبونه-چې-دقرباني-مانع-دي/
15428[*] http://alemarahislam.com/2019/08/07/%d8%af%d8%a8%d9%84-%da%86%d8%a7-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d8%ad%d9%84%d8%a7%d9%84%d9%88%d9%84%d9%88-%d8%a7%d9%88-%d9%be%d9%87-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%da%a9%db%90-%d8%af%d9%88/
15429[*] http://alemarahislam.com/2019/08/07/دبل-چا-قرباني-حلالولو-او-په-قرباني-کې-دو/
15430[*] http://alemarahislam.com/2019/08/08/%d9%be%d9%87-%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%da%a9%db%90-%d9%87%d8%ba%d9%87-%db%b8-%d8%a7%d9%85%d9%88%d8%b1-%da%86%db%90-%d8%af%d9%bc%d9%88%d9%84-%d8%a7%d9%85%d8%aa-%d9%85%d8%b3%d9%84%d9%85/
15431[*] http://alemarahislam.com/2019/08/08/په-قرباني-کې-هغه-۸-امور-چې-دټول-امت-مسلم/
15432[*] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%d9%88%d8%b1%da%81-%d8%a7%d9%88%d8%b2%d9%85%d9%88%da%96-%d8%b3%d9%84%d9%81/
15433[*] http://alemarahislam.com/2019/08/09/%d8%af%d8%b9%d8%b1%d9%81%d9%8a-%db%8c%d9%88%d9%87-%da%81%d8%a7%d9%86%da%ab%da%93%d9%8a-%d9%88%d8%b1%da%81/
15434[*] http://alemarahislam.com/2019/08/09/دعرفي-ورځ-اوزموږ-سلف/
15435[*] http://alemarahislam.com/2019/08/09/دعرفي-یوه-ځانګړي-ورځ/
15436[*] http://alemarahislam.com/2019/08/09/کوم-څوک-چې-حج-ته-تللی-وي-قرباني-ورباندي/
15437[*] http://alemarahislam.com/2019/08/10/%d8%af%d9%82%d8%b1%d8%a8%d8%a7%d9%86%d9%8a-%d9%be%d9%87-%d9%85%d9%87%d8%a7%d9%84-%d9%85%da%a9%d8%b1%d9%88%d9%87-%d8%a7%d8%b9%d9%85%d8%a7%d9%84/
15438[*] http://alemarahislam.com/2019/08/10/دقرباني-په-مهال-مکروه-اعمال/
15439[*] http://alemarahislam.com/2019/08/11/%d8%af-%d8%b0%d8%a8%d8%ad%d8%ad%d9%84%d8%a7%d9%84%d9%88%d9%84%d9%88-%d8%a7%da%93%d9%88%d9%86%d8%af-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
15440[*] http://alemarahislam.com/2019/08/11/د-ذبححلالولو-اړوند-مسائل/
15441[*] http://alemarahislam.com/2019/09/19/%d8%af%d8%a7%d8%a8%d9%86-%d8%b9%d9%88%d9%81-%d8%b1%d8%b6%db%8c-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%b9%d9%86%d9%87-%d8%af%da%98%d9%88%d9%86%d8%af%da%85%d9%88%d8%b9%d8%ac%db%8c/
15442[*] http://alemarahislam.com/2019/09/19/دابن-عوف-رضی-الله-تعالی-عنه-دژوندڅوعجی/
15443[*] http://alemarahislam.com/2019/09/27/%d8%ad%d8%b6%d8%b1%d8%aa-%d8%ad%d8%b0%db%8c%d9%81%d8%a9-%d8%a7%d9%88%d8%b9%d8%a8%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%b1%d8%b6-%da%86%db%90-%d9%84%d8%a7%d8%a7%d9%88%d8%b3-%d9%87%d9%85-%d8%b1%d9%88/
15444[*] http://alemarahislam.com/2019/09/27/حضرت-حذیفة-اوعبدالله-رض-چې-لااوس-هم-رو/
15445[*] http://alemarahislam.com/2019/09/30/%d8%af%d8%a7%d8%ad%d8%af%d9%84%d9%85%da%93%db%8c-%d8%b4%d9%87%db%8c%d8%af/
15446[*] http://alemarahislam.com/2019/09/30/داحدلمړی-شهید/
15447[*] http://alemarahislam.com/2019/10/04/%d8%af%d8%b5%d9%81%d8%b1%d9%8a-%d9%85%db%8c%d8%a7%d8%b4%d8%aa-%d8%a7%d9%88-%d8%b4%d8%b1%d8%b9%d9%8a-%d9%85%d8%b3%d8%a7%db%8c%d9%84-%db%8c%db%90/
15448[*] http://alemarahislam.com/2019/10/04/دصفري-میاشت-او-شرعي-مسایل-یې/
15449[*] http://alemarahislam.com/2019/10/08/%d8%ae%d9%88%db%8c%d9%86%d8%af%d9%8a-%d8%af%d9%8a-%d9%88%d9%be%d9%88%d9%87%db%8c%da%96%d9%8a-%da%86%d9%8a-%da%85%d9%88%da%a9-%db%8c%d9%88-%d8%a7%d9%88-%d8%af%da%85%d9%87-%d9%84%d9%be%d8%a7%d8%b1/
15450[*] http://alemarahislam.com/2019/10/08/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%af%d9%88%d9%87%d9%85%d9%87-%d8%a8%d8%b1/
15451[*] http://alemarahislam.com/2019/10/08/خویندي-دي-وپوهیږي-چي-څوک-یو-او-دڅه-لپار/
15452[*] http://alemarahislam.com/2019/10/08/نفوذي-بريدونه-د-اسلام-له-نظره-دوهمه-بر/
15453[*] http://alemarahislam.com/2019/10/20/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%af%d8%b1%db%90%d9%8a%d9%85%d9%87-%d8%a8%d8%b1/
15454[*] http://alemarahislam.com/2019/10/20/نفوذي-بريدونه-د-اسلام-له-نظره-درېيمه-بر/
15455[*] http://alemarahislam.com/2019/11/08/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%da%85%d9%84%d9%88%d8%b1%d9%85%d9%87-%d8%a8%d8%b1/
15456[*] http://alemarahislam.com/2019/11/08/نفوذي-بريدونه-د-اسلام-له-نظره-څلورمه-بر/
15457[*] http://alemarahislam.com/2019/11/10/%d8%af%d9%82%d9%84%d9%85-%d9%be%d9%87-%d8%a7%da%93%d9%87-%d9%84%d8%a7%d8%b1%da%9a%d9%88%d9%88%d9%86%d9%8a-%d8%a7%d9%88%d8%a7%d8%af%d8%a7%d8%a8/
15458[*] http://alemarahislam.com/2019/11/10/دقلم-په-اړه-لارښووني-اواداب/
15459[*] http://alemarahislam.com/2019/11/12/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d9%be%d9%86%da%81%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
15460[*] http://alemarahislam.com/2019/11/12/نفوذي-بريدونه-د-اسلام-له-نظره-پنځمه-برخ/
15461[*] http://alemarahislam.com/2019/11/23/%d8%af%d8%aa%d8%b9%d9%88%d8%b0-%d8%a7%d8%ad%da%a9%d8%a7%d9%85/
15462[*] http://alemarahislam.com/2019/11/23/دتعوذ-احکام/
15463[*] http://alemarahislam.com/2019/12/01/%d8%af-%d8%a7%d9%86%d8%b3%d8%a7%d9%86-%d9%be%d9%87-%da%98%d9%88%d9%86%d8%af-%da%a9%d9%8a-%d8%af-%d9%88%d8%ae%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
15464[*] http://alemarahislam.com/2019/12/01/د-انسان-په-ژوند-کي-د-وخت-اهميت/
15465[*] http://alemarahislam.com/2019/12/06/%d9%86%d9%81%d9%88%d8%b0%d9%8a-%d8%a8%d8%b1%d9%8a%d8%af%d9%88%d9%86%d9%87-%d8%af-%d8%a7%d8%b3%d9%84%d8%a7%d9%85-%d9%84%d9%87-%d9%86%d8%b8%d8%b1%d9%87-%d8%b4%d9%be%da%96%d9%85%d9%87-%d8%a8%d8%b1%d8%ae/
15466[*] http://alemarahislam.com/2019/12/06/نفوذي-بريدونه-د-اسلام-له-نظره-شپږمه-برخ/
15467[*] http://alemarahislam.com/2019/12/07/%d8%af%d8%b4%d8%a7%d9%85-%d9%88%d8%a7%d9%84%d9%8a%d8%a7-%d8%a8%d9%86-%d8%ac%d8%b1%d8%a7%d8%ac-%d8%b1%d8%b6%d9%8a-%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%d9%8a-%d8%b9%d9%86%d9%87/
15468[*] http://alemarahislam.com/2019/12/07/دشام-واليا-بن-جراج-رضي-الله-تعالي-عنه/
15469[*] http://alemarahislam.com/2019/12/08/%d8%af%d9%85%d8%a7%d8%b4%d9%88%d9%85%d8%a7%d9%86%d9%88-%d8%af%d9%86%d9%88%d9%85%d9%88%d9%86%d9%88-%da%9a%d9%88%d8%af%d9%84%d9%88-%d9%81%d9%82%d9%87%d9%8a-%d9%85%d8%b3%d8%a7%d8%a6%d9%84/
15470[*] http://alemarahislam.com/2019/12/08/دماشومانو-دنومونو-ښودلو-فقهي-مسائل/
15471[*] http://alemarahislam.com/2019/12/13/%d8%a7%d9%88%d9%8a%d8%b3-%d9%82%d8%b1%d9%86%d9%8a-%d8%b1%d8%ad%d9%85%d9%87-%d8%a7%d9%84%d9%84%d9%87-%da%86%db%90-%d8%af-%d9%85%d9%88%d8%b1-%d8%ae%d8%af%d9%85%d8%aa-%da%a9%d9%88%d9%84%d9%88-%d9%88/
15472[*] http://alemarahislam.com/2019/12/13/اويس-قرني-رحمه-الله-چې-د-مور-خدمت-کولو-و/
15473[*] http://alemarahislam.com/2019/12/20/%d8%ac%d9%87%d8%a7%d8%af-%d8%a8%d9%87-%d8%b1%da%9a%d8%aa%d9%88%d9%86%d9%8a-%d9%85%d8%a4%d9%85%d9%86%d8%a7%d9%86-%da%a9%d9%88%d9%8a/
15474[*] http://alemarahislam.com/2019/12/20/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b1-%d8%a8%d8%b1%d8%ae%d9%87/
15475[*] http://alemarahislam.com/2019/12/20/جهاد-به-رښتوني-مؤمنان-کوي/
15476[*] http://alemarahislam.com/2019/12/20/د-تسميې-احکام-۱-برخه/
15477[*] http://alemarahislam.com/2019/12/21/%d8%a7%d8%b2%d9%85%d9%88%d9%8a%d9%86%db%90-%d8%a7%d9%88-%d9%be%d8%a7%d9%8a%d9%84%db%90/
15478[*] http://alemarahislam.com/2019/12/21/ازموينې-او-پايلې/
15479[*] http://alemarahislam.com/2019/12/25/%da%a9%d9%84%d9%87-%da%86%db%90-%d9%84%d9%85%d8%b1-%d8%aa%d9%86%d8%af%d8%b1-%d9%88%d9%86%db%8c%d8%b3%d9%8a/
15480[*] http://alemarahislam.com/2019/12/25/کله-چې-لمر-تندر-ونیسي/
15481[*] http://alemarahislam.com/2019/12/28/%d8%af-%d8%aa%d8%b3%d9%85%d9%8a%db%90-%d8%a7%d8%ad%da%a9%d8%a7%d9%85-%db%b2-%d8%a8%d8%b1%d8%ae%d9%87/
15482[*] http://alemarahislam.com/2019/12/28/%da%a9%d9%87-%db%8c%d9%88%da%85%d9%88%da%a9-%d9%84%d9%87-%db%8c%d8%b1%d8%ba%d9%84%da%ab%d8%b1%d9%88-%da%85%d8%ae%d9%87-%db%8c%d9%88%d8%b4%db%8c-%d9%88%d8%aa%da%9a%d8%aa%d9%88%d9%8a/
15483[*] http://alemarahislam.com/2019/12/28/د-تسميې-احکام-۲-برخه/
15484[*] http://alemarahislam.com/2019/12/28/که-یوڅوک-له-یرغلګرو-څخه-یوشی-وتښتوي/
15485[*] http://alemarahislam.com/2019/12/29/%d8%af%d8%a8%d8%b1%d9%82%d9%8a-%d8%a2%d9%84%d8%a7%d8%aa%d9%88/
15486[*] http://alemarahislam.com/2019/12/29/دبرقي-آلاتو/
15487[*] http://alemarahislam.com/2020/01/03/%d8%a2%db%8c%d8%a7-%d8%af%da%9a%da%81%d9%88-%d9%be%da%9a%db%90-%d8%a7%d9%88%d9%84%d8%a7%d8%b3%d9%88%d9%86%d9%87-%d9%be%d9%87-%d8%b3%d8%aa%d8%b1%da%a9%db%90-%d8%af%d8%a7%d8%ae%d9%84-%d8%af%d9%8a%d8%9f/
15488[*] http://alemarahislam.com/2020/01/03/%d8%a7%db%8c%d8%a7-%d8%af%d8%ad%da%a9%d9%88%d9%85%d8%aa-%d8%af%da%a9%d9%88%d9%85-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d9%be%d9%87-%db%8c%d9%88%d9%87-%d8%b4%d8%b9%d8%a8%d9%87-%da%a9%db%90-%da%a9%d8%a7/
15489[*] http://alemarahislam.com/2020/01/03/%d8%af-housngscheme-%d9%be%d9%87-%d8%b0%d8%b1%db%8c%d8%b9%d9%87-%da%a9%d9%88%d8%b1%d9%88%d9%86%d9%87-%d8%a7%d8%ae%d8%b3%d8%aa%d9%84%d8%9f/
15490[*] http://alemarahislam.com/2020/01/03/آیا-دښځو-پښې-اولاسونه-په-سترکې-داخل-دي؟/
15491[*] http://alemarahislam.com/2020/01/03/ایا-دحکومت-دکوم-وزارت-په-یوه-شعبه-کې-کا/
15492[*] http://alemarahislam.com/2020/01/03/د-housngscheme-په-ذریعه-کورونه-اخستل؟/
15493[*] http://alemarahislam.com/2020/01/10/%d8%a2%db%8c%d8%a7-%d8%b9%d9%82%db%8c%d9%82%d8%a9-%d9%84%d9%87-%d8%a7%d9%88%d9%85%db%90-%d9%88%d8%b1%da%81%db%90-%d9%88%da%93%d8%a7%d9%86%d8%af%d9%8a-%da%a9%db%8c%d8%af%d9%84%d8%a7%db%8c-%d8%b4%d9%8a/
15494[*] http://alemarahislam.com/2020/01/10/%d8%af%d8%a7%d8%b0%d8%a7%d9%86-%d9%be%d9%87-%d8%a7%da%93%d9%87-%db%8c%d9%88%d9%87-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87/
15495[*] http://alemarahislam.com/2020/01/10/%d9%be%d9%87-%d8%af%d9%88%da%a9%d8%a7%d9%86-%da%a9%db%90-%d8%af-dummy-%db%8c%d8%a7-%d9%85%d8%ac%d8%b3%d9%85%db%90-%d8%a7%d8%b3%d8%aa%d8%b9%d9%85%d8%a7%d9%84/
15496[*] http://alemarahislam.com/2020/01/10/آیا-عقیقة-له-اومې-ورځې-وړاندي-کیدلای-شي/
15497[*] http://alemarahislam.com/2020/01/10/په-دوکان-کې-د-dummy-یا-مجسمې-استعمال/
15498[*] http://alemarahislam.com/2020/01/10/داذان-په-اړه-یوه-پوښتنه/
15499[*] http://alemarahislam.com/2020/01/14/%d8%af-%d8%b5%d8%ad%d9%8a%d8%ad-%d9%86%d9%8a%d8%aa-%d8%a7%d9%87%d9%85%d9%8a%d8%aa/
15500[*] http://alemarahislam.com/2020/01/14/%d9%be%d9%87-%db%8c%d9%88%d9%87-%d9%84%d8%a7%d8%b3-%d9%be%d9%88%da%9a%d8%aa%d9%86%d9%87-%da%a9%d9%88%d9%84/
15501[*] http://alemarahislam.com/2020/01/14/په-یوه-لاس-پوښتنه-کول/
15502[*] http://alemarahislam.com/2020/01/14/د-صحيح-نيت-اهميت/
15503[*] http://alemarahislam.com/2020/01/16/%d8%af%d8%a7%d9%84%d9%84%d9%87-%d8%aa%d8%b9%d8%a7%d9%84%db%8c-%d8%af%d9%84%d8%a7%d8%b1%d9%8a-%d8%b1%da%9a%d8%aa%d9%88%d9%86%db%8c-%d9%85%d8%ac%d8%a7%d9%87%d8%af/
15504[*] http://alemarahislam.com/2020/01/16/دالله-تعالی-دلاري-رښتونی-مجاهد/
15505[*] http://alemarahislam.com/2020/01/28/%d8%af%d8%b3%d8%a7%d9%85%d8%a7%d9%86-%d8%a2%d9%84%d8%a7%d8%aa%d9%88-%d9%be%d9%87-%d8%a7%d8%ae%db%8c%d8%b3%d8%aa%d9%84%d9%88-%d8%a8%d8%a7%d9%86%d8%af%d9%8a-%d8%af-%d8%aa%d8%ad%d9%81%db%90-%d9%88%d8%b1/
15506[*] http://alemarahislam.com/2020/01/28/دسامان-آلاتو-په-اخیستلو-باندي-د-تحفې-ور/
15507[*] http://alemarahislam.com/2020/01/28/دسامان-آلاتو-په-اخیستلو-باندي-د-تحفې-ور/#respond
15508[*] http://alemarahislam.com/2020/02/01/%d9%85%d8%ac%d8%a7%d9%87%d8%af-%d8%aa%d8%b1-%d9%bc%d9%88%d9%84%d9%88%d8%ba%d9%88%d8%b1%d9%87-%d9%85%d8%ae%d9%84%d9%88%d9%82/
15509[*] http://alemarahislam.com/2020/02/01/مجاهد-تر-ټولوغوره-مخلوق/
15510[*] http://alemarahislam.com/2020/02/01/مجاهد-تر-ټولوغوره-مخلوق/#respond
15511[*] http://alemarahislam.com/2020/02/02/%d9%be%d9%87-%da%a9%d9%88%d8%b1%da%a9%db%90-%d9%84%d9%87-%d9%85%db%8c%d8%b1%d9%85%d9%86%d9%8a-%d8%b3%d8%b1%d9%87-%d9%84%d9%85%d9%88%d9%86%da%81-%d9%be%d9%87-%d8%ac%d9%85%d8%a7%d8%b9%d8%aa-%da%a9%d9%88/
15512[*] http://alemarahislam.com/2020/02/02/په-کورکې-له-میرمني-سره-لمونځ-په-جماعت-کو/
15513[*] http://alemarahislam.com/2020/02/04/%d8%af%d9%86%da%93%db%8d-%d8%b3%d8%aa%d8%b1-%d8%b8%d8%a7%d9%84%d9%85%d8%a7%d9%86-%da%86%db%90-%d8%b3%d8%ae%d8%aa-%d8%b0%d9%84%db%8c%d9%84-%d8%b4%d9%88%d9%84/
15514[*] http://alemarahislam.com/2020/02/04/دنړۍ-ستر-ظالمان-چې-سخت-ذلیل-شول/
15515[*] http://alemarahislam.com/2020/02/04/دنړۍ-ستر-ظالمان-چې-سخت-ذلیل-شول/#respond
15516[*] http://alemarahislam.com/2020/02/07/%d8%af-%d8%aa%d9%86%d9%88%db%8c%d9%85-%db%8c%d8%a7-hypnosis-%d9%be%d9%87-%d9%85%d9%bc-%d8%b9%d9%84%d8%a7%d8%ac/
15517[*] http://alemarahislam.com/2020/02/07/د-تنویم-یا-hypnosis-په-مټ-علاج/
15518[*] http://alemarahislam.com/2020/02/07/د-تنویم-یا-hypnosis-په-مټ-علاج/#respond
15519[*] http://alemarahislam.com/category/اسلام-او-ساینس/
15520[*] http://alemarahislam.com/category/اعتکاف/
15521[*] http://alemarahislam.com/category/بېلا-بېلي-لیکني/
15522[*] http://alemarahislam.com/category/پوښتنه-مو-راولیږئ/
15523[*] http://alemarahislam.com/category/تراويح/
15524[*] http://alemarahislam.com/category/تسحر-پېشلمی/
15525[*] http://alemarahislam.com/category/جـــــهاد/
15526[*] http://alemarahislam.com/category/حج/
15527[*] http://alemarahislam.com/category/ځانګړي-ليکني/
15528[*] http://alemarahislam.com/category/دار-الافتاء/
15529[*] http://alemarahislam.com/category/درس-الحديث/
15530[*] http://alemarahislam.com/category/درس-القرآن/
15531[*] http://alemarahislam.com/category/د-صحابه-ؤ-سیرت/
15532[*] http://alemarahislam.com/category/دماشومانو-اسلام/
15533[*] http://alemarahislam.com/category/دمېرمنو-اسلام/
15534[*] http://alemarahislam.com/category/روژه/
15535[*] http://alemarahislam.com/category/روژه/افطار-روژه-مات/
15536[*] http://alemarahislam.com/category/زکات/
15537[*] http://alemarahislam.com/category/صدقة-الفطر/
15538[*] http://alemarahislam.com/category/عصري-مسائل/
15539[*] http://alemarahislam.com/category/علمي-شخصیات/
15540[*] http://alemarahislam.com/category/قرباني-اضحیة/
15541[*] http://alemarahislam.com/category/لمونځ/
15542[*] http://alemarahislam.com/category/لیلة-القدر/
15543[*] http://alemarahislam.com/category/نبوي-سیرت/
15544[*] http://alemarahislam.com/comments/feed/
15545[*] http://alemarahislam.com/feed/
15546[*] http://alemarahislam.com/wp-login.php
15547[*] http://islam-iea.com/
15548[*] https://wordpress.org/
15549[*] http://www.islam-iea.com/
15550[*] http://www.shahamat-arabic.com/
15551[*] http://www.shahamat-farsi.com/
15552[*] http://www.shahamat-urdu.com/
15553cut: intervalle de champ incorrecte
15554Saisissez « cut --help » pour plus d'informations.
15555[INFO] Shodan detected the following opened ports on 141.105.65.111:
15556[*] 1
15557[*] 110
15558[*] 143
15559[*] 2082
15560[*] 2083
15561[*] 2086
15562[*] 2087
15563[*] 21
15564[*] 4
15565[*] 443
15566[*] 465
15567[*] 53
15568[*] 587
15569[*] 80
15570[*] 993
15571[*] 995
15572[INFO] ------VirusTotal SECTION------
15573[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
15574[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
15575[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
15576[INFO] ------Alexa Rank SECTION------
15577[INFO] Percent of Visitors Rank in Country:
15578[INFO] Percent of Search Traffic:
15579[INFO] Percent of Unique Visits:
15580[INFO] Total Sites Linking In:
15581[*] Total Sites
15582[INFO] Useful links related to www.islam-iea.com - 141.105.65.111:
15583[*] https://www.virustotal.com/pt/ip-address/141.105.65.111/information/
15584[*] https://www.hybrid-analysis.com/search?host=141.105.65.111
15585[*] https://www.shodan.io/host/141.105.65.111
15586[*] https://www.senderbase.org/lookup/?search_string=141.105.65.111
15587[*] https://www.alienvault.com/open-threat-exchange/ip/141.105.65.111
15588[*] http://pastebin.com/search?q=141.105.65.111
15589[*] http://urlquery.net/search.php?q=141.105.65.111
15590[*] http://www.alexa.com/siteinfo/www.islam-iea.com
15591[*] http://www.google.com/safebrowsing/diagnostic?site=www.islam-iea.com
15592[*] https://censys.io/ipv4/141.105.65.111
15593[*] https://www.abuseipdb.com/check/141.105.65.111
15594[*] https://urlscan.io/search/#141.105.65.111
15595[*] https://github.com/search?q=141.105.65.111&type=Code
15596[INFO] Useful links related to AS49335 - 141.105.65.0/24:
15597[*] http://www.google.com/safebrowsing/diagnostic?site=AS:49335
15598[*] https://www.senderbase.org/lookup/?search_string=141.105.65.0/24
15599[*] http://bgp.he.net/AS49335
15600[*] https://stat.ripe.net/AS49335
15601[INFO] Date: 07/02/20 | Time: 06:39:40
15602[INFO] Total time: 2 minute(s) and 29 second(s)
15603#######################################################################################################################################
15604[-] Target: http://www.islam-iea.com (141.105.65.111)
15605[M] Website Not in HTTPS: http://www.islam-iea.com
15606[I] Server: Apache
15607[L] X-Frame-Options: Not Enforced
15608[I] Strict-Transport-Security: Not Enforced
15609[I] X-Content-Security-Policy: Not Enforced
15610[I] X-Content-Type-Options: Not Enforced
15611[L] Robots.txt Found: http://www.islam-iea.com/robots.txt
15612[I] CMS Detection: WordPress
15613[I] Wordpress Version: 5.2.5
15614[M] EDB-ID: 47720 "WordPress Core 5.3 - User Disclosure"
15615[M] EDB-ID: 47800 "WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service"
15616[I] Wordpress Theme: jarida
15617[-] WordPress usernames identified:
15618[M] admin
15619[M] XML-RPC services are enabled
15620[M] Website vulnerable to XML-RPC Brute Force Vulnerability
15621[I] Autocomplete Off Not Found: http://www.islam-iea.com/wp-login.php
15622[-] Default WordPress Files:
15623[I] http://www.islam-iea.com/license.txt
15624[I] http://www.islam-iea.com/readme.html
15625[I] http://www.islam-iea.com/wp-content/themes/twentyfifteen/genericons/COPYING.txt
15626[I] http://www.islam-iea.com/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
15627[I] http://www.islam-iea.com/wp-content/themes/twentyfifteen/readme.txt
15628[I] http://www.islam-iea.com/wp-content/themes/twentyfourteen/genericons/COPYING.txt
15629[I] http://www.islam-iea.com/wp-content/themes/twentyfourteen/genericons/LICENSE.txt
15630[I] http://www.islam-iea.com/wp-content/themes/twentyfourteen/genericons/README.txt
15631[I] http://www.islam-iea.com/wp-content/themes/twentyfourteen/readme.txt
15632[I] http://www.islam-iea.com/wp-content/themes/twentynineteen/readme.txt
15633[I] http://www.islam-iea.com/wp-content/themes/twentythirteen/genericons/COPYING.txt
15634[I] http://www.islam-iea.com/wp-content/themes/twentythirteen/genericons/LICENSE.txt
15635[I] http://www.islam-iea.com/wp-content/themes/twentythirteen/genericons/README.txt
15636[I] http://www.islam-iea.com/wp-content/themes/twentythirteen/readme.txt
15637[I] http://www.islam-iea.com/wp-includes/ID3/license.commercial.txt
15638[I] http://www.islam-iea.com/wp-includes/ID3/license.txt
15639[I] http://www.islam-iea.com/wp-includes/ID3/readme.txt
15640[I] http://www.islam-iea.com/wp-includes/images/crystal/license.txt
15641[I] http://www.islam-iea.com/wp-includes/js/plupload/license.txt
15642[I] http://www.islam-iea.com/wp-includes/js/swfupload/license.txt
15643[I] http://www.islam-iea.com/wp-includes/js/tinymce/license.txt
15644[-] Searching Wordpress Plugins ...
15645[I] feed
15646[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
15647[I] Checking for Directory Listing Enabled ...
15648[L] http://www.islam-iea.com/wp-admin/css
15649[L] http://www.islam-iea.com/wp-admin/images
15650[L] http://www.islam-iea.com/wp-admin/includes
15651[L] http://www.islam-iea.com/wp-admin/js
15652[L] http://www.islam-iea.com/wp-admin/maint
15653[L] http://www.islam-iea.com/wp-includes
15654[L] http://www.islam-iea.com/wp-includes/ID3
15655[L] http://www.islam-iea.com/wp-includes/IXR
15656[L] http://www.islam-iea.com/wp-includes/Requests
15657[L] http://www.islam-iea.com/wp-includes/SimplePie
15658[L] http://www.islam-iea.com/wp-includes/Text
15659[L] http://www.islam-iea.com/wp-includes/blocks
15660[L] http://www.islam-iea.com/wp-includes/certificates
15661[L] http://www.islam-iea.com/wp-includes/css
15662[L] http://www.islam-iea.com/wp-includes/customize
15663[L] http://www.islam-iea.com/wp-includes/fonts
15664[L] http://www.islam-iea.com/wp-includes/images
15665[L] http://www.islam-iea.com/wp-includes/js
15666[L] http://www.islam-iea.com/wp-includes/pomo
15667[L] http://www.islam-iea.com/wp-includes/random_compat
15668[L] http://www.islam-iea.com/wp-includes/rest-api
15669[L] http://www.islam-iea.com/wp-includes/sodium_compat
15670[L] http://www.islam-iea.com/wp-includes/theme-compat
15671[L] http://www.islam-iea.com/wp-includes/widgets
15672[-] Date & Time: 07/02/2020 06:40:43
15673[-] Completed in: 0:09:27
15674######################################################################################################################################
15675 Anonymous JTSEC #OpISIS Full Recon #46