· 6 years ago · Dec 06, 2019, 04:31 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.albayraklar.com ISP IHS Telekomunikasyon Ltd
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Unknown Local time 04 Dec 2019 10:03 +03
8City Unknown Postal Code Unknown
9IP Address 94.138.199.135 Latitude 41.021
10 Longitude 28.995
11=======================================================================================================================================
12#######################################################################################################################################
13> www.albayraklar.com
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.albayraklar.com
19Address: 94.138.199.135
20>
21#######################################################################################################################################
22 Domain Name: ALBAYRAKLAR.COM
23 Registry Domain ID: 141559669_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.ihs.com.tr
25 Registrar URL: http://www.ihs.com.tr
26 Updated Date: 2018-10-19T09:32:30Z
27 Creation Date: 2005-02-04T19:03:55Z
28 Registry Expiry Date: 2025-02-04T19:03:55Z
29 Registrar: IHS Telekom, Inc.
30 Registrar IANA ID: 1091
31 Registrar Abuse Contact Email:
32 Registrar Abuse Contact Phone:
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: NS1.IHSDNSX45.COM
35 Name Server: NS2.IHSDNSX45.COM
36 DNSSEC: unsigned
37#######################################################################################################################################
38Domain Name: ALBAYRAKLAR.COM
39Registry Domain ID: 141559669_DOMAIN_COM-VRSN
40Registrar WHOIS Server: whois.wishnames.com
41Registrar URL: www.ihs.com.tr
42Updated Date: 2018-10-19T09:32:31Z
43Creation Date: 2005-02-04T19:03:55Z
44Registrar Registration Expiration Date: 2025-02-04T19:03:55Z
45Registrar: IHS Telekom, Inc
46Registrar IANA ID: 1091
47Domain Status: OK https://icann.org/epp#OK
48Registry Registrant ID: Not Available From Registry
49Registrant Name: Sertan Aycicek
50Registrant Organization: Sertan Aycicek
51Registrant Street: Oguzhan Caddesi Molla Gurani Mahallesi 9/3
52Registrant City: Istanbul
53Registrant State/Province:
54Registrant Postal Code: 21344
55Registrant Country: TR
56Registrant Phone: +90.5324450966
57Registrant Phone Ext:
58Registrant Fax: +90.
59Registrant Fax Ext:
60Registrant Email: sertanaycicek@gmail.com
61Registry Admin ID: Not Available From Registry
62Admin Name: Sertan Aycicek
63Admin Organization: Sertan Aycicek
64Admin Street: Oguzhan Caddesi Molla Gurani Mahallesi 9/3
65Admin City: Istanbul
66Admin State/Province:
67Admin Postal Code: 21344
68Admin Country: TR
69Admin Phone: +90.5324450966
70Admin Phone Ext:
71Admin Fax: +90.
72Admin Fax Ext:
73Admin Email: sertanaycicek@gmail.com
74Registry Tech ID: Not Available From Registry
75Tech Name: Sertan Aycicek
76Tech Organization: Sertan Aycicek
77Tech Street: Oguzhan Caddesi Molla Gurani Mahallesi 9/3
78Tech City: Istanbul
79Tech State/Province:
80Tech Postal Code: 21344
81Tech Country: TR
82Tech Phone: +90.5324450966
83Tech Phone Ext:
84Tech Fax: +90.
85Tech Fax Ext:
86Tech Email: sertanaycicek@gmail.com
87Name Server: ns1.ihsdnsx45.com
88Name Server: ns2.ihsdnsx45.com
89DNSSEC: Unsigned
90Registrar Abuse Contact Email: abuse@ihs.com.tr
91Registrar Abuse Contact Phone: +902165460056
92#######################################################################################################################################
93[+] Target : www.albayraklar.com
94
95[+] IP Address : 94.138.199.135
96
97[+] Headers :
98
99[+] Date : Wed, 04 Dec 2019 07:09:57 GMT
100[+] Server : Apache
101[+] Last-Modified : Mon, 02 Dec 2019 07:07:14 GMT
102[+] ETag : "cedd-598b33aa87877"
103[+] Accept-Ranges : bytes
104[+] Content-Length : 52957
105[+] X-Powered-By : PleskLin
106[+] Keep-Alive : timeout=5, max=100
107[+] Connection : Keep-Alive
108[+] Content-Type : text/html
109
110[+] SSL Certificate Information :
111
112[+] countryName : CH
113[+] localityName : Schaffhausen
114[+] organizationName : Plesk
115[+] commonName : Plesk
116[+] emailAddress : info@plesk.com
117[+] countryName : CH
118[+] localityName : Schaffhausen
119[+] organizationName : Plesk
120[+] commonName : Plesk
121[+] emailAddress : info@plesk.com
122[+] Version : 1
123[+] Serial Number : 5A326B7E
124[+] Not Before : Dec 14 12:15:58 2017 GMT
125[+] Not After : Dec 14 12:15:58 2018 GMT
126
127[+] Whois Lookup :
128
129[+] NIR : None
130[+] ASN Registry : ripencc
131[+] ASN : 49126
132[+] ASN CIDR : 94.138.199.0/24
133[+] ASN Country Code : TR
134[+] ASN Date : 2009-03-31
135[+] ASN Description : AS49126, TR
136[+] cidr : 94.138.199.0/24
137[+] name : IHS-NET
138[+] handle : BO849-RIPE
139[+] range : 94.138.199.0 - 94.138.199.255
140[+] description : IHS-NET-1
141[+] country : TR
142[+] state : None
143[+] city : None
144[+] address : IHS Telekomunikasyon Ltd
145Kosuyolu Mah. Dinlenc sok. Murtezaoglu Plaza No 11 Floor 2
14634720 Acibadem - Istanbul TR
147[+] postal_code : None
148[+] emails : None
149[+] created : 2010-03-18T15:05:27Z
150[+] updated : 2010-03-19T11:02:37Z
151
152[+] Crawling Target...
153
154[+] Looking for robots.txt........[ Found ]
155[+] Extracting robots Links.......[ 1 ]
156[+] Looking for sitemap.xml.......[ Found ]
157[+] Extracting sitemap Links......[ 6 ]
158[+] Extracting CSS Links..........[ 8 ]
159[+] Extracting Javascript Links...[ 14 ]
160[+] Extracting Internal Links.....[ 0 ]
161[+] Extracting External Links.....[ 8 ]
162[+] Extracting Images.............[ 37 ]
163
164[+] Total Links Extracted : 74
165
166[+] Dumping Links in /opt/FinalRecon/dumps/www.albayraklar.com.dump
167[+] Completed!
168#######################################################################################################################################
169[i] Scanning Site: http://www.albayraklar.com
170
171
172
173B A S I C I N F O
174====================
175
176
177[+] Site Title: Ana Sayfa / ALBAYRAKLAR ŞİRKETLER GRUBU
178[+] IP address: 94.138.199.135
179[+] Web Server: Apache
180[+] CMS: Could Not Detect
181[+] Cloudflare: Not Detected
182[+] Robots File: Found
183
184-------------[ contents ]----------------
185User-agent: *
186Disallow: /cgi-bin
187
188-----------[end of contents]-------------
189
190
191
192W H O I S L O O K U P
193========================
194
195 Domain Name: ALBAYRAKLAR.COM
196 Registry Domain ID: 141559669_DOMAIN_COM-VRSN
197 Registrar WHOIS Server: whois.ihs.com.tr
198 Registrar URL: http://www.ihs.com.tr
199 Updated Date: 2018-10-19T09:32:30Z
200 Creation Date: 2005-02-04T19:03:55Z
201 Registry Expiry Date: 2025-02-04T19:03:55Z
202 Registrar: IHS Telekom, Inc.
203 Registrar IANA ID: 1091
204 Registrar Abuse Contact Email:
205 Registrar Abuse Contact Phone:
206 Domain Status: ok https://icann.org/epp#ok
207 Name Server: NS1.IHSDNSX45.COM
208 Name Server: NS2.IHSDNSX45.COM
209 DNSSEC: unsigned
210 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
211>>> Last update of whois database: 2019-12-04T07:10:23Z <<<
212
213For more information on Whois status codes, please visit https://icann.org/epp
214
215
216
217The Registry database contains ONLY .COM, .NET, .EDU domains and
218Registrars.
219
220
221
222
223G E O I P L O O K U P
224=========================
225
226[i] IP Address: 94.138.199.135
227[i] Country: Turkey
228[i] State:
229[i] City:
230[i] Latitude: 41.0214
231[i] Longitude: 28.9948
232
233
234
235
236H T T P H E A D E R S
237=======================
238
239
240[i] HTTP/1.1 200 OK
241[i] Date: Wed, 04 Dec 2019 07:10:46 GMT
242[i] Server: Apache
243[i] Last-Modified: Mon, 02 Dec 2019 07:07:14 GMT
244[i] ETag: "cedd-598b33aa87877"
245[i] Accept-Ranges: bytes
246[i] Content-Length: 52957
247[i] X-Powered-By: PleskLin
248[i] Connection: close
249[i] Content-Type: text/html
250
251
252
253
254D N S L O O K U P
255===================
256
257albayraklar.com. 21599 IN MX 10 antispam1.ihs.com.tr.
258albayraklar.com. 21599 IN MX 10 antispam2.ihs.com.tr.
259albayraklar.com. 21599 IN TXT "v=spf1 ip4:94.138.192.130/26 ip4:94.138.199.35 mx:antispam1.ihs.com.tr mx:antispam2.ihs.com.tr mx:mail.albayraklar.com ~all"
260albayraklar.com. 21599 IN SOA ns2.ihsdnsx45.com. timucindandin.hotmail.com. 2019110701 10800 3600 604800 10800
261albayraklar.com. 21599 IN NS ns1.ihsdnsx45.com.
262albayraklar.com. 21599 IN NS ns2.ihsdnsx45.com.
263albayraklar.com. 21599 IN A 94.138.199.135
264
265
266
267
268S U B N E T C A L C U L A T I O N
269====================================
270
271Address = 94.138.199.135
272Network = 94.138.199.135 / 32
273Netmask = 255.255.255.255
274Broadcast = not needed on Point-to-Point links
275Wildcard Mask = 0.0.0.0
276Hosts Bits = 0
277Max. Hosts = 1 (2^0 - 0)
278Host Range = { 94.138.199.135 - 94.138.199.135 }
279
280
281
282N M A P P O R T S C A N
283============================
284
285Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-04 07:10 UTC
286Nmap scan report for albayraklar.com (94.138.199.135)
287Host is up (0.12s latency).
288rDNS record for 94.138.199.135: ns1.ihsdnsx45.com
289
290PORT STATE SERVICE
29121/tcp open ftp
29222/tcp filtered ssh
29323/tcp filtered telnet
29480/tcp open http
295110/tcp open pop3
296143/tcp open imap
297443/tcp open https
2983389/tcp filtered ms-wbt-server
299
300Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds
301
302
303
304S U B - D O M A I N F I N D E R
305==================================
306
307
308[i] Total Subdomains Found : 2
309
310[+] Subdomain: mail.albayraklar.com
311[-] IP: 94.138.192.212
312
313[+] Subdomain: www.albayraklar.com
314[-] IP: 94.138.199.135
315
316
317#######################################################################################################################################
318[+] Starting At 2019-12-04 02:10:39.650792
319[+] Collecting Information On: http://www.albayraklar.com/
320[#] Status: 200
321--------------------------------------------------
322[#] Web Server Detected: Apache
323[#] X-Powered-By: PleskLin
324[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
325- Date: Wed, 04 Dec 2019 07:10:40 GMT
326- Server: Apache
327- Last-Modified: Mon, 02 Dec 2019 07:07:14 GMT
328- ETag: "cedd-598b33aa87877"
329- Accept-Ranges: bytes
330- Content-Length: 52957
331- X-Powered-By: PleskLin
332- Keep-Alive: timeout=5, max=100
333- Connection: Keep-Alive
334- Content-Type: text/html
335--------------------------------------------------
336[#] Finding Location..!
337[#] status: success
338[#] country: Turkey
339[#] countryCode: TR
340[#] region: 34
341[#] regionName: Istanbul
342[#] city: Kadıköy
343[#] zip: 34662
344[#] lat: 40.9943
345[#] lon: 29.0547
346[#] timezone: Europe/Istanbul
347[#] isp: IHS
348[#] org: IHS Telekomunikasyon Ltd
349[#] as: AS49126 IHS Telekomunikasyon Ltd
350[#] query: 94.138.199.135
351--------------------------------------------------
352[x] Didn't Detect WAF Presence on: http://www.albayraklar.com/
353--------------------------------------------------
354[#] Starting Reverse DNS
355[-] Failed ! Fail
356--------------------------------------------------
357[!] Scanning Open Port
358[#] 21/tcp open ftp
359[#] 53/tcp open domain
360[#] 80/tcp open http
361[#] 110/tcp open pop3
362[#] 143/tcp open imap
363[#] 443/tcp open https
364[#] 587/tcp open submission
365--------------------------------------------------
366[+] Collecting Information Disclosure!
367[#] Detecting sitemap.xml file
368[!] sitemap.xml File Found: http://www.albayraklar.com//sitemap.xml
369[#] Detecting robots.txt file
370[!] robots.txt File Found: http://www.albayraklar.com//robots.txt
371[#] Detecting GNU Mailman
372[-] GNU Mailman App Not Detected!?
373--------------------------------------------------
374[+] Crawling Url Parameter On: http://www.albayraklar.com/
375--------------------------------------------------
376[#] Searching Html Form !
377[+] Html Form Discovered
378[#] action: https://mobirise.com/
379[#] class: ['mbr-form']
380[#] id: None
381[#] method: post
382--------------------------------------------------
383[!] Found 24 dom parameter
384[#] http://www.albayraklar.com//#top
385[#] http://www.albayraklar.com//#top
386[#] http://www.albayraklar.com//index.html#msg-box5-3
387[#] http://www.albayraklar.com//index.html#msg-box5-4
388[#] http://www.albayraklar.com//index.html#extHeader12-p
389[#] http://www.albayraklar.com//index.html#msg-box8-1n
390[#] http://www.albayraklar.com//index.html#features3-9
391[#] http://www.albayraklar.com//index.html#features3-9
392[#] http://www.albayraklar.com//index.html#header2-18
393[#] http://www.albayraklar.com//index.html#msg-box5-1j
394[#] http://www.albayraklar.com//index.html#msg-box5-1q
395[#] http://www.albayraklar.com//index.html#msg-box5-1b
396[#] http://www.albayraklar.com//index.html#contacts2-i
397[#] http://www.albayraklar.com//#content8-1r
398[#] http://www.albayraklar.com//#header1-1m
399[#] http://www.albayraklar.com//#header2-1k
400[#] http://www.albayraklar.com//#msg-box8-1n
401[#] http://www.albayraklar.com//#content8-o
402[#] http://www.albayraklar.com//#msg-box5-3
403[#] http://www.albayraklar.com//index.html#header2-18
404[#] http://www.albayraklar.com//index.html#extHeader13-6
405[#] http://www.albayraklar.com//index.html#msg-box5-1b
406[#] http://www.albayraklar.com//#extTestimonials5-17
407[#] http://www.albayraklar.com//#extTestimonials5-17
408--------------------------------------------------
409[-] No internal Dynamic Parameter Found!?
410--------------------------------------------------
411[!] 3 External Dynamic Parameter Discovered
412[#] https://fonts.googleapis.com/css?family=Montserrat:400,700
413[#] https://fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
414[#] https://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&subset=latin
415--------------------------------------------------
416[!] 13 Internal links Discovered
417[+] http://www.albayraklar.com//assets/images/albayrak-logo-letterpress-128x128.png
418[+] http://www.albayraklar.com//assets/tether/tether.min.css
419[+] http://www.albayraklar.com//assets/bootstrap/css/bootstrap.min.css
420[+] http://www.albayraklar.com//assets/animatecss/animate.min.css
421[+] http://www.albayraklar.com//assets/dropdown/css/style.css
422[+] http://www.albayraklar.com//assets/socicon/css/styles.css
423[+] http://www.albayraklar.com//assets/mobirise3-blocks-plugin/css/style.css
424[+] http://www.albayraklar.com//assets/theme/css/style.css
425[+] http://www.albayraklar.com//assets/mobirise/css/mbr-additional.css
426[+] http://www.albayraklar.com//assets/mobirise/css/mbr-additional.css
427[+] http://www.albayraklar.com//mailto:diplomatlar@albayraklar.com
428[+] http://www.albayraklar.com//mailto:ik@albayraklar.com
429[+] http://www.albayraklar.com//mailto:info@albayraklar.com
430--------------------------------------------------
431[!] 9 External links Discovered
432[#] https://mobirise.com/
433[#] https://mobirise.info/v
434[#] http://www.wattozz.com
435[#] http://www.wattozz.com
436[#] https://twitter.com/wattozz
437[#] https://www.facebook.com/adnanalbayrak61/
438[#] https://www.youtube.com/channel/UCw5xXk-FlqHPnC8X9GZZ1Mg
439[#] https://www.instagram.com/wattozzgun/
440[#] https://www.linkedin.com/company/albayraklar/
441--------------------------------------------------
442[#] Mapping Subdomain..
443[!] Found 3 Subdomain
444- albayraklar.com
445- mail.albayraklar.com
446- www.albayraklar.com
447--------------------------------------------------
448[!] Done At 2019-12-04 02:11:25.434226
449#######################################################################################################################################
450[INFO] ------TARGET info------
451[*] TARGET: http://www.albayraklar.com/
452[*] TARGET IP: 94.138.199.135
453[INFO] NO load balancer detected for www.albayraklar.com...
454[*] DNS servers: ns2.ihsdnsx45.com.
455[*] TARGET server: Apache
456[*] CC: TR
457[*] Country: Turkey
458[*] RegionCode: 34
459[*] RegionName: Istanbul
460[*] City: Kadıköy
461[*] ASN: AS49126
462[*] BGP_PREFIX: 94.138.199.0/24
463[*] ISP: AS49126 IHS Telekomunikasyon Ltd, TR
464[INFO] DNS enumeration:
465[*] ftp.albayraklar.com albayraklar.com. 94.138.199.135
466[*] mail.albayraklar.com 94.138.192.212
467[*] webmail.albayraklar.com 94.138.192.212
468[INFO] Possible abuse mails are:
469[*] abuse@albayraklar.com
470[*] abuse@ihs.com.tr
471[*] abuse@www.albayraklar.com
472[INFO] NO PAC (Proxy Auto Configuration) file FOUND
473[ALERT] robots.txt file FOUND in http://www.albayraklar.com/robots.txt
474[INFO] Checking for HTTP status codes recursively from http://www.albayraklar.com/robots.txt
475[INFO] Status code Folders
476[INFO] Starting FUZZing in http://www.albayraklar.com/FUzZzZzZzZz...
477[INFO] Status code Folders
478[ALERT] Look in the source code. It may contain passwords
479[INFO] Links found from http://www.albayraklar.com/ http://94.138.199.135/:
480[*] https://mobirise.com/
481[*] https://mobirise.info/v
482[*] https://plus.google.com/communities/109881979300958500728
483[*] https://support.plesk.com/
484[*] https://talk.plesk.com/
485[*] https://twitter.com/Plesk
486[*] https://twitter.com/wattozz
487[*] https://www.facebook.com/adnanalbayrak61/
488[*] https://www.facebook.com/Plesk
489[*] https://www.google.com/maps/embed/v1/place?key=AIzaSyCy9r70T3NYf3PhvVflTo0_zdif2_IoIYs&q=place_id:ChIJ-35AsTq6yhQRdxCGfQxrIp4
490[*] https://www.instagram.com/wattozzgun/
491[*] https://www.linkedin.com/company/albayraklar/
492[*] https://www.plesk.com/
493[*] https://www.plesk.com/blog/
494[*] https://www.youtube.com/channel/UCw5xXk-FlqHPnC8X9GZZ1Mg
495[*] https://www.youtube.com/embed/fTDcb2nyzJk?rel=0&showinfo=0&autoplay=1&loop=0
496[*] https://www.youtube.com/embed/nQff4nHB4A0?rel=0&showinfo=0&autoplay=1&loop=1&playlist=nQff4nHB4A0
497[*] http://www.albayraklar.com/#content8-1r
498[*] http://www.albayraklar.com/#content8-o
499[*] http://www.albayraklar.com/#extTestimonials5-17
500[*] http://www.albayraklar.com/#header1-1m
501[*] http://www.albayraklar.com/#header2-1k
502[*] http://www.albayraklar.com/index.html#contacts2-i
503[*] http://www.albayraklar.com/index.html#extHeader12-p
504[*] http://www.albayraklar.com/index.html#extHeader13-6
505[*] http://www.albayraklar.com/index.html#features3-9
506[*] http://www.albayraklar.com/index.html#header2-18
507[*] http://www.albayraklar.com/index.html#msg-box5-1b
508[*] http://www.albayraklar.com/index.html#msg-box5-1j
509[*] http://www.albayraklar.com/index.html#msg-box5-1q
510[*] http://www.albayraklar.com/index.html#msg-box5-3
511[*] http://www.albayraklar.com/index.html#msg-box5-4
512[*] http://www.albayraklar.com/index.html#msg-box8-1n
513[*] http://www.albayraklar.com/#msg-box5-3
514[*] http://www.albayraklar.com/#msg-box8-1n
515[*] http://www.albayraklar.com/#top
516[*] http://www.wattozz.com/
517cut: intervalle de champ incorrecte
518Saisissez « cut --help » pour plus d'informations.
519[INFO] Shodan detected the following opened ports on 94.138.199.135:
520[*] 1
521[*] 110
522[*] 143
523[*] 21
524[*] 214
525[*] 25
526[*] 4
527[*] 443
528[*] 53
529[*] 587
530[*] 8
531[*] 80
532[INFO] ------VirusTotal SECTION------
533[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
534[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
535[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
536[INFO] ------Alexa Rank SECTION------
537[INFO] Percent of Visitors Rank in Country:
538[INFO] Percent of Search Traffic:
539[INFO] Percent of Unique Visits:
540[INFO] Total Sites Linking In:
541[*] Total Sites
542[INFO] Useful links related to www.albayraklar.com - 94.138.199.135:
543[*] https://www.virustotal.com/pt/ip-address/94.138.199.135/information/
544[*] https://www.hybrid-analysis.com/search?host=94.138.199.135
545[*] https://www.shodan.io/host/94.138.199.135
546[*] https://www.senderbase.org/lookup/?search_string=94.138.199.135
547[*] https://www.alienvault.com/open-threat-exchange/ip/94.138.199.135
548[*] http://pastebin.com/search?q=94.138.199.135
549[*] http://urlquery.net/search.php?q=94.138.199.135
550[*] http://www.alexa.com/siteinfo/www.albayraklar.com
551[*] http://www.google.com/safebrowsing/diagnostic?site=www.albayraklar.com
552[*] https://censys.io/ipv4/94.138.199.135
553[*] https://www.abuseipdb.com/check/94.138.199.135
554[*] https://urlscan.io/search/#94.138.199.135
555[*] https://github.com/search?q=94.138.199.135&type=Code
556[INFO] Useful links related to AS49126 - 94.138.199.0/24:
557[*] http://www.google.com/safebrowsing/diagnostic?site=AS:49126
558[*] https://www.senderbase.org/lookup/?search_string=94.138.199.0/24
559[*] http://bgp.he.net/AS49126
560[*] https://stat.ripe.net/AS49126
561[INFO] Date: 04/12/19 | Time: 02:13:01
562[INFO] Total time: 2 minute(s) and 16 second(s)
563#######################################################################################################################################
564Trying "albayraklar.com"
565;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58858
566;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 2, ADDITIONAL: 2
567
568;; QUESTION SECTION:
569;albayraklar.com. IN ANY
570
571;; ANSWER SECTION:
572albayraklar.com. 5 IN A 94.138.199.135
573albayraklar.com. 5 IN SOA ns2.ihsdnsx45.com. timucindandin.hotmail.com. 2019110701 10800 3600 604800 10800
574albayraklar.com. 5 IN TXT "v=spf1 ip4:94.138.192.130/26 ip4:94.138.199.35 mx:antispam1.ihs.com.tr mx:antispam2.ihs.com.tr mx:mail.albayraklar.com ~all"
575albayraklar.com. 5 IN MX 10 antispam1.ihs.com.tr.
576albayraklar.com. 5 IN MX 10 antispam2.ihs.com.tr.
577albayraklar.com. 5 IN NS ns2.ihsdnsx45.com.
578albayraklar.com. 5 IN NS ns1.ihsdnsx45.com.
579
580;; AUTHORITY SECTION:
581albayraklar.com. 43200 IN NS ns1.ihsdnsx45.com.
582albayraklar.com. 43200 IN NS ns2.ihsdnsx45.com.
583
584;; ADDITIONAL SECTION:
585ns1.ihsdnsx45.com. 43200 IN A 94.138.199.135
586ns2.ihsdnsx45.com. 43200 IN A 94.138.199.136
587
588Received 411 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 213 ms
589#######################################################################################################################################
590; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace albayraklar.com any
591;; global options: +cmd
592. 83197 IN NS c.root-servers.net.
593. 83197 IN NS f.root-servers.net.
594. 83197 IN NS a.root-servers.net.
595. 83197 IN NS g.root-servers.net.
596. 83197 IN NS d.root-servers.net.
597. 83197 IN NS b.root-servers.net.
598. 83197 IN NS m.root-servers.net.
599. 83197 IN NS e.root-servers.net.
600. 83197 IN NS l.root-servers.net.
601. 83197 IN NS j.root-servers.net.
602. 83197 IN NS k.root-servers.net.
603. 83197 IN NS i.root-servers.net.
604. 83197 IN NS h.root-servers.net.
605. 83197 IN RRSIG NS 8 0 518400 20191217050000 20191204040000 22545 . H3bnTJyF3ZVXwZXtUSfApvROznuE7cdqkSsMAYtCaKWZIBLijlVfrLCZ mU0gHx6vVimnVhIJCelgZgsDlgb7Rs70cLgdfiWQiWMZIpz2FGvEriuC lezsk87IlmPMeB3J9X1MgT9jof3FAHXwhMIkkdAqZoOGdvpFcnxmPsnn iMmBg4tZHgba6o2rrdw8nCdKhAc3qupuV6hwefplzLKork4YztzwM8nQ 42j49QFv4xoqxVr8lRqAPhhUdZb3f2lcXBfLrRFa5ISACGLCtohnGXu2 KgtqiJQzbo4+XGOBVKs+MHFO7VufQ14hBtrQvj5qy33/mdbSLTvfD30z pvhByg==
606;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 311 ms
607
608com. 172800 IN NS l.gtld-servers.net.
609com. 172800 IN NS b.gtld-servers.net.
610com. 172800 IN NS c.gtld-servers.net.
611com. 172800 IN NS d.gtld-servers.net.
612com. 172800 IN NS e.gtld-servers.net.
613com. 172800 IN NS f.gtld-servers.net.
614com. 172800 IN NS g.gtld-servers.net.
615com. 172800 IN NS a.gtld-servers.net.
616com. 172800 IN NS h.gtld-servers.net.
617com. 172800 IN NS i.gtld-servers.net.
618com. 172800 IN NS j.gtld-servers.net.
619com. 172800 IN NS k.gtld-servers.net.
620com. 172800 IN NS m.gtld-servers.net.
621com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
622com. 86400 IN RRSIG DS 8 1 86400 20191217050000 20191204040000 22545 . D52GqbRFZx6McSZvRf9wbhl11z61FPmL9V3odV0/bm4YOQJX9tyfVliw HsUbFM1dySUkcALeYQZP6RUiWmJEcjVZI+4AJLzcel0nQhjnxFK0ysQ/ QEtRmpSQGOgX/0XH5IsrLj2cnPNaBSRBqoXfhLsYWE/xMZIEjgS0Ya5b /gG+gMRFUIVLTlz31tSk4jZzRugSms8fu6ZeMWNwY0x8Hu4/zepmy0Wh wDHdKs6OZ20mwVB/LJoH2lgiDhRM3ywA9LrV/zopovXer5ajwLy0aFhQ 4lk6jt6Cnh5FOx47bXGPQP5E34Efl0i6hT5q38R//FVEyhbBTRxgB7/D eDOkgQ==
623;; Received 1175 bytes from 192.5.5.241#53(f.root-servers.net) in 254 ms
624
625albayraklar.com. 172800 IN NS ns1.ihsdnsx45.com.
626albayraklar.com. 172800 IN NS ns2.ihsdnsx45.com.
627CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
628CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20191209054950 20191202043950 12163 com. S9i2P8sKc5s+dCJwh/UR7HlyuiRL5Iz6cCd3oPPV71iyHoYlqq7Q8qFO OVZj5tJP0BTXw9po8arg1iBmd5yJ7mpHCaVCKmY+dssg3fyfPlSl/lXd a4YL4xoHWNCa0Ow5Ywds7/AqtqDfhN0dnP6i+eaFD9rgrmfO6CVoto6B UYrEQbB2Es6vyUvE/ITtkZUI8wfOQjmLXp3jnQ7PUcWSdw==
629ITPQLKL5IDUL7RSQ85P7V11EE5QJ8E68.com. 86400 IN NSEC3 1 1 0 - ITPSRT9JOA8431EBQ1Q8NEAVT3KVENLR NS DS RRSIG
630ITPQLKL5IDUL7RSQ85P7V11EE5QJ8E68.com. 86400 IN RRSIG NSEC3 8 2 86400 20191209063258 20191202052258 12163 com. LlNbyo35YbVSJ628tXTKgdI7lXscIbUqBVFKm6NJiAknOeAMiH7T+9uU 04tHRR6ruTN1p6lHaI7XMJ1Klr3uQK2lWNlHzlPnnIBNyUkMNlPoEO8q CApFqgucmTroYiTfoZJkuHR41ZrXQPnNBNGucYe6n0lwYMxbSj8//iBt ydm3JPjPVTjGhpOqWc+k9+6PC5cC9JXxIqnnmtMD1YpNmw==
631;; Received 671 bytes from 192.54.112.30#53(h.gtld-servers.net) in 312 ms
632
633albayraklar.com. 86400 IN MX 10 antispam2.ihs.com.tr.
634albayraklar.com. 86400 IN MX 10 antispam1.ihs.com.tr.
635albayraklar.com. 86400 IN TXT "v=spf1 ip4:94.138.192.130/26 ip4:94.138.199.35 mx:antispam1.ihs.com.tr mx:antispam2.ihs.com.tr mx:mail.albayraklar.com ~all"
636albayraklar.com. 86400 IN SOA ns2.ihsdnsx45.com. timucindandin.hotmail.com. 2019110701 10800 3600 604800 10800
637albayraklar.com. 86400 IN NS ns1.ihsdnsx45.com.
638albayraklar.com. 86400 IN NS ns2.ihsdnsx45.com.
639albayraklar.com. 86400 IN A 94.138.199.135
640;; Received 422 bytes from 94.138.199.135#53(ns1.ihsdnsx45.com) in 307 ms
641
642#######################################################################################################################################
643[*] Performing General Enumeration of Domain: albayraklar.com
644[-] DNSSEC is not configured for albayraklar.com
645[*] SOA ns2.ihsdnsx45.com 94.138.199.136
646[*] NS ns2.ihsdnsx45.com 94.138.199.136
647[*] Bind Version for 94.138.199.136 none
648[*] NS ns1.ihsdnsx45.com 94.138.199.135
649[*] Bind Version for 94.138.199.135 none
650[*] MX antispam1.ihs.com.tr 94.138.192.240
651[*] MX antispam2.ihs.com.tr 94.138.192.241
652[*] A albayraklar.com 94.138.199.135
653[*] TXT albayraklar.com v=spf1 ip4:94.138.192.130/26 ip4:94.138.199.35 mx:antispam1.ihs.com.tr mx:antispam2.ihs.com.tr mx:mail.albayraklar.com ~all
654[*] Enumerating SRV Records
655[-] No SRV Records Found for albayraklar.com
656[+] 0 Records Found
657#######################################################################################################################################
658[*] Processing domain albayraklar.com
659[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
660[+] Getting nameservers
66194.138.199.136 - ns2.ihsdnsx45.com
66294.138.199.135 - ns1.ihsdnsx45.com
663[-] Zone transfer failed
664
665[+] TXT records found
666"v=spf1 ip4:94.138.192.130/26 ip4:94.138.199.35 mx:antispam1.ihs.com.tr mx:antispam2.ihs.com.tr mx:mail.albayraklar.com ~all"
667
668[+] MX records found, added to target list
66910 antispam1.ihs.com.tr.
67010 antispam2.ihs.com.tr.
671
672[*] Scanning albayraklar.com for A records
67394.138.199.135 - albayraklar.com
67494.138.199.135 - ftp.albayraklar.com
67591.93.101.8 - panel.albayraklar.com
67694.138.192.212 - webmail.albayraklar.com
67794.138.199.135 - www.albayraklar.com
678#######################################################################################################################################
679Ip Address Status Type Domain Name Server
680---------- ------ ---- ----------- ------
68194.138.199.135 200 alias ftp.albayraklar.com Apache
68294.138.199.135 200 host albayraklar.com Apache
68394.138.192.212 200 host mail.albayraklar.com
68494.138.192.212 200 host webmail.albayraklar.com
68594.138.199.135 200 host www.albayraklar.com Apache
686#######################################################################################################################################
687[+] Testing domain
688 www.albayraklar.com 94.138.199.135
689[+] Dns resolving
690 Domain name Ip address Name server
691 albayraklar.com 94.138.199.135 ns1.ihsdnsx45.com
692Found 1 host(s) for albayraklar.com
693[+] Testing wildcard
694 Ok, no wildcard found.
695
696[+] Scanning for subdomain on albayraklar.com
697[!] Wordlist not specified. I scannig with my internal wordlist...
698 Estimated time about 440.32 seconds
699
700 Subdomain Ip address Name server
701
702 ftp.albayraklar.com 94.138.199.135 ns1.ihsdnsx45.com
703 mail.albayraklar.com 94.138.192.212 mail.ihszimbra21.com
704 webmail.albayraklar.com 94.138.192.212 mail.ihszimbra21.com
705 www.albayraklar.com 94.138.199.135 ns1.ihsdnsx45.com
706
707######################################################################################################################################
708AVAILABLE PLUGINS
709 -----------------
710
711 CertificateInfoPlugin
712 SessionRenegotiationPlugin
713 SessionResumptionPlugin
714 HeartbleedPlugin
715 CompressionPlugin
716 OpenSslCipherSuitesPlugin
717 HttpHeadersPlugin
718 RobotPlugin
719 EarlyDataPlugin
720 OpenSslCcsInjectionPlugin
721 FallbackScsvPlugin
722
723
724
725 CHECKING HOST(S) AVAILABILITY
726 -----------------------------
727
728 94.138.199.135:443 => 94.138.199.135
729
730
731
732
733 SCAN RESULTS FOR 94.138.199.135:443 - 94.138.199.135
734 ----------------------------------------------------
735
736 * SSLV2 Cipher Suites:
737 Server rejected all cipher suites.
738
739 * OpenSSL CCS Injection:
740 OK - Not vulnerable to OpenSSL CCS injection
741
742 * Certificate Information:
743 Content
744 SHA1 Fingerprint: 2149f2e6e37ad91c4cff04a14d070fcc002422c8
745 Common Name: Plesk
746 Issuer: Plesk
747 Serial Number: 1513253758
748 Not Before: 2017-12-14 12:15:58
749 Not After: 2018-12-14 12:15:58
750 Signature Algorithm: sha256
751 Public Key Algorithm: RSA
752 Key Size: 2048
753 Exponent: 65537 (0x10001)
754 DNS Subject Alternative Names: []
755
756 Trust
757 Hostname Validation: FAILED - Certificate does NOT match 94.138.199.135
758 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
759 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
760 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
761 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
762 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
763 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
764 Received Chain: Plesk
765 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
766 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
767 Received Chain Order: OK - Order is valid
768 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
769
770 Extensions
771 OCSP Must-Staple: NOT SUPPORTED - Extension not found
772 Certificate Transparency: NOT SUPPORTED - Extension not found
773
774 OCSP Stapling
775 NOT SUPPORTED - Server did not send back an OCSP response
776
777 * Downgrade Attacks:
778 TLS_FALLBACK_SCSV: OK - Supported
779
780 * ROBOT Attack:
781 OK - Not vulnerable, RSA cipher suites not supported
782
783 * TLSV1_3 Cipher Suites:
784 Server rejected all cipher suites.
785
786 * Session Renegotiation:
787 Client-initiated Renegotiation: OK - Rejected
788 Secure Renegotiation: OK - Supported
789
790 * OpenSSL Heartbleed:
791 OK - Not vulnerable to Heartbleed
792
793 * TLS 1.2 Session Resumption Support:
794 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
795 With TLS Tickets: OK - Supported
796
797 * Deflate Compression:
798 OK - Compression disabled
799
800 * TLSV1_1 Cipher Suites:
801 Server rejected all cipher suites.
802
803 * TLSV1 Cipher Suites:
804 Server rejected all cipher suites.
805
806 * TLSV1_2 Cipher Suites:
807 Forward Secrecy OK - Supported
808 RC4 OK - Not Supported
809
810 Preferred:
811 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
812 Accepted:
813 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
814 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
815
816 * SSLV3 Cipher Suites:
817 Server rejected all cipher suites.
818
819
820 SCAN COMPLETED IN 21.94 S
821 -------------------------
822#######################################################################################################################################
823
824Domains still to check: 1
825 Checking if the hostname albayraklar.com. given is in fact a domain...
826
827Analyzing domain: albayraklar.com.
828 Checking NameServers using system default resolver...
829 IP: 94.138.199.136 (Turkey)
830 HostName: ns2.ihsdnsx45.com Type: NS
831 HostName: ns1.ihsdnsx45.com Type: PTR
832 IP: 94.138.199.135 (Turkey)
833 HostName: ns1.ihsdnsx45.com Type: NS
834 HostName: ns1.ihsdnsx45.com Type: PTR
835
836 Checking MailServers using system default resolver...
837 IP: 94.138.192.240 (Turkey)
838 HostName: antispam1.ihs.com.tr Type: MX
839 HostName: antispam1.ihs.com.tr Type: PTR
840 IP: 94.138.192.241 (Turkey)
841 HostName: antispam2.ihs.com.tr Type: MX
842 HostName: antispam2.ihs.com.tr Type: PTR
843
844 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
845 No zone transfer found on nameserver 94.138.199.135
846 No zone transfer found on nameserver 94.138.199.136
847
848 Checking SPF record...
849 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 94.138.192.130/26, but only the network IP
850 New IP found: 94.138.192.130
851 New IP found: 94.138.199.35
852
853 Checking 192 most common hostnames using system default resolver...
854 IP: 94.138.199.135 (Turkey)
855 HostName: ns1.ihsdnsx45.com Type: NS
856 HostName: ns1.ihsdnsx45.com Type: PTR
857 HostName: www.albayraklar.com. Type: A
858 IP: 94.138.199.135 (Turkey)
859 HostName: ns1.ihsdnsx45.com Type: NS
860 HostName: ns1.ihsdnsx45.com Type: PTR
861 HostName: www.albayraklar.com. Type: A
862 HostName: ftp.albayraklar.com. Type: A
863 IP: 94.138.192.212 (Turkey)
864 HostName: mail.albayraklar.com. Type: A
865 IP: 94.138.192.212 (Turkey)
866 HostName: mail.albayraklar.com. Type: A
867 HostName: webmail.albayraklar.com. Type: A
868 HostName: mail.ihszimbra21.com Type: PTR
869
870 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
871 Checking netblock 94.138.199.0
872 Checking netblock 94.138.192.0
873
874 Searching for albayraklar.com. emails in Google
875 albayraklar@albayraklar.com.
876
877 Checking 7 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
878 Host 94.138.199.35 is up (reset ttl 64)
879 Host 94.138.192.212 is up (reset ttl 64)
880 Host 94.138.199.135 is up (reset ttl 64)
881 Host 94.138.199.136 is up (reset ttl 64)
882 Host 94.138.192.241 is up (reset ttl 64)
883 Host 94.138.192.240 is up (reset ttl 64)
884 Host 94.138.192.130 is up (reset ttl 64)
885
886 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
887 Scanning ip 94.138.199.35 ():
888 21/tcp open ftp syn-ack ttl 47 ProFTPD
889 53/tcp open domain syn-ack ttl 48 (unknown banner: none)
890 | dns-nsid:
891 |_ bind.version: none
892 | fingerprint-strings:
893 | DNSVersionBindReqTCP:
894 | version
895 | bind
896 |_ none
897 80/tcp open http syn-ack ttl 49 Apache httpd (PleskLin)
898 |_http-server-header: Apache
899 110/tcp open pop3 syn-ack ttl 46 Courier pop3d
900 |_pop3-capabilities: STLS SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) LOGIN-DELAY(10) USER UIDL APOP PIPELINING IMPLEMENTATION(Courier Mail Server) TOP
901 |_ssl-date: 2019-12-04T07:25:33+00:00; -2s from scanner time.
902 143/tcp open imap syn-ack ttl 46 Courier Imapd (released 2015)
903 |_imap-capabilities: AUTH=CRAM-SHA1 ACL2=UNION CHILDREN IMAP4rev1 OK IDLE QUOTA AUTH=CRAM-MD5 STARTTLSA0001 CAPABILITY ACL UIDPLUS THREAD=REFERENCES SORT completed AUTH=PLAIN NAMESPACE AUTH=CRAM-SHA256 THREAD=ORDEREDSUBJECT
904 |_ssl-date: 2019-12-04T07:25:34+00:00; -2s from scanner time.
905 443/tcp open ssl/http syn-ack ttl 47 Apache httpd (PleskLin)
906 | http-methods:
907 |_ Supported Methods: GET HEAD POST OPTIONS
908 |_http-title: Site doesn't have a title (text/html).
909 | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
910 | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
911 | Public Key type: rsa
912 | Public Key bits: 2048
913 | Signature Algorithm: sha256WithRSAEncryption
914 | Not valid before: 2017-07-21T09:23:10
915 | Not valid after: 2018-07-21T09:23:10
916 | MD5: e033 8a69 359c 5381 762e 96aa bbb9 4f6b
917 |_SHA-1: 58ed 6e50 664e 1ba1 3898 820f 11a3 2f29 9572 b685
918 587/tcp open smtp syn-ack ttl 48 qmail smtpd
919 | smtp-commands: ns1.ihsdnsx42.com, AUTH=LOGIN CRAM-MD5 PLAIN, AUTH LOGIN CRAM-MD5 PLAIN, STARTTLS, PIPELINING, 8BITMIME,
920 |_ qmail home page: http://pobox.com/~djb/qmail.html
921 | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
922 | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
923 | Public Key type: rsa
924 | Public Key bits: 2048
925 | Signature Algorithm: sha256WithRSAEncryption
926 | Not valid before: 2017-07-21T09:23:10
927 | Not valid after: 2018-07-21T09:23:10
928 | MD5: e033 8a69 359c 5381 762e 96aa bbb9 4f6b
929 |_SHA-1: 58ed 6e50 664e 1ba1 3898 820f 11a3 2f29 9572 b685
930 |_ssl-date: 2019-12-04T07:25:34+00:00; -2s from scanner time.
931 OS Info: Service Info: Hosts: 94.138.199.35, localhost.localdomain; OS: Unix
932 Scanning ip 94.138.192.212 (mail.ihszimbra21.com (PTR)):
933 80/tcp open http syn-ack ttl 47 Zimbra http config
934 110/tcp open pop3 syn-ack ttl 48 Zimbra pop3d
935 |_pop3-capabilities: SASL(PLAIN X-ZIMBRA) TOP USER XOIP STLS IMPLEMENTATION(ZimbraInc) EXPIRE(31 USER) UIDL
936 |_ssl-date: 2019-12-04T07:27:49+00:00; 0s from scanner time.
937 143/tcp open imap syn-ack ttl 49 Zimbra imapd
938 |_imap-capabilities: LOGIN-REFERRALS SASL-IR STARTTLS THREAD=ORDEREDSUBJECT LIST-EXTENDED ESEARCH WITHIN UNSELECT completed LITERAL+ QUOTA AUTH=PLAIN BINARY IDLE XLISTA0001 ENABLE RIGHTS=ektx CONDSTORE CAPABILITY IMAP4rev1 NAMESPACE ACL QRESYNC SORT OK I18NLEVEL=1 ID MULTIAPPEND UIDPLUS SEARCHRES CHILDREN LIST-STATUS ESORT CATENATE
939 |_ssl-date: 2019-12-04T07:27:49+00:00; 0s from scanner time.
940 443/tcp open ssl/http syn-ack ttl 48 Zimbra http config
941 | http-methods:
942 |_ Supported Methods: GET
943 |_http-title: Zimbra Web Client Sign In
944 | ssl-cert: Subject: commonName=mail.ihszimbra21.com
945 | Subject Alternative Name: DNS:mail.ihszimbra21.com
946 | Issuer: commonName=mail.ihszimbra21.com/organizationName=CA
947 | Public Key type: rsa
948 | Public Key bits: 2048
949 | Signature Algorithm: sha256WithRSAEncryption
950 | Not valid before: 2018-07-16T13:36:10
951 | Not valid after: 2023-07-15T13:36:10
952 | MD5: d617 af3f 9f41 98f9 2d8e 2faa 9e7a 72ac
953 |_SHA-1: 6a64 0f7e f010 58a0 94b4 601e d73f 6507 a38f 3048
954 |_ssl-date: 2019-12-04T07:27:48+00:00; 0s from scanner time.
955 587/tcp open smtp syn-ack ttl 48 Postfix smtpd
956 |_smtp-commands: mail.ihszimbra21.com, PIPELINING, SIZE 20480000, VRFY, ETRN, STARTTLS, AUTH LOGIN PLAIN, AUTH=LOGIN PLAIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
957 | ssl-cert: Subject: commonName=mail.ihszimbra21.com
958 | Subject Alternative Name: DNS:mail.ihszimbra21.com
959 | Issuer: commonName=mail.ihszimbra21.com/organizationName=CA
960 | Public Key type: rsa
961 | Public Key bits: 2048
962 | Signature Algorithm: sha256WithRSAEncryption
963 | Not valid before: 2018-07-16T13:36:10
964 | Not valid after: 2023-07-15T13:36:10
965 | MD5: d617 af3f 9f41 98f9 2d8e 2faa 9e7a 72ac
966 |_SHA-1: 6a64 0f7e f010 58a0 94b4 601e d73f 6507 a38f 3048
967 |_ssl-date: TLS randomness does not represent time
968 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
969 OS Info: Service Info: Hosts: mail.ihszimbra21.com, mail.ihszimbra21.com
970 Scanning ip 94.138.199.135 (ftp.albayraklar.com.):
971 21/tcp open ftp syn-ack ttl 47 ProFTPD
972 53/tcp open domain syn-ack ttl 48 (unknown banner: none)
973 | dns-nsid:
974 |_ bind.version: none
975 | fingerprint-strings:
976 | DNSVersionBindReqTCP:
977 | version
978 | bind
979 |_ none
980 80/tcp open http syn-ack ttl 48 Apache httpd (PleskLin)
981 |_http-server-header: Apache
982 110/tcp open pop3 syn-ack ttl 49 Courier pop3d
983 |_pop3-capabilities: TOP LOGIN-DELAY(10) USER UIDL IMPLEMENTATION(Courier Mail Server) STLS SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) APOP PIPELINING
984 143/tcp open imap syn-ack ttl 47 Courier Imapd (released 2017)
985 |_imap-capabilities: THREAD=ORDEREDSUBJECT completed THREAD=REFERENCES AUTH=CRAM-SHA1 AUTH=CRAM-MD5 NAMESPACE AUTH=CRAM-SHA256 QUOTA IMAP4rev1 CAPABILITY SORT CHILDREN IDLE STARTTLSA0001 AUTH=PLAIN OK UIDPLUS ACL ACL2=UNION
986 |_ssl-date: TLS randomness does not represent time
987 443/tcp open ssl/http syn-ack ttl 48 Apache httpd (PleskLin)
988 | http-methods:
989 |_ Supported Methods: POST OPTIONS GET HEAD
990 |_http-server-header: Apache
991 | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
992 | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
993 | Public Key type: rsa
994 | Public Key bits: 2048
995 | Signature Algorithm: sha256WithRSAEncryption
996 | Not valid before: 2017-12-14T12:15:58
997 | Not valid after: 2018-12-14T12:15:58
998 | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
999 |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1000 587/tcp open smtp syn-ack ttl 48 qmail smtpd
1001 | smtp-commands: ns1.ihsdnsx45.com, AUTH=LOGIN CRAM-MD5 PLAIN, AUTH LOGIN CRAM-MD5 PLAIN, STARTTLS, PIPELINING, 8BITMIME,
1002 |_ qmail home page: http://pobox.com/~djb/qmail.html
1003 | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1004 | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1005 | Public Key type: rsa
1006 | Public Key bits: 2048
1007 | Signature Algorithm: sha256WithRSAEncryption
1008 | Not valid before: 2017-12-14T12:15:58
1009 | Not valid after: 2018-12-14T12:15:58
1010 | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1011 |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1012 |_ssl-date: TLS randomness does not represent time
1013 OS Info: Service Info: Hosts: 94.138.199.135, localhost.localdomain; OS: Unix
1014 Scanning ip 94.138.199.136 (ns1.ihsdnsx45.com (PTR)):
1015 21/tcp open ftp syn-ack ttl 48 ProFTPD
1016 53/tcp open domain syn-ack ttl 48 (unknown banner: none)
1017 | dns-nsid:
1018 |_ bind.version: none
1019 | fingerprint-strings:
1020 | DNSVersionBindReqTCP:
1021 | version
1022 | bind
1023 |_ none
1024 80/tcp open http syn-ack ttl 48 Apache httpd (PleskLin)
1025 |_http-server-header: Apache
1026 110/tcp open pop3 syn-ack ttl 47 Courier pop3d
1027 |_pop3-capabilities: LOGIN-DELAY(10) UIDL PIPELINING APOP USER SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) STLS IMPLEMENTATION(Courier Mail Server) TOP
1028 |_ssl-date: TLS randomness does not represent time
1029 143/tcp open imap syn-ack ttl 49 Courier Imapd (released 2017)
1030 |_imap-capabilities: completed OK IMAP4rev1 AUTH=CRAM-SHA256 CAPABILITY IDLE UIDPLUS AUTH=CRAM-MD5 ACL ACL2=UNION QUOTA SORT AUTH=CRAM-SHA1 STARTTLSA0001 CHILDREN THREAD=ORDEREDSUBJECT AUTH=PLAIN THREAD=REFERENCES NAMESPACE
1031 |_ssl-date: TLS randomness does not represent time
1032 443/tcp open ssl/http syn-ack ttl 46 Apache httpd (PleskLin)
1033 |_http-server-header: Apache
1034 | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1035 | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1036 | Public Key type: rsa
1037 | Public Key bits: 2048
1038 | Signature Algorithm: sha256WithRSAEncryption
1039 | Not valid before: 2017-12-14T12:15:58
1040 | Not valid after: 2018-12-14T12:15:58
1041 | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1042 |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1043 587/tcp open smtp syn-ack ttl 48 qmail smtpd
1044 | smtp-commands: ns1.ihsdnsx45.com, AUTH=LOGIN CRAM-MD5 PLAIN, AUTH LOGIN CRAM-MD5 PLAIN, STARTTLS, PIPELINING, 8BITMIME,
1045 |_ qmail home page: http://pobox.com/~djb/qmail.html
1046 | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1047 | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1048 | Public Key type: rsa
1049 | Public Key bits: 2048
1050 | Signature Algorithm: sha256WithRSAEncryption
1051 | Not valid before: 2017-12-14T12:15:58
1052 | Not valid after: 2018-12-14T12:15:58
1053 | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1054 |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1055 |_ssl-date: TLS randomness does not represent time
1056 OS Info: Service Info: Hosts: 94.138.199.136, localhost.localdomain; OS: Unix
1057 Scanning ip 94.138.192.241 (antispam2.ihs.com.tr (PTR)):
1058 Scanning ip 94.138.192.240 (antispam1.ihs.com.tr (PTR)):
1059 Scanning ip 94.138.192.130 ():
1060 80/tcp open http syn-ack ttl 48
1061 | fingerprint-strings:
1062 | FourOhFourRequest:
1063 | HTTP/1.1 404 Not Found
1064 | Date: Wed, 04 Dec 2019 07:33:34 GMT
1065 | Content-Type: text/html;charset=UTF-8
1066 | Content-Language: en-US
1067 | Content-Length: 1325
1068 | <app:skinAndRedirect />
1069 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1070 | <html>
1071 | <head>
1072 | <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
1073 | <title>404 - Not Found</title>
1074 | <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=8.0; user-scalable=1;">
1075 | <meta name="description" content="Zimbra provides open source server and client software for messaging and collaboration. To find out more visit http://www.zimbra.com.">
1076 | <link rel="stylesheet" type="text/css" href="/css/common,login,zhtml,skin.css?skin=&v=130305092149">
1077 | <link rel="SHORTCUT ICON" href="/img/logo/favicon.ico">
1078 | </head>
1079 | <body>
1080 | <p><br><br></p><p><br><br></p>
1081 | <table width="100%"><tr><td align="center">
1082 | <div
1083 | GetRequest:
1084 | HTTP/1.1 200 OK
1085 | Date: Wed, 04 Dec 2019 07:33:31 GMT
1086 | X-Frame-Options: SAMEORIGIN
1087 | Content-Type: text/html;charset=UTF-8
1088 | Content-Language: en-US
1089 | Set-Cookie: ZM_TEST=true
1090 | Vary: User-Agent
1091 | Expires: -1
1092 | Cache-Control: no-store, no-cache, must-revalidate, max-age=0
1093 | Pragma: no-cache
1094 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1095 | <html>
1096 | <head>
1097 | <!--
1098 | login.jsp
1099 | ***** BEGIN LICENSE BLOCK *****
1100 | Zimbra Collaboration Suite Web Client
1101 | Copyright (C) 2007, 2008, 2009, 2010 Zimbra, Inc.
1102 | contents of this file are subject to the Zimbra Public License
1103 | Version 1.3 ("License"); you may not use this file except in
1104 | compliance with the License. You may obtain a copy of the License at
1105 | http://www.zimbra.com/license.
1106 | Software distributed under the License is distributed on an "AS IS"
1107 | basis, WITHOUT WARRANTY OF ANY KIND, eithe
1108 | HTTPOptions:
1109 | HTTP/1.1 200 OK
1110 | Date: Wed, 04 Dec 2019 07:33:32 GMT
1111 | Expires: Tue, 24 Jan 2000 20:46:50 GMT
1112 | Cache-Control: no-store, no-cache, must-revalidate, max-age=0
1113 | Pragma: no-cache
1114 | X-Frame-Options: SAMEORIGIN
1115 | Allow: GET,HEAD,POST,OPTIONS
1116 | Content-Length: 0
1117 | RTSPRequest, X11Probe:
1118 | HTTP/1.1 400 Bad Request
1119 | Content-Length: 0
1120 |_ Connection: close
1121 110/tcp open pop3 syn-ack ttl 48 Zimbra pop3d
1122 |_pop3-capabilities: XOIP USER IMPLEMENTATION(ZimbraInc) EXPIRE(31 USER) STLS TOP SASL(PLAIN X-ZIMBRA) UIDL
1123 |_ssl-date: 2019-12-04T07:36:05+00:00; -1s from scanner time.
1124 143/tcp open imap syn-ack ttl 49 Zimbra imapd
1125 |_imap-capabilities: CATENATE LIST-EXTENDED LIST-STATUS UIDPLUS RIGHTS=ektx LITERAL+ CHILDREN NAMESPACE CONDSTORE ENABLE IMAP4rev1 QRESYNC STARTTLS XLISTA0001 MULTIAPPEND WITHIN SORT SEARCHRES OK LOGIN-REFERRALS ID QUOTA SASL-IR BINARY ACL THREAD=ORDEREDSUBJECT CAPABILITY ESORT IDLE UNSELECT I18NLEVEL=1 completed ESEARCH AUTH=PLAIN
1126 |_ssl-date: 2019-12-04T07:36:06+00:00; 0s from scanner time.
1127 443/tcp open ssl/https? syn-ack ttl 46
1128 |_ssl-date: 2019-12-04T07:36:05+00:00; -1s from scanner time.
1129 587/tcp open smtp syn-ack ttl 47 Postfix smtpd
1130 |_smtp-commands: mail.ihszimbra1.com, PIPELINING, SIZE 204857600, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1131 |_ssl-date: 2019-12-04T07:36:06+00:00; -1s from scanner time.
1132 | sslv2:
1133 | SSLv2 supported
1134 | ciphers:
1135 | SSL2_RC4_128_WITH_MD5
1136 | SSL2_DES_192_EDE3_CBC_WITH_MD5
1137 | SSL2_RC2_128_CBC_WITH_MD5
1138 | SSL2_DES_64_CBC_WITH_MD5
1139 OS Info: Service Info: Hosts: mail.ihszimbra1.com, mail.ihszimbra1.com
1140 WebCrawling domain's web servers... up to 50 max links.
1141
1142 + URL to crawl: http://webmail.albayraklar.com.
1143 + Date: 2019-12-04
1144
1145 + Crawling URL: http://webmail.albayraklar.com.:
1146 + Links:
1147 + Crawling http://webmail.albayraklar.com.
1148 + Crawling http://webmail.albayraklar.com./css/common,login,zhtml,skin.css?skin=harmony&v=181221034225 (File! Not crawling it.)
1149 + Searching for directories...
1150 - Found: http://webmail.albayraklar.com./img/
1151 - Found: http://webmail.albayraklar.com./img/logo/
1152 - Found: http://webmail.albayraklar.com./css/
1153 + Searching open folders...
1154 - http://webmail.albayraklar.com./img/ (403 Forbidden)
1155 - http://webmail.albayraklar.com./img/logo/ (403 Forbidden)
1156 - http://webmail.albayraklar.com./css/ (No Open Folder)
1157
1158
1159 + URL to crawl: http://mail.albayraklar.com.
1160 + Date: 2019-12-04
1161
1162 + Crawling URL: http://mail.albayraklar.com.:
1163 + Links:
1164 + Crawling http://mail.albayraklar.com.
1165 + Crawling http://mail.albayraklar.com./css/common,login,zhtml,skin.css?skin=harmony&v=181221034225 (File! Not crawling it.)
1166 + Searching for directories...
1167 - Found: http://mail.albayraklar.com./img/
1168 - Found: http://mail.albayraklar.com./img/logo/
1169 - Found: http://mail.albayraklar.com./css/
1170 + Searching open folders...
1171 - http://mail.albayraklar.com./img/ (403 Forbidden)
1172 - http://mail.albayraklar.com./img/logo/ (403 Forbidden)
1173 - http://mail.albayraklar.com./css/ (No Open Folder)
1174
1175
1176 + URL to crawl: https://webmail.albayraklar.com.
1177 + Date: 2019-12-04
1178
1179 + Crawling URL: https://webmail.albayraklar.com.:
1180 + Links:
1181 + Crawling https://webmail.albayraklar.com. ([Errno 0] Error)
1182 + Searching for directories...
1183 + Searching open folders...
1184
1185
1186 + URL to crawl: https://mail.albayraklar.com.
1187 + Date: 2019-12-04
1188
1189 + Crawling URL: https://mail.albayraklar.com.:
1190 + Links:
1191 + Crawling https://mail.albayraklar.com. ([Errno 0] Error)
1192 + Searching for directories...
1193 + Searching open folders...
1194
1195
1196 + URL to crawl: http://ns1.ihsdnsx45.com
1197 + Date: 2019-12-04
1198
1199 + Crawling URL: http://ns1.ihsdnsx45.com:
1200 + Links:
1201 + Crawling http://ns1.ihsdnsx45.com
1202 + Searching for directories...
1203 - Found: http://ns1.ihsdnsx45.com/css/
1204 - Found: http://ns1.ihsdnsx45.com/img/
1205 + Searching open folders...
1206 - http://ns1.ihsdnsx45.com/css/ (403 Forbidden)
1207 - http://ns1.ihsdnsx45.com/img/ (403 Forbidden)
1208
1209
1210 + URL to crawl: http://ftp.albayraklar.com.
1211 + Date: 2019-12-04
1212
1213 + Crawling URL: http://ftp.albayraklar.com.:
1214 + Links:
1215 + Crawling http://ftp.albayraklar.com.
1216 + Searching for directories...
1217 - Found: http://ftp.albayraklar.com./css/
1218 - Found: http://ftp.albayraklar.com./img/
1219 + Searching open folders...
1220 - http://ftp.albayraklar.com./css/ (403 Forbidden)
1221 - http://ftp.albayraklar.com./img/ (403 Forbidden)
1222
1223
1224 + URL to crawl: http://www.albayraklar.com.
1225 + Date: 2019-12-04
1226
1227 + Crawling URL: http://www.albayraklar.com.:
1228 + Links:
1229 + Crawling http://www.albayraklar.com.
1230 + Crawling http://www.albayraklar.com./index.html
1231 + Crawling http://www.albayraklar.com./
1232 + Crawling http://www.albayraklar.com./translate.google.com/translate_a/element.js?cb=googleTranslateElementInit (404 Not Found)
1233 + Searching for directories...
1234 - Found: http://www.albayraklar.com./translate.google.com/
1235 - Found: http://www.albayraklar.com./translate.google.com/translate_a/
1236 - Found: http://www.albayraklar.com./assets/
1237 - Found: http://www.albayraklar.com./assets/images/
1238 - Found: http://www.albayraklar.com./assets/tether/
1239 - Found: http://www.albayraklar.com./assets/bootstrap/
1240 - Found: http://www.albayraklar.com./assets/bootstrap/css/
1241 - Found: http://www.albayraklar.com./assets/animatecss/
1242 - Found: http://www.albayraklar.com./assets/dropdown/
1243 - Found: http://www.albayraklar.com./assets/dropdown/css/
1244 - Found: http://www.albayraklar.com./assets/socicon/
1245 - Found: http://www.albayraklar.com./assets/socicon/css/
1246 - Found: http://www.albayraklar.com./assets/mobirise3-blocks-plugin/
1247 - Found: http://www.albayraklar.com./assets/mobirise3-blocks-plugin/css/
1248 - Found: http://www.albayraklar.com./assets/theme/
1249 - Found: http://www.albayraklar.com./assets/theme/css/
1250 - Found: http://www.albayraklar.com./assets/mobirise/
1251 - Found: http://www.albayraklar.com./assets/mobirise/css/
1252 - Found: http://www.albayraklar.com./assets/web/
1253 - Found: http://www.albayraklar.com./assets/web/assets/
1254 - Found: http://www.albayraklar.com./assets/web/assets/jquery/
1255 - Found: http://www.albayraklar.com./assets/bootstrap/js/
1256 - Found: http://www.albayraklar.com./assets/touch-swipe/
1257 - Found: http://www.albayraklar.com./assets/smooth-scroll/
1258 - Found: http://www.albayraklar.com./assets/jarallax/
1259 - Found: http://www.albayraklar.com./assets/viewport-checker/
1260 - Found: http://www.albayraklar.com./assets/jquery-mb-ytplayer/
1261 - Found: http://www.albayraklar.com./assets/dropdown/js/
1262 - Found: http://www.albayraklar.com./assets/bootstrap-carousel-swipe/
1263 - Found: http://www.albayraklar.com./assets/mobirise3-blocks-plugin/js/
1264 - Found: http://www.albayraklar.com./assets/theme/js/
1265 - Found: http://www.albayraklar.com./assets/formoid/
1266 + Searching open folders...
1267 - http://www.albayraklar.com./translate.google.com/ (404 Not Found)
1268 - http://www.albayraklar.com./translate.google.com/translate_a/ (404 Not Found)
1269 - http://www.albayraklar.com./assets/ (403 Forbidden)
1270 - http://www.albayraklar.com./assets/images/ (403 Forbidden)
1271 - http://www.albayraklar.com./assets/tether/ (403 Forbidden)
1272 - http://www.albayraklar.com./assets/bootstrap/ (403 Forbidden)
1273 - http://www.albayraklar.com./assets/bootstrap/css/ (403 Forbidden)
1274 - http://www.albayraklar.com./assets/animatecss/ (403 Forbidden)
1275 - http://www.albayraklar.com./assets/dropdown/ (403 Forbidden)
1276 - http://www.albayraklar.com./assets/dropdown/css/ (403 Forbidden)
1277 - http://www.albayraklar.com./assets/socicon/ (403 Forbidden)
1278 - http://www.albayraklar.com./assets/socicon/css/ (403 Forbidden)
1279 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/ (403 Forbidden)
1280 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/css/ (403 Forbidden)
1281 - http://www.albayraklar.com./assets/theme/ (403 Forbidden)
1282 - http://www.albayraklar.com./assets/theme/css/ (403 Forbidden)
1283 - http://www.albayraklar.com./assets/mobirise/ (403 Forbidden)
1284 - http://www.albayraklar.com./assets/mobirise/css/ (403 Forbidden)
1285 - http://www.albayraklar.com./assets/web/ (403 Forbidden)
1286 - http://www.albayraklar.com./assets/web/assets/ (403 Forbidden)
1287 - http://www.albayraklar.com./assets/web/assets/jquery/ (403 Forbidden)
1288 - http://www.albayraklar.com./assets/bootstrap/js/ (403 Forbidden)
1289 - http://www.albayraklar.com./assets/touch-swipe/ (403 Forbidden)
1290 - http://www.albayraklar.com./assets/smooth-scroll/ (403 Forbidden)
1291 - http://www.albayraklar.com./assets/jarallax/ (403 Forbidden)
1292 - http://www.albayraklar.com./assets/viewport-checker/ (403 Forbidden)
1293 - http://www.albayraklar.com./assets/jquery-mb-ytplayer/ (403 Forbidden)
1294 - http://www.albayraklar.com./assets/dropdown/js/ (403 Forbidden)
1295 - http://www.albayraklar.com./assets/bootstrap-carousel-swipe/ (403 Forbidden)
1296 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/js/ (403 Forbidden)
1297 - http://www.albayraklar.com./assets/theme/js/ (403 Forbidden)
1298 - http://www.albayraklar.com./assets/formoid/ (403 Forbidden)
1299 + Crawl finished successfully.
1300----------------------------------------------------------------------
1301Summary of http://http://www.albayraklar.com.
1302----------------------------------------------------------------------
1303+ Links crawled:
1304 - http://www.albayraklar.com.
1305 - http://www.albayraklar.com./
1306 - http://www.albayraklar.com./index.html
1307 - http://www.albayraklar.com./translate.google.com/translate_a/element.js?cb=googleTranslateElementInit (404 Not Found)
1308 Total links crawled: 4
1309
1310+ Links to files found:
1311 - http://www.albayraklar.com./assets/animatecss/animate.min.css
1312 - http://www.albayraklar.com./assets/bootstrap-carousel-swipe/bootstrap-carousel-swipe.js
1313 - http://www.albayraklar.com./assets/bootstrap/css/bootstrap.min.css
1314 - http://www.albayraklar.com./assets/bootstrap/js/bootstrap.min.js
1315 - http://www.albayraklar.com./assets/dropdown/css/style.css
1316 - http://www.albayraklar.com./assets/dropdown/js/script.min.js
1317 - http://www.albayraklar.com./assets/formoid/formoid.min.js
1318 - http://www.albayraklar.com./assets/images/643-427-600x398.jpg
1319 - http://www.albayraklar.com./assets/images/alaehir-belediyesi-albayraklar-irketler-grubu-custom-140x140.png
1320 - http://www.albayraklar.com./assets/images/albayrak-logo-letterpress-128x128.png
1321 - http://www.albayraklar.com./assets/images/albayraklar-irketler-grubu-bergama-belediyesi-custom-140x140.jpg
1322 - http://www.albayraklar.com./assets/images/albayraklar-irketler-grubu-turhal-belediyesi-custom-140x140.jpg
1323 - http://www.albayraklar.com./assets/images/albayraklar-savunma-9-telefon-495x320.png
1324 - http://www.albayraklar.com./assets/images/albayraklar-srketler-gurubu-alkol-uyusturuce-test-silah-500x267.jpg
1325 - http://www.albayraklar.com./assets/images/albayraklar-srketler-gurubu-wattozz-sida-500x267.jpg
1326 - http://www.albayraklar.com./assets/images/albayraklarn-ceosu-sertan-ayiek-1400x1005.jpeg
1327 - http://www.albayraklar.com./assets/images/ankaya-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1328 - http://www.albayraklar.com./assets/images/besikta-belediyesi-albayraklar-irketler-grubu-custom-140x140.png
1329 - http://www.albayraklar.com./assets/images/bykekmece-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1330 - http://www.albayraklar.com./assets/images/cekmekoy-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1331 - http://www.albayraklar.com./assets/images/corum-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1332 - http://www.albayraklar.com./assets/images/erbaa-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1333 - http://www.albayraklar.com./assets/images/esenyurt-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1334 - http://www.albayraklar.com./assets/images/etimesgut-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1335 - http://www.albayraklar.com./assets/images/fatih-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1336 - http://www.albayraklar.com./assets/images/fotolia-62085473-subscription-xl-600x400.jpg
1337 - http://www.albayraklar.com./assets/images/img-20151005-wa0027-custom-600x398.jpg
1338 - http://www.albayraklar.com./assets/images/kozlu-belediyesi-albayraklar-irketler-grubu-custom-140x140.png
1339 - http://www.albayraklar.com./assets/images/ktahya-belediyesi-albayraklar-irketler-grubu-custom-140x140.png
1340 - http://www.albayraklar.com./assets/images/mbr-1200x800.jpg
1341 - http://www.albayraklar.com./assets/images/mbr-600x353.jpg
1342 - http://www.albayraklar.com./assets/images/merzifon-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1343 - http://www.albayraklar.com./assets/images/r02-1920x1080.png
1344 - http://www.albayraklar.com./assets/images/saryer-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1345 - http://www.albayraklar.com./assets/images/shutterstock-153352397-1400x1048.jpg
1346 - http://www.albayraklar.com./assets/images/shutterstock-46932076-large-600x398.jpg
1347 - http://www.albayraklar.com./assets/images/shutterstock-90374197-1400x931.jpg
1348 - http://www.albayraklar.com./assets/images/shutterstock-92688190-3000x2000.jpg
1349 - http://www.albayraklar.com./assets/images/untitled-1-600x402.jpg
1350 - http://www.albayraklar.com./assets/images/uzunkpr-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1351 - http://www.albayraklar.com./assets/images/wattozz-logo643-427x1-600x398.jpg
1352 - http://www.albayraklar.com./assets/images/wattozz-t61-silah-1400x1131.jpg
1353 - http://www.albayraklar.com./assets/images/wattozzsilah02x1-1024x768.jpg
1354 - http://www.albayraklar.com./assets/images/whatsapp-image-2018-12-03-at-19.43.30-492x328.jpg
1355 - http://www.albayraklar.com./assets/images/zeytnburnu-belediyesi-albayraklar-irketler-grubu-custom-140x140.jpg
1356 - http://www.albayraklar.com./assets/jarallax/jarallax.js
1357 - http://www.albayraklar.com./assets/jquery-mb-ytplayer/jquery.mb.ytplayer.min.js
1358 - http://www.albayraklar.com./assets/mobirise/css/mbr-additional.css
1359 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/css/style.css
1360 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/js/script.js
1361 - http://www.albayraklar.com./assets/smooth-scroll/smooth-scroll.js
1362 - http://www.albayraklar.com./assets/socicon/css/styles.css
1363 - http://www.albayraklar.com./assets/tether/tether.min.css
1364 - http://www.albayraklar.com./assets/tether/tether.min.js
1365 - http://www.albayraklar.com./assets/theme/css/style.css
1366 - http://www.albayraklar.com./assets/theme/js/script.js
1367 - http://www.albayraklar.com./assets/touch-swipe/jquery.touch-swipe.min.js
1368 - http://www.albayraklar.com./assets/viewport-checker/jquery.viewportchecker.js
1369 - http://www.albayraklar.com./assets/web/assets/jquery/jquery.min.js
1370 Total links to files: 59
1371
1372+ Externals links found:
1373 - http://www.wattozz.com
1374 - https://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&subset=latin
1375 - https://fonts.googleapis.com/css?family=Montserrat:400,700
1376 - https://fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
1377 - https://mobirise.com/
1378 - https://mobirise.info/v
1379 - https://twitter.com/wattozz
1380 - https://www.facebook.com/adnanalbayrak61/
1381 - https://www.google.com/maps/embed/v1/place?key=AIzaSyCy9r70T3NYf3PhvVflTo0_zdif2_IoIYs&q=place_id:ChIJ-35AsTq6yhQRdxCGfQxrIp4
1382 - https://www.instagram.com/wattozzgun/
1383 - https://www.linkedin.com/company/albayraklar/
1384 - https://www.youtube.com/channel/UCw5xXk-FlqHPnC8X9GZZ1Mg
1385 - https://www.youtube.com/embed/fTDcb2nyzJk?rel=0&amp;showinfo=0&autoplay=1&loop=0
1386 - https://www.youtube.com/embed/nQff4nHB4A0?rel=0&amp;showinfo=0&autoplay=1&loop=1&playlist=nQff4nHB4A0
1387 Total external links: 14
1388
1389+ Email addresses found:
1390 Total email address found: 0
1391
1392+ Directories found:
1393 - http://www.albayraklar.com./assets/ (403 Forbidden)
1394 - http://www.albayraklar.com./assets/animatecss/ (403 Forbidden)
1395 - http://www.albayraklar.com./assets/bootstrap-carousel-swipe/ (403 Forbidden)
1396 - http://www.albayraklar.com./assets/bootstrap/ (403 Forbidden)
1397 - http://www.albayraklar.com./assets/bootstrap/css/ (403 Forbidden)
1398 - http://www.albayraklar.com./assets/bootstrap/js/ (403 Forbidden)
1399 - http://www.albayraklar.com./assets/dropdown/ (403 Forbidden)
1400 - http://www.albayraklar.com./assets/dropdown/css/ (403 Forbidden)
1401 - http://www.albayraklar.com./assets/dropdown/js/ (403 Forbidden)
1402 - http://www.albayraklar.com./assets/formoid/ (403 Forbidden)
1403 - http://www.albayraklar.com./assets/images/ (403 Forbidden)
1404 - http://www.albayraklar.com./assets/jarallax/ (403 Forbidden)
1405 - http://www.albayraklar.com./assets/jquery-mb-ytplayer/ (403 Forbidden)
1406 - http://www.albayraklar.com./assets/mobirise/ (403 Forbidden)
1407 - http://www.albayraklar.com./assets/mobirise/css/ (403 Forbidden)
1408 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/ (403 Forbidden)
1409 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/css/ (403 Forbidden)
1410 - http://www.albayraklar.com./assets/mobirise3-blocks-plugin/js/ (403 Forbidden)
1411 - http://www.albayraklar.com./assets/smooth-scroll/ (403 Forbidden)
1412 - http://www.albayraklar.com./assets/socicon/ (403 Forbidden)
1413 - http://www.albayraklar.com./assets/socicon/css/ (403 Forbidden)
1414 - http://www.albayraklar.com./assets/tether/ (403 Forbidden)
1415 - http://www.albayraklar.com./assets/theme/ (403 Forbidden)
1416 - http://www.albayraklar.com./assets/theme/css/ (403 Forbidden)
1417 - http://www.albayraklar.com./assets/theme/js/ (403 Forbidden)
1418 - http://www.albayraklar.com./assets/touch-swipe/ (403 Forbidden)
1419 - http://www.albayraklar.com./assets/viewport-checker/ (403 Forbidden)
1420 - http://www.albayraklar.com./assets/web/ (403 Forbidden)
1421 - http://www.albayraklar.com./assets/web/assets/ (403 Forbidden)
1422 - http://www.albayraklar.com./assets/web/assets/jquery/ (403 Forbidden)
1423 - http://www.albayraklar.com./translate.google.com/ (404 Not Found)
1424 - http://www.albayraklar.com./translate.google.com/translate_a/ (404 Not Found)
1425 Total directories: 32
1426
1427+ Directory indexing found:
1428 Total directories with indexing: 0
1429
1430----------------------------------------------------------------------
1431
1432
1433 + URL to crawl: https://ns1.ihsdnsx45.com
1434 + Date: 2019-12-04
1435
1436 + Crawling URL: https://ns1.ihsdnsx45.com:
1437 + Links:
1438 + Crawling https://ns1.ihsdnsx45.com ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1439 + Searching for directories...
1440 + Searching open folders...
1441
1442
1443 + URL to crawl: https://ftp.albayraklar.com.
1444 + Date: 2019-12-04
1445
1446 + Crawling URL: https://ftp.albayraklar.com.:
1447 + Links:
1448 + Crawling https://ftp.albayraklar.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1449 + Searching for directories...
1450 + Searching open folders...
1451
1452
1453 + URL to crawl: https://www.albayraklar.com.
1454 + Date: 2019-12-04
1455
1456 + Crawling URL: https://www.albayraklar.com.:
1457 + Links:
1458 + Crawling https://www.albayraklar.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1459 + Searching for directories...
1460 + Searching open folders...
1461
1462
1463 + URL to crawl: http://ns2.ihsdnsx45.com
1464 + Date: 2019-12-04
1465
1466 + Crawling URL: http://ns2.ihsdnsx45.com:
1467 + Links:
1468 + Crawling http://ns2.ihsdnsx45.com
1469 + Searching for directories...
1470 + Searching open folders...
1471
1472
1473 + URL to crawl: https://ns2.ihsdnsx45.com
1474 + Date: 2019-12-04
1475
1476 + Crawling URL: https://ns2.ihsdnsx45.com:
1477 + Links:
1478 + Crawling https://ns2.ihsdnsx45.com ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1479 + Searching for directories...
1480 + Searching open folders...
1481
1482--Finished--
1483Summary information for domain albayraklar.com.
1484-----------------------------------------
1485 Domain Specific Information:
1486 Email: albayraklar@albayraklar.com.
1487
1488 Domain Ips Information:
1489 IP: 94.138.199.35
1490 Type: SPF
1491 Is Active: True (reset ttl 64)
1492 Port: 21/tcp open ftp syn-ack ttl 47 ProFTPD
1493 Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: none)
1494 Script Info: | dns-nsid:
1495 Script Info: |_ bind.version: none
1496 Script Info: | fingerprint-strings:
1497 Script Info: | DNSVersionBindReqTCP:
1498 Script Info: | version
1499 Script Info: | bind
1500 Script Info: |_ none
1501 Port: 80/tcp open http syn-ack ttl 49 Apache httpd (PleskLin)
1502 Script Info: |_http-server-header: Apache
1503 Port: 110/tcp open pop3 syn-ack ttl 46 Courier pop3d
1504 Script Info: |_pop3-capabilities: STLS SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) LOGIN-DELAY(10) USER UIDL APOP PIPELINING IMPLEMENTATION(Courier Mail Server) TOP
1505 Script Info: |_ssl-date: 2019-12-04T07:25:33+00:00; -2s from scanner time.
1506 Port: 143/tcp open imap syn-ack ttl 46 Courier Imapd (released 2015)
1507 Script Info: |_imap-capabilities: AUTH=CRAM-SHA1 ACL2=UNION CHILDREN IMAP4rev1 OK IDLE QUOTA AUTH=CRAM-MD5 STARTTLSA0001 CAPABILITY ACL UIDPLUS THREAD=REFERENCES SORT completed AUTH=PLAIN NAMESPACE AUTH=CRAM-SHA256 THREAD=ORDEREDSUBJECT
1508 Script Info: |_ssl-date: 2019-12-04T07:25:34+00:00; -2s from scanner time.
1509 Port: 443/tcp open ssl/http syn-ack ttl 47 Apache httpd (PleskLin)
1510 Script Info: | http-methods:
1511 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1512 Script Info: |_http-title: Site doesn't have a title (text/html).
1513 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1514 Script Info: | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1515 Script Info: | Public Key type: rsa
1516 Script Info: | Public Key bits: 2048
1517 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1518 Script Info: | Not valid before: 2017-07-21T09:23:10
1519 Script Info: | Not valid after: 2018-07-21T09:23:10
1520 Script Info: | MD5: e033 8a69 359c 5381 762e 96aa bbb9 4f6b
1521 Script Info: |_SHA-1: 58ed 6e50 664e 1ba1 3898 820f 11a3 2f29 9572 b685
1522 Port: 587/tcp open smtp syn-ack ttl 48 qmail smtpd
1523 Script Info: | smtp-commands: ns1.ihsdnsx42.com, AUTH=LOGIN CRAM-MD5 PLAIN, AUTH LOGIN CRAM-MD5 PLAIN, STARTTLS, PIPELINING, 8BITMIME,
1524 Script Info: |_ qmail home page: http://pobox.com/~djb/qmail.html
1525 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1526 Script Info: | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1527 Script Info: | Public Key type: rsa
1528 Script Info: | Public Key bits: 2048
1529 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1530 Script Info: | Not valid before: 2017-07-21T09:23:10
1531 Script Info: | Not valid after: 2018-07-21T09:23:10
1532 Script Info: | MD5: e033 8a69 359c 5381 762e 96aa bbb9 4f6b
1533 Script Info: |_SHA-1: 58ed 6e50 664e 1ba1 3898 820f 11a3 2f29 9572 b685
1534 Script Info: |_ssl-date: 2019-12-04T07:25:34+00:00; -2s from scanner time.
1535 Os Info: Hosts: 94.138.199.35, localhost.localdomain; OS: Unix
1536 IP: 94.138.192.212
1537 HostName: mail.albayraklar.com. Type: A
1538 HostName: webmail.albayraklar.com. Type: A
1539 HostName: mail.ihszimbra21.com Type: PTR
1540 Country: Turkey
1541 Is Active: True (reset ttl 64)
1542 Port: 80/tcp open http syn-ack ttl 47 Zimbra http config
1543 Port: 110/tcp open pop3 syn-ack ttl 48 Zimbra pop3d
1544 Script Info: |_pop3-capabilities: SASL(PLAIN X-ZIMBRA) TOP USER XOIP STLS IMPLEMENTATION(ZimbraInc) EXPIRE(31 USER) UIDL
1545 Script Info: |_ssl-date: 2019-12-04T07:27:49+00:00; 0s from scanner time.
1546 Port: 143/tcp open imap syn-ack ttl 49 Zimbra imapd
1547 Script Info: |_imap-capabilities: LOGIN-REFERRALS SASL-IR STARTTLS THREAD=ORDEREDSUBJECT LIST-EXTENDED ESEARCH WITHIN UNSELECT completed LITERAL+ QUOTA AUTH=PLAIN BINARY IDLE XLISTA0001 ENABLE RIGHTS=ektx CONDSTORE CAPABILITY IMAP4rev1 NAMESPACE ACL QRESYNC SORT OK I18NLEVEL=1 ID MULTIAPPEND UIDPLUS SEARCHRES CHILDREN LIST-STATUS ESORT CATENATE
1548 Script Info: |_ssl-date: 2019-12-04T07:27:49+00:00; 0s from scanner time.
1549 Port: 443/tcp open ssl/http syn-ack ttl 48 Zimbra http config
1550 Script Info: | http-methods:
1551 Script Info: |_ Supported Methods: GET
1552 Script Info: |_http-title: Zimbra Web Client Sign In
1553 Script Info: | ssl-cert: Subject: commonName=mail.ihszimbra21.com
1554 Script Info: | Subject Alternative Name: DNS:mail.ihszimbra21.com
1555 Script Info: | Issuer: commonName=mail.ihszimbra21.com/organizationName=CA
1556 Script Info: | Public Key type: rsa
1557 Script Info: | Public Key bits: 2048
1558 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1559 Script Info: | Not valid before: 2018-07-16T13:36:10
1560 Script Info: | Not valid after: 2023-07-15T13:36:10
1561 Script Info: | MD5: d617 af3f 9f41 98f9 2d8e 2faa 9e7a 72ac
1562 Script Info: |_SHA-1: 6a64 0f7e f010 58a0 94b4 601e d73f 6507 a38f 3048
1563 Script Info: |_ssl-date: 2019-12-04T07:27:48+00:00; 0s from scanner time.
1564 Port: 587/tcp open smtp syn-ack ttl 48 Postfix smtpd
1565 Script Info: |_smtp-commands: mail.ihszimbra21.com, PIPELINING, SIZE 20480000, VRFY, ETRN, STARTTLS, AUTH LOGIN PLAIN, AUTH=LOGIN PLAIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1566 Script Info: | ssl-cert: Subject: commonName=mail.ihszimbra21.com
1567 Script Info: | Subject Alternative Name: DNS:mail.ihszimbra21.com
1568 Script Info: | Issuer: commonName=mail.ihszimbra21.com/organizationName=CA
1569 Script Info: | Public Key type: rsa
1570 Script Info: | Public Key bits: 2048
1571 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1572 Script Info: | Not valid before: 2018-07-16T13:36:10
1573 Script Info: | Not valid after: 2023-07-15T13:36:10
1574 Script Info: | MD5: d617 af3f 9f41 98f9 2d8e 2faa 9e7a 72ac
1575 Script Info: |_SHA-1: 6a64 0f7e f010 58a0 94b4 601e d73f 6507 a38f 3048
1576 Script Info: |_ssl-date: TLS randomness does not represent time
1577 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
1578 Os Info: Hosts: mail.ihszimbra21.com, mail.ihszimbra21.com
1579 IP: 94.138.199.135
1580 HostName: ns1.ihsdnsx45.com Type: NS
1581 HostName: ns1.ihsdnsx45.com Type: PTR
1582 HostName: www.albayraklar.com. Type: A
1583 HostName: ftp.albayraklar.com. Type: A
1584 Country: Turkey
1585 Is Active: True (reset ttl 64)
1586 Port: 21/tcp open ftp syn-ack ttl 47 ProFTPD
1587 Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: none)
1588 Script Info: | dns-nsid:
1589 Script Info: |_ bind.version: none
1590 Script Info: | fingerprint-strings:
1591 Script Info: | DNSVersionBindReqTCP:
1592 Script Info: | version
1593 Script Info: | bind
1594 Script Info: |_ none
1595 Port: 80/tcp open http syn-ack ttl 48 Apache httpd (PleskLin)
1596 Script Info: |_http-server-header: Apache
1597 Port: 110/tcp open pop3 syn-ack ttl 49 Courier pop3d
1598 Script Info: |_pop3-capabilities: TOP LOGIN-DELAY(10) USER UIDL IMPLEMENTATION(Courier Mail Server) STLS SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) APOP PIPELINING
1599 Port: 143/tcp open imap syn-ack ttl 47 Courier Imapd (released 2017)
1600 Script Info: |_imap-capabilities: THREAD=ORDEREDSUBJECT completed THREAD=REFERENCES AUTH=CRAM-SHA1 AUTH=CRAM-MD5 NAMESPACE AUTH=CRAM-SHA256 QUOTA IMAP4rev1 CAPABILITY SORT CHILDREN IDLE STARTTLSA0001 AUTH=PLAIN OK UIDPLUS ACL ACL2=UNION
1601 Script Info: |_ssl-date: TLS randomness does not represent time
1602 Port: 443/tcp open ssl/http syn-ack ttl 48 Apache httpd (PleskLin)
1603 Script Info: | http-methods:
1604 Script Info: |_ Supported Methods: POST OPTIONS GET HEAD
1605 Script Info: |_http-server-header: Apache
1606 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1607 Script Info: | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1608 Script Info: | Public Key type: rsa
1609 Script Info: | Public Key bits: 2048
1610 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1611 Script Info: | Not valid before: 2017-12-14T12:15:58
1612 Script Info: | Not valid after: 2018-12-14T12:15:58
1613 Script Info: | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1614 Script Info: |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1615 Port: 587/tcp open smtp syn-ack ttl 48 qmail smtpd
1616 Script Info: | smtp-commands: ns1.ihsdnsx45.com, AUTH=LOGIN CRAM-MD5 PLAIN, AUTH LOGIN CRAM-MD5 PLAIN, STARTTLS, PIPELINING, 8BITMIME,
1617 Script Info: |_ qmail home page: http://pobox.com/~djb/qmail.html
1618 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1619 Script Info: | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1620 Script Info: | Public Key type: rsa
1621 Script Info: | Public Key bits: 2048
1622 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1623 Script Info: | Not valid before: 2017-12-14T12:15:58
1624 Script Info: | Not valid after: 2018-12-14T12:15:58
1625 Script Info: | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1626 Script Info: |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1627 Script Info: |_ssl-date: TLS randomness does not represent time
1628 Os Info: Hosts: 94.138.199.135, localhost.localdomain; OS: Unix
1629 IP: 94.138.199.136
1630 HostName: ns2.ihsdnsx45.com Type: NS
1631 HostName: ns1.ihsdnsx45.com Type: PTR
1632 Country: Turkey
1633 Is Active: True (reset ttl 64)
1634 Port: 21/tcp open ftp syn-ack ttl 48 ProFTPD
1635 Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: none)
1636 Script Info: | dns-nsid:
1637 Script Info: |_ bind.version: none
1638 Script Info: | fingerprint-strings:
1639 Script Info: | DNSVersionBindReqTCP:
1640 Script Info: | version
1641 Script Info: | bind
1642 Script Info: |_ none
1643 Port: 80/tcp open http syn-ack ttl 48 Apache httpd (PleskLin)
1644 Script Info: |_http-server-header: Apache
1645 Port: 110/tcp open pop3 syn-ack ttl 47 Courier pop3d
1646 Script Info: |_pop3-capabilities: LOGIN-DELAY(10) UIDL PIPELINING APOP USER SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) STLS IMPLEMENTATION(Courier Mail Server) TOP
1647 Script Info: |_ssl-date: TLS randomness does not represent time
1648 Port: 143/tcp open imap syn-ack ttl 49 Courier Imapd (released 2017)
1649 Script Info: |_imap-capabilities: completed OK IMAP4rev1 AUTH=CRAM-SHA256 CAPABILITY IDLE UIDPLUS AUTH=CRAM-MD5 ACL ACL2=UNION QUOTA SORT AUTH=CRAM-SHA1 STARTTLSA0001 CHILDREN THREAD=ORDEREDSUBJECT AUTH=PLAIN THREAD=REFERENCES NAMESPACE
1650 Script Info: |_ssl-date: TLS randomness does not represent time
1651 Port: 443/tcp open ssl/http syn-ack ttl 46 Apache httpd (PleskLin)
1652 Script Info: |_http-server-header: Apache
1653 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1654 Script Info: | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1655 Script Info: | Public Key type: rsa
1656 Script Info: | Public Key bits: 2048
1657 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1658 Script Info: | Not valid before: 2017-12-14T12:15:58
1659 Script Info: | Not valid after: 2018-12-14T12:15:58
1660 Script Info: | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1661 Script Info: |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1662 Port: 587/tcp open smtp syn-ack ttl 48 qmail smtpd
1663 Script Info: | smtp-commands: ns1.ihsdnsx45.com, AUTH=LOGIN CRAM-MD5 PLAIN, AUTH LOGIN CRAM-MD5 PLAIN, STARTTLS, PIPELINING, 8BITMIME,
1664 Script Info: |_ qmail home page: http://pobox.com/~djb/qmail.html
1665 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Plesk/countryName=CH
1666 Script Info: | Issuer: commonName=Plesk/organizationName=Plesk/countryName=CH
1667 Script Info: | Public Key type: rsa
1668 Script Info: | Public Key bits: 2048
1669 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1670 Script Info: | Not valid before: 2017-12-14T12:15:58
1671 Script Info: | Not valid after: 2018-12-14T12:15:58
1672 Script Info: | MD5: 614a 7bd5 6200 c1f4 f8ba 030c ca30 5c5e
1673 Script Info: |_SHA-1: 2149 f2e6 e37a d91c 4cff 04a1 4d07 0fcc 0024 22c8
1674 Script Info: |_ssl-date: TLS randomness does not represent time
1675 Os Info: Hosts: 94.138.199.136, localhost.localdomain; OS: Unix
1676 IP: 94.138.192.241
1677 HostName: antispam2.ihs.com.tr Type: MX
1678 HostName: antispam2.ihs.com.tr Type: PTR
1679 Country: Turkey
1680 Is Active: True (reset ttl 64)
1681 IP: 94.138.192.240
1682 HostName: antispam1.ihs.com.tr Type: MX
1683 HostName: antispam1.ihs.com.tr Type: PTR
1684 Country: Turkey
1685 Is Active: True (reset ttl 64)
1686 IP: 94.138.192.130
1687 Type: SPF
1688 Is Active: True (reset ttl 64)
1689 Port: 80/tcp open http syn-ack ttl 48
1690 Script Info: | fingerprint-strings:
1691 Script Info: | FourOhFourRequest:
1692 Script Info: | HTTP/1.1 404 Not Found
1693 Script Info: | Date: Wed, 04 Dec 2019 07:33:34 GMT
1694 Script Info: | Content-Type: text/html;charset=UTF-8
1695 Script Info: | Content-Language: en-US
1696 Script Info: | Content-Length: 1325
1697 Script Info: | <app:skinAndRedirect />
1698 Script Info: | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1699 Script Info: | <html>
1700 Script Info: | <head>
1701 Script Info: | <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
1702 Script Info: | <title>404 - Not Found</title>
1703 Script Info: | <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=8.0; user-scalable=1;">
1704 Script Info: | <meta name="description" content="Zimbra provides open source server and client software for messaging and collaboration. To find out more visit http://www.zimbra.com.">
1705 Script Info: | <link rel="stylesheet" type="text/css" href="/css/common,login,zhtml,skin.css?skin=&v=130305092149">
1706 Script Info: | <link rel="SHORTCUT ICON" href="/img/logo/favicon.ico">
1707 Script Info: | </head>
1708 Script Info: | <body>
1709 Script Info: | <p><br><br></p><p><br><br></p>
1710 Script Info: | <table width="100%"><tr><td align="center">
1711 Script Info: | <div
1712 Script Info: | GetRequest:
1713 Script Info: | HTTP/1.1 200 OK
1714 Script Info: | Date: Wed, 04 Dec 2019 07:33:31 GMT
1715 Script Info: | X-Frame-Options: SAMEORIGIN
1716 Script Info: | Content-Type: text/html;charset=UTF-8
1717 Script Info: | Content-Language: en-US
1718 Script Info: | Set-Cookie: ZM_TEST=true
1719 Script Info: | Vary: User-Agent
1720 Script Info: | Expires: -1
1721 Script Info: | Cache-Control: no-store, no-cache, must-revalidate, max-age=0
1722 Script Info: | Pragma: no-cache
1723 Script Info: | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1724 Script Info: | <html>
1725 Script Info: | <head>
1726 Script Info: | <!--
1727 Script Info: | login.jsp
1728 Script Info: | ***** BEGIN LICENSE BLOCK *****
1729 Script Info: | Zimbra Collaboration Suite Web Client
1730 Script Info: | Copyright (C) 2007, 2008, 2009, 2010 Zimbra, Inc.
1731 Script Info: | contents of this file are subject to the Zimbra Public License
1732 Script Info: | Version 1.3 ("License"); you may not use this file except in
1733 Script Info: | compliance with the License. You may obtain a copy of the License at
1734 Script Info: | http://www.zimbra.com/license.
1735 Script Info: | Software distributed under the License is distributed on an "AS IS"
1736 Script Info: | basis, WITHOUT WARRANTY OF ANY KIND, eithe
1737 Script Info: | HTTPOptions:
1738 Script Info: | HTTP/1.1 200 OK
1739 Script Info: | Date: Wed, 04 Dec 2019 07:33:32 GMT
1740 Script Info: | Expires: Tue, 24 Jan 2000 20:46:50 GMT
1741 Script Info: | Cache-Control: no-store, no-cache, must-revalidate, max-age=0
1742 Script Info: | Pragma: no-cache
1743 Script Info: | X-Frame-Options: SAMEORIGIN
1744 Script Info: | Allow: GET,HEAD,POST,OPTIONS
1745 Script Info: | Content-Length: 0
1746 Script Info: | RTSPRequest, X11Probe:
1747 Script Info: | HTTP/1.1 400 Bad Request
1748 Script Info: | Content-Length: 0
1749 Script Info: |_ Connection: close
1750 Port: 110/tcp open pop3 syn-ack ttl 48 Zimbra pop3d
1751 Script Info: |_pop3-capabilities: XOIP USER IMPLEMENTATION(ZimbraInc) EXPIRE(31 USER) STLS TOP SASL(PLAIN X-ZIMBRA) UIDL
1752 Script Info: |_ssl-date: 2019-12-04T07:36:05+00:00; -1s from scanner time.
1753 Port: 143/tcp open imap syn-ack ttl 49 Zimbra imapd
1754 Script Info: |_imap-capabilities: CATENATE LIST-EXTENDED LIST-STATUS UIDPLUS RIGHTS=ektx LITERAL+ CHILDREN NAMESPACE CONDSTORE ENABLE IMAP4rev1 QRESYNC STARTTLS XLISTA0001 MULTIAPPEND WITHIN SORT SEARCHRES OK LOGIN-REFERRALS ID QUOTA SASL-IR BINARY ACL THREAD=ORDEREDSUBJECT CAPABILITY ESORT IDLE UNSELECT I18NLEVEL=1 completed ESEARCH AUTH=PLAIN
1755 Script Info: |_ssl-date: 2019-12-04T07:36:06+00:00; 0s from scanner time.
1756 Port: 443/tcp open ssl/https? syn-ack ttl 46
1757 Script Info: |_ssl-date: 2019-12-04T07:36:05+00:00; -1s from scanner time.
1758 Port: 587/tcp open smtp syn-ack ttl 47 Postfix smtpd
1759 Script Info: |_smtp-commands: mail.ihszimbra1.com, PIPELINING, SIZE 204857600, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1760 Script Info: |_ssl-date: 2019-12-04T07:36:06+00:00; -1s from scanner time.
1761 Script Info: | sslv2:
1762 Script Info: | SSLv2 supported
1763 Script Info: | ciphers:
1764 Script Info: | SSL2_RC4_128_WITH_MD5
1765 Script Info: | SSL2_DES_192_EDE3_CBC_WITH_MD5
1766 Script Info: | SSL2_RC2_128_CBC_WITH_MD5
1767 Script Info: | SSL2_DES_64_CBC_WITH_MD5
1768 Os Info: Hosts: mail.ihszimbra1.com, mail.ihszimbra1.com
1769#######################################################################################################################################
1770traceroute to www.albayraklar.com (94.138.199.135), 30 hops max, 60 byte packets
1771 1 10.249.204.1 (10.249.204.1) 207.338 ms 207.317 ms 207.295 ms
1772 2 213.184.122.97 (213.184.122.97) 207.349 ms 207.323 ms 207.299 ms
1773 3 bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9) 207.155 ms 207.133 ms 207.110 ms
1774 4 bzq-219-189-185.dsl.bezeqint.net (62.219.189.185) 311.924 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185) 207.052 ms 207.030 ms
1775 5 bzq-219-189-17.cablep.bezeqint.net (62.219.189.17) 207.054 ms bzq-219-189-86.cablep.bezeqint.net (62.219.189.86) 311.734 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1) 420.316 ms
1776 6 bzq-161-218.pop.bezeqint.net (212.179.161.218) 420.245 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 252.758 ms bzq-219-189-86.cablep.bezeqint.net (62.219.189.86) 252.662 ms
1777 7 bzq-161-218.pop.bezeqint.net (212.179.161.218) 252.659 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 252.668 ms bzq-179-124-42.cust.bezeqint.net (212.179.124.42) 252.657 ms
1778 8 ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 252.727 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 252.642 ms 252.600 ms
1779 9 et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 252.597 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 252.617 ms 252.606 ms
178010 if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10) 326.517 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 274.937 ms 274.886 ms
178111 5.23.0.38 (5.23.0.38) 275.268 ms * 461.955 ms
1782#######################################################################################################################################
1783----- albayraklar.com -----
1784
1785
1786Host's addresses:
1787__________________
1788
1789albayraklar.com. 86400 IN A 94.138.199.135
1790
1791
1792Name Servers:
1793______________
1794
1795ns2.ihsdnsx45.com. 85985 IN A 94.138.199.136
1796ns1.ihsdnsx45.com. 86308 IN A 94.138.199.135
1797
1798
1799Mail (MX) Servers:
1800___________________
1801
1802antispam2.ihs.com.tr. 43200 IN A 94.138.192.241
1803antispam1.ihs.com.tr. 43200 IN A 94.138.192.240
1804
1805
1806
1807Google Results:
1808________________
1809
1810 perhaps Google is blocking our queries.
1811 Check manually.
1812
1813
1814Brute forcing with /usr/share/dnsenum/dns.txt:
1815_______________________________________________
1816
1817ftp.albayraklar.com. 86400 IN CNAME albayraklar.com.
1818albayraklar.com. 86400 IN A 94.138.199.135
1819mail.albayraklar.com. 86400 IN A 94.138.192.212
1820webmail.albayraklar.com. 86400 IN A 94.138.192.212
1821www.albayraklar.com. 86175 IN A 94.138.199.135
1822
1823
1824Launching Whois Queries:
1825_________________________
1826
1827 whois ip result: 94.138.192.0 -> 94.138.192.0/24
1828 whois ip result: 94.138.199.0 -> 94.138.199.0/24
1829
1830
1831albayraklar.com_______________
1832
1833 94.138.199.0/24
1834 94.138.192.0/24
1835#######################################################################################################################################
1836WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1837Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 21:41 EST
1838Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
1839Host is up (0.33s latency).
1840Not shown: 485 filtered ports, 4 closed ports
1841Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1842PORT STATE SERVICE
184321/tcp open ftp
184453/tcp open domain
184580/tcp open http
1846110/tcp open pop3
1847143/tcp open imap
1848443/tcp open https
1849587/tcp open submission
1850
1851Nmap done: 1 IP address (1 host up) scanned in 15.69 seconds
1852#######################################################################################################################################
1853Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 21:41 EST
1854Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
1855Host is up (0.32s latency).
1856Not shown: 2 filtered ports
1857PORT STATE SERVICE
185853/udp open domain
185967/udp open|filtered dhcps
186068/udp open|filtered dhcpc
186169/udp open|filtered tftp
186288/udp open|filtered kerberos-sec
1863123/udp open|filtered ntp
1864139/udp open|filtered netbios-ssn
1865161/udp open|filtered snmp
1866162/udp open|filtered snmptrap
1867389/udp open|filtered ldap
1868500/udp open|filtered isakmp
1869520/udp open|filtered route
18702049/udp open|filtered nfs
1871
1872Nmap done: 1 IP address (1 host up) scanned in 3.85 seconds
1873#######################################################################################################################################
1874Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 21:42 EST
1875NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
1876NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
1877NSE: [ftp-brute] passwords: Time limit 10m00s exceeded.
1878Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
1879Host is up (0.38s latency).
1880
1881PORT STATE SERVICE VERSION
188221/tcp open ftp ProFTPD
1883| ftp-brute:
1884| Accounts: No valid accounts found
1885|_ Statistics: Performed 6400 guesses in 601 seconds, average tps: 10.4
1886| vulscan: VulDB - https://vuldb.com:
1887| [138380] ProFTPD 1.3.5b mod_copy Code Execution
1888| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
1889| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
1890| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
1891| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
1892| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
1893| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
1894| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
1895| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
1896| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
1897| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
1898| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
1899| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
1900| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
1901| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
1902| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
1903| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
1904| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
1905| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
1906| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
1907| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
1908| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
1909|
1910| MITRE CVE - https://cve.mitre.org:
1911| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
1912| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
1913| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
1914| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
1915| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
1916| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
1917| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
1918| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
1919| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
1920| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
1921| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
1922| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
1923| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
1924| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
1925| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
1926| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
1927| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
1928| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
1929| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
1930| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
1931| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
1932| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
1933| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
1934| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
1935| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
1936| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
1937| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
1938| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
1939| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
1940| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
1941| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
1942| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
1943| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
1944| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
1945| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
1946| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
1947| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
1948| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
1949| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
1950|
1951| SecurityFocus - https://www.securityfocus.com/bid/:
1952| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
1953| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
1954| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
1955| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
1956| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
1957| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
1958| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
1959| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
1960| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
1961| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
1962| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
1963| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
1964| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
1965| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
1966| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
1967| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
1968| [44562] ProFTPD Multiple Remote Vulnerabilities
1969| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
1970| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
1971| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
1972| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
1973| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
1974| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
1975| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
1976| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
1977| [14381] ProFTPD Shutdown Message Format String Vulnerability
1978| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
1979| [12588] GProFTPD GProstats Remote Format String Vulnerability
1980| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
1981| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
1982| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
1983| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
1984| [7974] ProFTPD SQL Injection mod_sql Vulnerability
1985| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
1986| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
1987| [3310] ProFTPD Client Hostname Resolving Vulnerability
1988| [2366] ProFTPD USER Remote Denial of Service Vulnerability
1989| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
1990| [812] ProFTPD mod_sqlpw Vulnerability
1991| [650] ProFTPD snprintf Vulnerability
1992| [612] ProFTPD Remote Buffer Overflow
1993|
1994| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1995| [80980] ProFTPD FTP commands symlink
1996| [71226] ProFTPD pool code execution
1997| [65207] ProFTPD mod_sftp module denial of service
1998| [64495] ProFTPD sql_prepare_where() buffer overflow
1999| [63658] ProFTPD FTP server backdoor
2000| [63407] mod_sql module for ProFTPD buffer overflow
2001| [63155] ProFTPD pr_data_xfer denial of service
2002| [62909] ProFTPD mod_site_misc directory traversal
2003| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
2004| [53936] ProFTPD mod_tls SSL certificate security bypass
2005| [48951] ProFTPD mod_sql username percent SQL injection
2006| [48558] ProFTPD NLS support SQL injection protection bypass
2007| [45274] ProFTPD URL cross-site request forgery
2008| [33733] ProFTPD Auth API security bypass
2009| [31461] ProFTPD mod_radius buffer overflow
2010| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
2011| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
2012| [30147] ProFTPD sreplace() buffer overflow
2013| [21530] ProFTPD mod_sql format string attack
2014| [21528] ProFTPD shutdown message format string attack
2015| [19410] GProFTPD file name format string attack
2016| [18453] ProFTPD SITE CHGRP command allows group ownership modification
2017| [17724] ProFTPD could allow an attacker to obtain valid accounts
2018| [16038] ProFTPD CIDR entry ACL bypass
2019| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
2020| [12369] ProFTPD mod_sql SQL injection
2021| [12200] ProFTPD ASCII file newline buffer overflow
2022| [10932] ProFTPD long PASS command buffer overflow
2023| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
2024| [7818] ProFTPD ls "
2025| [7816] ProFTPD file globbing denial of service
2026| [7126] ProFTPD fails to resolve hostnames
2027| [6433] ProFTPD format string
2028| [6209] proFTPD /var symlink
2029| [6208] ProFTPD contains configuration error in postinst script when running as root
2030| [5801] proftpd memory leak when using SIZE or USER commands
2031| [5737] ProFTPD system using mod_sqlpw unauthorized access
2032|
2033| Exploit-DB - https://www.exploit-db.com:
2034| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
2035| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
2036| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
2037| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
2038| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
2039| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
2040| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
2041| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
2042| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
2043| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
2044| [16921] ProFTPD-1.3.3c Backdoor Command Execution
2045| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
2046| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
2047| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
2048| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
2049| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
2050| [15449] ProFTPD IAC Remote Root Exploit
2051| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
2052| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
2053| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
2054| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
2055| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
2056| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
2057| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
2058| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
2059| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
2060| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
2061| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
2062| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
2063| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
2064| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
2065| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
2066| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
2067|
2068| OpenVAS (Nessus) - http://www.openvas.org:
2069| [900815] ProFTPD Server Remote Version Detection
2070| [900507] ProFTPD Server SQL Injection Vulnerability
2071| [900506] ProFTPD Server Version Detection
2072| [900133] ProFTPD Long Command Handling Security Vulnerability
2073| [863897] Fedora Update for proftpd FEDORA-2011-15765
2074| [863633] Fedora Update for proftpd FEDORA-2011-15741
2075| [863630] Fedora Update for proftpd FEDORA-2011-15740
2076| [862999] Fedora Update for proftpd FEDORA-2011-5040
2077| [862992] Fedora Update for proftpd FEDORA-2011-5033
2078| [862829] Fedora Update for proftpd FEDORA-2011-0613
2079| [862828] Fedora Update for proftpd FEDORA-2011-0610
2080| [862658] Fedora Update for proftpd FEDORA-2010-17091
2081| [862546] Fedora Update for proftpd FEDORA-2010-17220
2082| [862544] Fedora Update for proftpd FEDORA-2010-17098
2083| [861120] Fedora Update for proftpd FEDORA-2007-2613
2084| [831503] Mandriva Update for proftpd MDVSA-2011:181 (proftpd)
2085| [831323] Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
2086| [831242] Mandriva Update for proftpd MDVSA-2010:227 (proftpd)
2087| [830311] Mandriva Update for proftpd MDKSA-2007:130 (proftpd)
2088| [830197] Mandriva Update for proftpd MDKA-2007:089 (proftpd)
2089| [801640] ProFTPD Denial of Service Vulnerability
2090| [801639] ProFTPD Multiple Remote Vulnerabilities
2091| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2092| [100933] ProFTPD Backdoor Unauthorized Access Vulnerability
2093| [100316] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2094| [71967] Slackware Advisory SSA:2012-041-04 proftpd
2095| [70586] FreeBSD Ports: proftpd, proftpd-mysql
2096| [70560] Debian Security Advisory DSA 2346-2 (proftpd-dfsg)
2097| [70559] Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
2098| [69584] Slackware Advisory SSA:2011-095-01 proftpd
2099| [69327] Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
2100| [69322] Debian Security Advisory DSA 2185-1 (proftpd-dfsg)
2101| [68801] Slackware Advisory SSA:2010-357-02 proftpd
2102| [68702] FreeBSD Ports: proftpd
2103| [68697] FreeBSD Ports: proftpd
2104| [68466] Slackware Advisory SSA:2010-305-03 proftpd
2105| [66585] Fedora Core 11 FEDORA-2009-13236 (proftpd)
2106| [66583] Fedora Core 12 FEDORA-2009-13250 (proftpd)
2107| [66291] Fedora Core 10 FEDORA-2009-11666 (proftpd)
2108| [66290] Fedora Core 11 FEDORA-2009-11649 (proftpd)
2109| [66205] Debian Security Advisory DSA 1925-1 (proftpd-dfsg)
2110| [66091] Mandrake Security Advisory MDVSA-2009:288 (proftpd)
2111| [64966] Fedora Core 10 FEDORA-2009-9386 (proftpd)
2112| [63630] FreeBSD Ports: proftpd, proftpd-mysql
2113| [63573] Debian Security Advisory DSA 1727-1 (proftpd-dfsg)
2114| [63558] Gentoo Security Advisory GLSA 200903-27 (proftpd)
2115| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
2116| [63128] Fedora Core 8 FEDORA-2009-0195 (proftpd)
2117| [63119] Fedora Core 10 FEDORA-2009-0089 (proftpd)
2118| [63117] Fedora Core 9 FEDORA-2009-0064 (proftpd)
2119| [63061] Debian Security Advisory DSA 1689-1 (proftpd-dfsg)
2120| [61656] FreeBSD Ports: proftpd, proftpd-mysql
2121| [58019] Gentoo Security Advisory GLSA 200702-02 (proftpd)
2122| [57939] Gentoo Security Advisory GLSA 200611-26 (proftpd)
2123| [57786] Debian Security Advisory DSA 1245-1 (proftpd)
2124| [57725] FreeBSD Ports: proftpd, proftpd-mysql
2125| [57703] Slackware Advisory SSA:2006-335-02 proftpd
2126| [57686] Debian Security Advisory DSA 1222-2 (proftpd)
2127| [57683] Debian Security Advisory DSA 1222-1 (proftpd)
2128| [57592] Debian Security Advisory DSA 1218-1 (proftpd)
2129| [57576] FreeBSD Ports: proftpd, proftpd-mysql
2130| [55234] Debian Security Advisory DSA 795-2 (proftpd)
2131| [55007] Gentoo Security Advisory GLSA 200508-02 (proftpd)
2132| [54858] Gentoo Security Advisory GLSA 200502-26 (GProFTPD)
2133| [54569] Gentoo Security Advisory GLSA 200405-09 (proftpd)
2134| [54483] FreeBSD Ports: proftpd, proftpd-mysql
2135| [53882] Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
2136| [53794] Debian Security Advisory DSA 032-1 (proftpd)
2137| [53791] Debian Security Advisory DSA 029-1 (proftpd)
2138| [52532] FreeBSD Ports: proftpd
2139| [52464] FreeBSD Ports: proftpd
2140| [15484] proftpd < 1.2.11 remote user enumeration
2141|
2142| SecurityTracker - https://www.securitytracker.com:
2143| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
2144| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
2145| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
2146| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
2147| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
2148| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
2149| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
2150| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
2151| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
2152| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
2153| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
2154| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
2155| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
2156| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
2157|
2158| OSVDB - http://www.osvdb.org:
2159| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
2160| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
2161| [70868] ProFTPD mod_sftp Component SSH Payload DoS
2162| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
2163| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
2164| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
2165| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
2166| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
2167| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
2168| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
2169| [57310] ProFTPD Multiple Unspecified Overflows
2170| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
2171| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
2172| [57307] ProFTPD Multiple Modules Unspecified Overflows
2173| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
2174| [57305] ProFTPD src/main.c Unspecified Overflow
2175| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
2176| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
2177| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
2178| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
2179| [51849] ProFTPD Character Encoding SQL Injection
2180| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
2181| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
2182| [48411] ProFTPD FTP Command Truncation CSRF
2183| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
2184| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
2185| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
2186| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
2187| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
2188| [23063] ProFTPD mod_radius Password Overflow DoS
2189| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
2190| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
2191| [18270] ProFTPD ftpshut Shutdown Message Format String
2192| [14012] GProftpd gprostats Utility Log Parser Remote Format String
2193| [10769] ProFTPD File Transfer Newline Character Overflow
2194| [10768] ProFTPD STAT Command Remote DoS
2195| [10758] ProFTPD Login Timing Account Name Enumeration
2196| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
2197| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
2198| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
2199| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
2200| [7165] ProFTPD USER Command Memory Leak DoS
2201| [5744] ProFTPD CIDR IP Subnet ACL Bypass
2202| [5705] ProFTPD Malformed cwd Command Format String
2203| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
2204| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
2205| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
2206|_
2207Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2208Device type: general purpose
2209Running (JUST GUESSING): Linux 3.X|4.X (90%)
2210OS CPE: cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:4.4
2211Aggressive OS guesses: Linux 3.10 (90%), Linux 3.10 - 3.16 (90%), Linux 3.10 - 3.12 (89%), Linux 4.4 (89%), Linux 4.9 (89%), Linux 4.0 (88%)
2212No exact OS matches for host (test conditions non-ideal).
2213Network Distance: 14 hops
2214Service Info: Host: 94.138.199.135; OS: Unix
2215
2216TRACEROUTE (using port 21/tcp)
2217HOP RTT ADDRESS
22181 369.92 ms 10.249.204.1
22192 370.03 ms 213.184.122.97
22203 370.01 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
22214 370.00 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
22225 370.05 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
22236 370.11 ms bzq-219-189-17.cablep.bezeqint.net (62.219.189.17)
22247 370.18 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
22258 370.17 ms et-0-0-67.cr2-fra2.ip4.gtt.net (141.136.110.54)
22269 370.16 ms et-0-0-67.cr2-fra2.ip4.gtt.net (141.136.110.54)
222710 217.60 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
222811 ... 13
222914 430.73 ms ns1.ihsdnsx45.com (94.138.199.135)
2230#######################################################################################################################################
2231Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 21:53 EST
2232Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
2233Host is up (0.39s latency).
2234
2235PORT STATE SERVICE VERSION
223653/tcp open domain (unknown banner: none)
2237|_dns-fuzz: Server didn't response to our probe, can't fuzz
2238| dns-nsec-enum:
2239|_ No NSEC records found
2240| dns-nsec3-enum:
2241|_ DNSSEC NSEC3 not supported
2242| dns-nsid:
2243|_ bind.version: none
2244| fingerprint-strings:
2245| DNSVersionBindReqTCP:
2246| version
2247| bind
2248|_ none
22491 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2250SF-Port53-TCP:V=7.80%I=7%D=12/5%Time=5DE9C2B3%P=x86_64-pc-linux-gnu%r(DNSV
2251SF:ersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x
2252SF:04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\
2253SF:0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
2254Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2255Device type: general purpose
2256Running (JUST GUESSING): Linux 3.X|4.X (90%)
2257OS CPE: cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:4.0
2258Aggressive OS guesses: Linux 3.10 (90%), Linux 3.10 - 3.16 (90%), Linux 4.0 (90%), Linux 4.4 (89%), Linux 4.9 (89%), Linux 3.10 - 3.12 (87%)
2259No exact OS matches for host (test conditions non-ideal).
2260Network Distance: 14 hops
2261
2262Host script results:
2263| dns-brute:
2264| DNS Brute-force hostnames:
2265| ns1.ihsdnsx45.com - 94.138.199.135
2266| ns2.ihsdnsx45.com - 94.138.199.136
2267| mail.ihsdnsx45.com - 94.138.199.136
2268| www.ihsdnsx45.com - 94.138.199.135
2269|_ ftp.ihsdnsx45.com - 94.138.199.135
2270
2271TRACEROUTE (using port 53/tcp)
2272HOP RTT ADDRESS
22731 331.13 ms 10.249.204.1
22742 331.19 ms 213.184.122.97
22753 331.18 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
22764 331.24 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
22775 331.23 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190)
22786 331.25 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
22797 331.29 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
22808 331.29 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
22819 331.36 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
228210 331.40 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
228311 458.92 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
228412 ... 13
228514 458.66 ms ns1.ihsdnsx45.com (94.138.199.135)
2286#######################################################################################################################################
2287HTTP/1.1 200 OK
2288Date: Fri, 06 Dec 2019 02:54:13 GMT
2289Server: Apache
2290Last-Modified: Wed, 31 Jan 2018 00:15:13 GMT
2291ETag: "e7d-564075f89d955"
2292Accept-Ranges: bytes
2293Content-Length: 3709
2294X-Powered-By: PleskLin
2295Content-Type: text/html
2296
2297Allow: POST,OPTIONS,GET,HEAD
2298#######################################################################################################################################
2299http://94.138.199.135 [200 OK] Apache, Country[TURKEY][TR], HTML5, HTTPServer[Apache], IP[94.138.199.135], Plesk[Lin], Title[Web Server's Default Page], X-Powered-By[PleskLin], X-UA-Compatible[IE=edge]
2300#######################################################################################################################################
2301
2302wig - WebApp Information Gatherer
2303
2304
2305Scanning http://94.138.199.135...
2306_________________________________________ SITE INFO _________________________________________
2307IP Title
230894.138.199.135 Web Server's Default Page
2309
2310__________________________________________ VERSION __________________________________________
2311Name Versions Type
2312Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
2313 2.4.9
2314
2315_____________________________________________________________________________________________
2316Time: 79.5 sec Urls: 811 Fingerprints: 40401
2317#######################################################################################################################################
2318Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 21:55 EST
2319NSE: Loaded 163 scripts for scanning.
2320NSE: Script Pre-scanning.
2321Initiating NSE at 21:55
2322Completed NSE at 21:55, 0.00s elapsed
2323Initiating NSE at 21:55
2324Completed NSE at 21:55, 0.00s elapsed
2325Initiating Parallel DNS resolution of 1 host. at 21:55
2326Completed Parallel DNS resolution of 1 host. at 21:55, 0.02s elapsed
2327Initiating SYN Stealth Scan at 21:55
2328Scanning ns1.ihsdnsx45.com (94.138.199.135) [1 port]
2329Discovered open port 80/tcp on 94.138.199.135
2330Completed SYN Stealth Scan at 21:55, 0.43s elapsed (1 total ports)
2331Initiating Service scan at 21:55
2332Scanning 1 service on ns1.ihsdnsx45.com (94.138.199.135)
2333Completed Service scan at 21:56, 6.65s elapsed (1 service on 1 host)
2334Initiating OS detection (try #1) against ns1.ihsdnsx45.com (94.138.199.135)
2335Retrying OS detection (try #2) against ns1.ihsdnsx45.com (94.138.199.135)
2336Initiating Traceroute at 21:56
2337Completed Traceroute at 21:56, 3.42s elapsed
2338Initiating Parallel DNS resolution of 12 hosts. at 21:56
2339Completed Parallel DNS resolution of 12 hosts. at 21:56, 0.53s elapsed
2340NSE: Script scanning 94.138.199.135.
2341Initiating NSE at 21:56
2342NSE Timing: About 33.68% done; ETC: 21:57 (0:01:01 remaining)
2343NSE Timing: About 66.90% done; ETC: 21:58 (0:00:42 remaining)
2344NSE Timing: About 84.14% done; ETC: 21:59 (0:00:30 remaining)
2345NSE Timing: About 84.25% done; ETC: 22:00 (0:00:36 remaining)
2346NSE Timing: About 85.27% done; ETC: 22:00 (0:00:40 remaining)
2347NSE Timing: About 85.08% done; ETC: 22:01 (0:00:48 remaining)
2348NSE Timing: About 84.62% done; ETC: 22:02 (0:00:59 remaining)
2349NSE Timing: About 85.05% done; ETC: 22:03 (0:01:07 remaining)
2350NSE Timing: About 86.05% done; ETC: 22:05 (0:01:13 remaining)
2351NSE Timing: About 87.09% done; ETC: 22:06 (0:01:18 remaining)
2352NSE: [http-wordpress-enum 94.138.199.135:80] got no answers from pipelined queries
2353NSE Timing: About 89.40% done; ETC: 22:07 (0:01:12 remaining)
2354NSE Timing: About 90.73% done; ETC: 22:08 (0:01:09 remaining)
2355NSE Timing: About 92.05% done; ETC: 22:09 (0:01:05 remaining)
2356NSE Timing: About 94.04% done; ETC: 22:10 (0:00:52 remaining)
2357NSE Timing: About 95.03% done; ETC: 22:11 (0:00:45 remaining)
2358NSE Timing: About 96.36% done; ETC: 22:12 (0:00:35 remaining)
2359Completed NSE at 22:17, 1246.38s elapsed
2360Initiating NSE at 22:17
2361Completed NSE at 22:17, 8.79s elapsed
2362Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
2363Host is up (0.41s latency).
2364
2365PORT STATE SERVICE VERSION
236680/tcp open http Apache httpd (PleskLin)
2367|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
2368| http-brute:
2369|_ Path "/" does not require authentication
2370|_http-chrono: Request times for /; avg: 24151.49ms; min: 23083.98ms; max: 26629.52ms
2371|_http-csrf: Couldn't find any CSRF vulnerabilities.
2372|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2373|_http-dombased-xss: Couldn't find any DOM based XSS.
2374|_http-errors: ERROR: Script execution failed (use -d to debug)
2375|_http-feed: Couldn't find any feeds.
2376|_http-fetch: Please enter the complete path of the directory to save data in.
2377|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2378|_http-mobileversion-checker: No mobile version detected.
2379|_http-security-headers:
2380|_http-server-header: Apache
2381| http-sitemap-generator:
2382| Directory structure:
2383| Longest directory structure:
2384| Depth: 0
2385| Dir: /
2386| Total files found (by extension):
2387|_
2388|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2389|_http-traceroute: ERROR: Script execution failed (use -d to debug)
2390| http-vhosts:
2391|_127 names had status ERROR
2392|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
2393|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2394|_http-xssed: No previously reported XSS vuln.
2395| vulscan: VulDB - https://vuldb.com:
2396| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2397| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2398| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2399| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2400| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2401| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2402| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2403| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2404| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2405| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2406| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2407| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2408| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2409| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2410| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2411| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2412| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2413| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2414| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2415| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2416| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2417| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2418| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2419| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2420| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2421| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2422| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2423| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2424| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2425| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2426| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2427| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2428| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2429| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2430| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2431| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2432| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2433| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2434| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2435| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2436| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2437| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2438| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2439| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2440| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2441| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2442| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2443| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2444| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2445| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2446| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2447| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2448| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2449| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2450| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2451| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2452| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2453| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2454| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2455| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2456| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2457| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2458| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2459| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2460| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2461| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2462| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2463| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2464| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2465| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2466| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2467| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2468| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2469| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2470| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2471| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2472| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2473| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2474| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2475| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2476| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2477| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2478| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2479| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2480| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2481| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2482| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2483| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2484| [136370] Apache Fineract up to 1.2.x sql injection
2485| [136369] Apache Fineract up to 1.2.x sql injection
2486| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2487| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2488| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2489| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2490| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2491| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2492| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2493| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2494| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2495| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2496| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2497| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2498| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2499| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2500| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2501| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2502| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2503| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2504| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2505| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2506| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2507| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2508| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2509| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2510| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2511| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2512| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2513| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2514| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2515| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2516| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2517| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2518| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2519| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2520| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2521| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2522| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2523| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2524| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2525| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2526| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2527| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2528| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2529| [130629] Apache Guacamole Cookie Flag weak encryption
2530| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2531| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2532| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2533| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2534| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2535| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2536| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2537| [130123] Apache Airflow up to 1.8.2 information disclosure
2538| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2539| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2540| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2541| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2542| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2543| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2544| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2545| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2546| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2547| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2548| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2549| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2550| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2551| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2552| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2553| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2554| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2555| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2556| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2557| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2558| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2559| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2560| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2561| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2562| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2563| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2564| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2565| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2566| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2567| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2568| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2569| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2570| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2571| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2572| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2573| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2574| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2575| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2576| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2577| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2578| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2579| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2580| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2581| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2582| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2583| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2584| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2585| [127007] Apache Spark Request Code Execution
2586| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2587| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2588| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2589| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2590| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2591| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2592| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2593| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2594| [126346] Apache Tomcat Path privilege escalation
2595| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2596| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2597| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2598| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2599| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2600| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2601| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2602| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2603| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2604| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2605| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2606| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2607| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2608| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2609| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2610| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2611| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2612| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2613| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2614| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2615| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2616| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2617| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2618| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2619| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2620| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2621| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2622| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2623| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2624| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2625| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2626| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2627| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2628| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2629| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2630| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2631| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2632| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2633| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2634| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2635| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2636| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2637| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2638| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2639| [123197] Apache Sentry up to 2.0.0 privilege escalation
2640| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2641| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2642| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2643| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2644| [122800] Apache Spark 1.3.0 REST API weak authentication
2645| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2646| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2647| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2648| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2649| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2650| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2651| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2652| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2653| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2654| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2655| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2656| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2657| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2658| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2659| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2660| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2661| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2662| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2663| [121354] Apache CouchDB HTTP API Code Execution
2664| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2665| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2666| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2667| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2668| [120168] Apache CXF weak authentication
2669| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2670| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2671| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2672| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2673| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2674| [119306] Apache MXNet Network Interface privilege escalation
2675| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2676| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2677| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2678| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2679| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2680| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2681| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2682| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2683| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2684| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2685| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2686| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2687| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2688| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2689| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2690| [117115] Apache Tika up to 1.17 tika-server command injection
2691| [116929] Apache Fineract getReportType Parameter privilege escalation
2692| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2693| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2694| [116926] Apache Fineract REST Parameter privilege escalation
2695| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2696| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2697| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2698| [115883] Apache Hive up to 2.3.2 privilege escalation
2699| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2700| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2701| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2702| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2703| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2704| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2705| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2706| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2707| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2708| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2709| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2710| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2711| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2712| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2713| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2714| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2715| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2716| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2717| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2718| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2719| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2720| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2721| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2722| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2723| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2724| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2725| [113895] Apache Geode up to 1.3.x Code Execution
2726| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2727| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2728| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2729| [113747] Apache Tomcat Servlets privilege escalation
2730| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2731| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2732| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2733| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2734| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2735| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2736| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2737| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2738| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2739| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2740| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2741| [112885] Apache Allura up to 1.8.0 File information disclosure
2742| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2743| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2744| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2745| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2746| [112625] Apache POI up to 3.16 Loop denial of service
2747| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2748| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2749| [112339] Apache NiFi 1.5.0 Header privilege escalation
2750| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2751| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2752| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2753| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2754| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2755| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2756| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2757| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2758| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2759| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2760| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2761| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2762| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2763| [112114] Oracle 9.1 Apache Log4j privilege escalation
2764| [112113] Oracle 9.1 Apache Log4j privilege escalation
2765| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2766| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2767| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2768| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2769| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2770| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2771| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2772| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2773| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2774| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2775| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2776| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2777| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2778| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2779| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2780| [110701] Apache Fineract Query Parameter sql injection
2781| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2782| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2783| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2784| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2785| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2786| [110106] Apache CXF Fediz Spring cross site request forgery
2787| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2788| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2789| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2790| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2791| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2792| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2793| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2794| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2795| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2796| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2797| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2798| [108938] Apple macOS up to 10.13.1 apache denial of service
2799| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2800| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2801| [108935] Apple macOS up to 10.13.1 apache denial of service
2802| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2803| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2804| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2805| [108931] Apple macOS up to 10.13.1 apache denial of service
2806| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2807| [108929] Apple macOS up to 10.13.1 apache denial of service
2808| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2809| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2810| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2811| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2812| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2813| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2814| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2815| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2816| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2817| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2818| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2819| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2820| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2821| [108782] Apache Xerces2 XML Service denial of service
2822| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2823| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2824| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2825| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2826| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2827| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2828| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2829| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2830| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2831| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2832| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2833| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2834| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2835| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2836| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2837| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2838| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2839| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2840| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2841| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2842| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2843| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2844| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2845| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2846| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2847| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2848| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2849| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2850| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2851| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2852| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2853| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2854| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2855| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2856| [107639] Apache NiFi 1.4.0 XML External Entity
2857| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2858| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2859| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2860| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2861| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2862| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2863| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2864| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2865| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2866| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2867| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2868| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2869| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2870| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2871| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2872| [107084] Apache Struts up to 2.3.19 cross site scripting
2873| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2874| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2875| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2876| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2877| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2878| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2879| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2880| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2881| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2882| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2883| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2884| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2885| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2886| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2887| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2888| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2889| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2890| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2891| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2892| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2893| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2894| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2895| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2896| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2897| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2898| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2899| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2900| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2901| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2902| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2903| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2904| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2905| [105643] Apache Pony Mail up to 0.8b weak authentication
2906| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2907| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2908| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2909| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2910| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2911| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2912| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2913| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2914| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2915| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2916| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2917| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2918| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2919| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2920| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2921| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2922| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2923| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2924| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2925| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2926| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2927| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2928| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2929| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2930| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2931| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2932| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2933| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2934| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2935| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2936| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2937| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2938| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2939| [103690] Apache OpenMeetings 1.0.0 sql injection
2940| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2941| [103688] Apache OpenMeetings 1.0.0 weak encryption
2942| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2943| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2944| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2945| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2946| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2947| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2948| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2949| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2950| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2951| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2952| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2953| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2954| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2955| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2956| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2957| [103352] Apache Solr Node weak authentication
2958| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2959| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2960| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2961| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2962| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2963| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2964| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2965| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2966| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2967| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2968| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2969| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2970| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2971| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2972| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2973| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2974| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2975| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2976| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2977| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2978| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2979| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2980| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2981| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2982| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2983| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2984| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2985| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2986| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2987| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2988| [99937] Apache Batik up to 1.8 privilege escalation
2989| [99936] Apache FOP up to 2.1 privilege escalation
2990| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2991| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2992| [99930] Apache Traffic Server up to 6.2.0 denial of service
2993| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2994| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2995| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2996| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2997| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2998| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2999| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3000| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3001| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3002| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3003| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3004| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3005| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3006| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3007| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3008| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3009| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3010| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3011| [98605] Apple macOS up to 10.12.3 Apache denial of service
3012| [98604] Apple macOS up to 10.12.3 Apache denial of service
3013| [98603] Apple macOS up to 10.12.3 Apache denial of service
3014| [98602] Apple macOS up to 10.12.3 Apache denial of service
3015| [98601] Apple macOS up to 10.12.3 Apache denial of service
3016| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
3017| [98405] Apache Hadoop up to 0.23.10 privilege escalation
3018| [98199] Apache Camel Validation XML External Entity
3019| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
3020| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
3021| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
3022| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
3023| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
3024| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
3025| [97081] Apache Tomcat HTTPS Request denial of service
3026| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
3027| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
3028| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
3029| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
3030| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
3031| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
3032| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
3033| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
3034| [95311] Apache Storm UI Daemon privilege escalation
3035| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
3036| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
3037| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
3038| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
3039| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
3040| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
3041| [94540] Apache Tika 1.9 tika-server File information disclosure
3042| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
3043| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
3044| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
3045| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
3046| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
3047| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
3048| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3049| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3050| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
3051| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
3052| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
3053| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
3054| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
3055| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
3056| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3057| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3058| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
3059| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
3060| [93532] Apache Commons Collections Library Java privilege escalation
3061| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
3062| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
3063| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
3064| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
3065| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
3066| [93098] Apache Commons FileUpload privilege escalation
3067| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
3068| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
3069| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
3070| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
3071| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
3072| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
3073| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
3074| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
3075| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
3076| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
3077| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
3078| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
3079| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
3080| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
3081| [92549] Apache Tomcat on Red Hat privilege escalation
3082| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
3083| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
3084| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
3085| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
3086| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
3087| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
3088| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
3089| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
3090| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
3091| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
3092| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
3093| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
3094| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
3095| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
3096| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
3097| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
3098| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
3099| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
3100| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
3101| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
3102| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
3103| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
3104| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
3105| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
3106| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
3107| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
3108| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
3109| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
3110| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
3111| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
3112| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
3113| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
3114| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
3115| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
3116| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
3117| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
3118| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
3119| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
3120| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
3121| [90263] Apache Archiva Header denial of service
3122| [90262] Apache Archiva Deserialize privilege escalation
3123| [90261] Apache Archiva XML DTD Connection privilege escalation
3124| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
3125| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
3126| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
3127| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
3128| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3129| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3130| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
3131| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
3132| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
3133| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
3134| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
3135| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
3136| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
3137| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
3138| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
3139| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
3140| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
3141| [87765] Apache James Server 2.3.2 Command privilege escalation
3142| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
3143| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
3144| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
3145| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
3146| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
3147| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
3148| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
3149| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
3150| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
3151| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3152| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3153| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
3154| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
3155| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
3156| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3157| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3158| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
3159| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
3160| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
3161| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
3162| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
3163| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
3164| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
3165| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
3166| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
3167| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
3168| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
3169| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
3170| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
3171| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
3172| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
3173| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
3174| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
3175| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
3176| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
3177| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
3178| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
3179| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
3180| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
3181| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
3182| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
3183| [82076] Apache Ranger up to 0.5.1 privilege escalation
3184| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
3185| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
3186| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
3187| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
3188| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
3189| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
3190| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
3191| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
3192| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
3193| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
3194| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
3195| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
3196| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3197| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3198| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
3199| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
3200| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
3201| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
3202| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
3203| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
3204| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
3205| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
3206| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
3207| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
3208| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
3209| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
3210| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
3211| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
3212| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
3213| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
3214| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
3215| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
3216| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
3217| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
3218| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
3219| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
3220| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
3221| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
3222| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
3223| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
3224| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
3225| [79791] Cisco Products Apache Commons Collections Library privilege escalation
3226| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3227| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3228| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
3229| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
3230| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
3231| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
3232| [78989] Apache Ambari up to 2.1.1 Open Redirect
3233| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
3234| [78987] Apache Ambari up to 2.0.x cross site scripting
3235| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
3236| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3237| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3238| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3239| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3240| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3241| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3242| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3243| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
3244| [77406] Apache Flex BlazeDS AMF Message XML External Entity
3245| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
3246| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
3247| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
3248| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
3249| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
3250| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
3251| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
3252| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
3253| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
3254| [76567] Apache Struts 2.3.20 unknown vulnerability
3255| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
3256| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
3257| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
3258| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
3259| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
3260| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
3261| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
3262| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
3263| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
3264| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
3265| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
3266| [74793] Apache Tomcat File Upload denial of service
3267| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
3268| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
3269| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
3270| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
3271| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
3272| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
3273| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
3274| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
3275| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
3276| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
3277| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
3278| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
3279| [74468] Apache Batik up to 1.6 denial of service
3280| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
3281| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
3282| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
3283| [74174] Apache WSS4J up to 2.0.0 privilege escalation
3284| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
3285| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
3286| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
3287| [73731] Apache XML Security unknown vulnerability
3288| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
3289| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
3290| [73593] Apache Traffic Server up to 5.1.0 denial of service
3291| [73511] Apache POI up to 3.10 Deadlock denial of service
3292| [73510] Apache Solr up to 4.3.0 cross site scripting
3293| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
3294| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
3295| [73173] Apache CloudStack Stack-Based unknown vulnerability
3296| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
3297| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
3298| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
3299| [72890] Apache Qpid 0.30 unknown vulnerability
3300| [72887] Apache Hive 0.13.0 File Permission privilege escalation
3301| [72878] Apache Cordova 3.5.0 cross site request forgery
3302| [72877] Apache Cordova 3.5.0 cross site request forgery
3303| [72876] Apache Cordova 3.5.0 cross site request forgery
3304| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
3305| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
3306| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
3307| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
3308| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3309| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3310| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
3311| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
3312| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
3313| [71629] Apache Axis2/C spoofing
3314| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
3315| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
3316| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
3317| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
3318| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
3319| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
3320| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
3321| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
3322| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
3323| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
3324| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
3325| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
3326| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
3327| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
3328| [70809] Apache POI up to 3.11 Crash denial of service
3329| [70808] Apache POI up to 3.10 unknown vulnerability
3330| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
3331| [70749] Apache Axis up to 1.4 getCN spoofing
3332| [70701] Apache Traffic Server up to 3.3.5 denial of service
3333| [70700] Apache OFBiz up to 12.04.03 cross site scripting
3334| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
3335| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
3336| [70661] Apache Subversion up to 1.6.17 denial of service
3337| [70660] Apache Subversion up to 1.6.17 spoofing
3338| [70659] Apache Subversion up to 1.6.17 spoofing
3339| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
3340| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
3341| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
3342| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
3343| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
3344| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
3345| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
3346| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
3347| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
3348| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
3349| [69846] Apache HBase up to 0.94.8 information disclosure
3350| [69783] Apache CouchDB up to 1.2.0 memory corruption
3351| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
3352| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
3353| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
3354| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
3355| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
3356| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
3357| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
3358| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
3359| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3360| [69431] Apache Archiva up to 1.3.6 cross site scripting
3361| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3362| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3363| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
3364| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3365| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3366| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3367| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3368| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3369| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3370| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3371| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3372| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3373| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3374| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3375| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3376| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3377| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3378| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3379| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3380| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3381| [66356] Apache Wicket up to 6.8.0 information disclosure
3382| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3383| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3384| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3385| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3386| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3387| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3388| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3389| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3390| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3391| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3392| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3393| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3394| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3395| [65668] Apache Solr 4.0.0 Updater denial of service
3396| [65665] Apache Solr up to 4.3.0 denial of service
3397| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3398| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3399| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3400| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3401| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3402| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3403| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3404| [65410] Apache Struts 2.3.15.3 cross site scripting
3405| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3406| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3407| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3408| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3409| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3410| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3411| [65340] Apache Shindig 2.5.0 information disclosure
3412| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3413| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3414| [10826] Apache Struts 2 File privilege escalation
3415| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3416| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3417| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3418| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3419| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3420| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3421| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3422| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3423| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3424| [64722] Apache XML Security for C++ Heap-based memory corruption
3425| [64719] Apache XML Security for C++ Heap-based memory corruption
3426| [64718] Apache XML Security for C++ verify denial of service
3427| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3428| [64716] Apache XML Security for C++ spoofing
3429| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3430| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3431| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3432| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3433| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3434| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3435| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3436| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3437| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3438| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3439| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3440| [64467] Apache Geronimo 3.0 memory corruption
3441| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3442| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3443| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3444| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3445| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3446| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3447| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3448| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3449| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3450| [8873] Apache Struts 2.3.14 privilege escalation
3451| [8872] Apache Struts 2.3.14 privilege escalation
3452| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3453| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3454| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3455| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3456| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3457| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3458| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3459| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3460| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3461| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3462| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3463| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3464| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3465| [8427] Apache Tomcat Session Transaction weak authentication
3466| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3467| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3468| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3469| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3470| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3471| [63747] Apache Rave up to 0.20 User Account information disclosure
3472| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3473| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3474| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3475| [7687] Apache CXF up to 2.7.2 Token weak authentication
3476| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3477| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3478| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3479| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3480| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3481| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3482| [63090] Apache Tomcat up to 4.1.24 denial of service
3483| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3484| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3485| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3486| [62833] Apache CXF -/2.6.0 spoofing
3487| [62832] Apache Axis2 up to 1.6.2 spoofing
3488| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3489| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3490| [62826] Apache Libcloud up to 0.11.0 spoofing
3491| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3492| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3493| [62661] Apache Axis2 unknown vulnerability
3494| [62658] Apache Axis2 unknown vulnerability
3495| [62467] Apache Qpid up to 0.17 denial of service
3496| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3497| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3498| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3499| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3500| [62035] Apache Struts up to 2.3.4 denial of service
3501| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3502| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3503| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3504| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3505| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3506| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3507| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3508| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3509| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3510| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3511| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3512| [61229] Apache Sling up to 2.1.1 denial of service
3513| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3514| [61094] Apache Roller up to 5.0 cross site scripting
3515| [61093] Apache Roller up to 5.0 cross site request forgery
3516| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3517| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3518| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3519| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3520| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3521| [60708] Apache Qpid 0.12 unknown vulnerability
3522| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3523| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3524| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3525| [4882] Apache Wicket up to 1.5.4 directory traversal
3526| [4881] Apache Wicket up to 1.4.19 cross site scripting
3527| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3528| [60352] Apache Struts up to 2.2.3 memory corruption
3529| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3530| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3531| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3532| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3533| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3534| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3535| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3536| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3537| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3538| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3539| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3540| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3541| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3542| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3543| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3544| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3545| [59888] Apache Tomcat up to 6.0.6 denial of service
3546| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3547| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3548| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3549| [59850] Apache Geronimo up to 2.2.1 denial of service
3550| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3551| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3552| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3553| [58413] Apache Tomcat up to 6.0.10 spoofing
3554| [58381] Apache Wicket up to 1.4.17 cross site scripting
3555| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3556| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3557| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3558| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3559| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3560| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3561| [57568] Apache Archiva up to 1.3.4 cross site scripting
3562| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3563| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3564| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3565| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3566| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3567| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3568| [57025] Apache Tomcat up to 7.0.11 information disclosure
3569| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3570| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3571| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3572| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3573| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3574| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3575| [56512] Apache Continuum up to 1.4.0 cross site scripting
3576| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3577| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3578| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3579| [56441] Apache Tomcat up to 7.0.6 denial of service
3580| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3581| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3582| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3583| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3584| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3585| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3586| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3587| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3588| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3589| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3590| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3591| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3592| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3593| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3594| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3595| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3596| [54012] Apache Tomcat up to 6.0.10 denial of service
3597| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3598| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3599| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3600| [52894] Apache Tomcat up to 6.0.7 information disclosure
3601| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3602| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3603| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3604| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3605| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3606| [52584] Apache CouchDB up to 0.10.1 information disclosure
3607| [51757] Apache HTTP Server 2.0.44 cross site scripting
3608| [51756] Apache HTTP Server 2.0.44 spoofing
3609| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3610| [51690] Apache Tomcat up to 6.0 directory traversal
3611| [51689] Apache Tomcat up to 6.0 information disclosure
3612| [51688] Apache Tomcat up to 6.0 directory traversal
3613| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3614| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3615| [50626] Apache Solr 1.0.0 cross site scripting
3616| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3617| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3618| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3619| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3620| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3621| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3622| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3623| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3624| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3625| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3626| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3627| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3628| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3629| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3630| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3631| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3632| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3633| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3634| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3635| [47214] Apachefriends xampp 1.6.8 spoofing
3636| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3637| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3638| [47065] Apache Tomcat 4.1.23 cross site scripting
3639| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3640| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3641| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3642| [86625] Apache Struts directory traversal
3643| [44461] Apache Tomcat up to 5.5.0 information disclosure
3644| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3645| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3646| [43663] Apache Tomcat up to 6.0.16 directory traversal
3647| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3648| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3649| [43516] Apache Tomcat up to 4.1.20 directory traversal
3650| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3651| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3652| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3653| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3654| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3655| [40924] Apache Tomcat up to 6.0.15 information disclosure
3656| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3657| [40922] Apache Tomcat up to 6.0 information disclosure
3658| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3659| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3660| [40656] Apache Tomcat 5.5.20 information disclosure
3661| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3662| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3663| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3664| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3665| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3666| [40234] Apache Tomcat up to 6.0.15 directory traversal
3667| [40221] Apache HTTP Server 2.2.6 information disclosure
3668| [40027] David Castro Apache Authcas 0.4 sql injection
3669| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3670| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3671| [3414] Apache Tomcat WebDAV Stored privilege escalation
3672| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3673| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3674| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3675| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3676| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3677| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3678| [38524] Apache Geronimo 2.0 unknown vulnerability
3679| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3680| [38331] Apache Tomcat 4.1.24 information disclosure
3681| [38330] Apache Tomcat 4.1.24 information disclosure
3682| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3683| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3684| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3685| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3686| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3687| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3688| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3689| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3690| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3691| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3692| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3693| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3694| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3695| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3696| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3697| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3698| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3699| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3700| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3701| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3702| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3703| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3704| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3705| [34252] Apache HTTP Server denial of service
3706| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3707| [33877] Apache Opentaps 0.9.3 cross site scripting
3708| [33876] Apache Open For Business Project unknown vulnerability
3709| [33875] Apache Open For Business Project cross site scripting
3710| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3711| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3712|
3713| MITRE CVE - https://cve.mitre.org:
3714| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3715| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3716| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3717| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3718| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3719| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3720| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3721| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3722| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3723| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3724| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3725| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3726| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3727| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3728| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3729| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3730| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3731| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3732| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3733| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3734| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3735| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3736| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3737| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3738| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3739| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3740| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3741| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3742| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3743| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3744| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3745| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3746| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3747| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3748| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3749| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3750| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3751| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3752| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3753| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3754| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3755| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3756| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3757| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3758| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3759| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3760| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3761| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3762| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3763| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3764| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3765| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3766| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3767| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3768| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3769| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3770| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3771| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3772| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3773| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3774| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3775| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3776| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3777| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3778| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3779| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3780| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3781| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3782| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3783| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3784| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3785| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3786| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3787| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3788| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3789| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3790| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3791| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3792| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3793| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3794| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3795| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3796| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3797| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3798| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3799| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3800| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3801| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3802| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3803| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3804| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3805| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3806| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3807| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3808| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3809| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3810| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3811| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3812| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3813| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3814| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3815| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3816| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3817| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3818| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3819| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3820| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3821| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3822| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3823| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3824| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3825| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3826| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3827| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3828| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3829| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3830| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3831| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3832| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3833| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3834| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3835| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3836| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3837| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3838| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3839| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3840| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3841| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3842| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3843| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3844| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3845| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3846| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3847| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3848| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3849| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3850| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3851| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3852| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3853| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3854| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3855| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3856| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3857| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3858| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3859| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3860| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3861| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3862| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3863| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3864| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3865| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3866| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3867| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3868| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3869| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3870| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3871| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3872| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3873| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3874| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3875| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3876| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3877| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3878| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3879| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3880| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3881| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3882| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3883| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3884| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3885| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3886| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3887| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3888| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3889| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3890| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3891| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3892| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3893| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3894| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3895| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3896| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3897| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3898| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3899| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3900| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3901| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3902| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3903| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3904| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3905| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3906| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3907| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3908| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3909| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3910| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3911| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3912| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3913| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3914| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3915| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3916| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3917| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3918| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3919| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3920| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3921| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3922| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3923| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3924| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3925| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3926| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3927| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3928| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3929| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3930| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3931| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3932| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3933| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3934| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3935| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3936| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3937| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3938| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3939| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3940| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3941| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3942| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3943| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3944| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3945| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3946| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3947| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3948| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3949| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3950| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3951| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3952| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3953| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3954| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3955| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3956| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3957| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3958| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3959| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3960| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3961| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3962| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3963| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3964| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3965| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3966| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3967| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3968| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3969| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3970| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3971| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3972| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3973| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3974| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3975| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3976| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3977| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3978| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3979| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3980| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3981| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3982| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3983| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3984| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3985| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3986| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3987| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3988| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3989| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3990| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3991| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3992| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3993| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3994| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3995| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3996| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3997| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3998| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3999| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4000| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4001| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4002| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4003| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4004| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4005| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4006| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4007| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4008| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4009| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
4010| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
4011| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
4012| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4013| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4014| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4015| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4016| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4017| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4018| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4019| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4020| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4021| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4022| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
4023| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
4024| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4025| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4026| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
4027| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
4028| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
4029| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
4030| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
4031| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4032| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
4033| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4034| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
4035| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4036| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
4037| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
4038| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
4039| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4040| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4041| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4042| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
4043| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
4044| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
4045| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
4046| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
4047| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
4048| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
4049| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
4050| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
4051| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
4052| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
4053| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
4054| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4055| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
4056| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4057| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4058| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4059| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4060| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4061| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4062| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4063| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4064| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
4065| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4066| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4067| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
4068| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4069| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
4070| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
4071| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
4072| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
4073| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
4074| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
4075| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4076| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4077| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
4078| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4079| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4080| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4081| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4082| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4083| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
4084| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
4085| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
4086| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
4087| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
4088| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4089| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4090| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
4091| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4092| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
4093| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
4094| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
4095| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4096| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
4097| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4098| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4099| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4100| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4101| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4102| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4103| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4104| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4105| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4106| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4107| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
4108| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
4109| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4110| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4111| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
4112| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
4113| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
4114| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
4115| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
4116| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
4117| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
4118| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
4119| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
4120| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
4121| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
4122| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
4123| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
4124| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
4125| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
4126| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
4127| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
4128| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
4129| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
4130| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
4131| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4132| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4133| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
4134| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
4135| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
4136| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
4137| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
4138| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
4139| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
4140| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
4141| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
4142| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
4143| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
4144| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
4145| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
4146| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
4147| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
4148| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
4149| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
4150| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
4151| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
4152| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
4153| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
4154| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
4155| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
4156| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4157| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4158| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4159| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
4160| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
4161| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
4162| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
4163| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
4164| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
4165| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
4166| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
4167| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
4168| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
4169| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
4170| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
4171| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
4172| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
4173| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
4174| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4175| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4176| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
4177| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
4178| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
4179| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
4180| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
4181| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
4182| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
4183| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
4184| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
4185| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
4186| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
4187| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
4188| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
4189| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
4190| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
4191| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
4192| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
4193| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
4194| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
4195| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
4196| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
4197| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
4198| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
4199| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
4200| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
4201| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4202| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4203| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
4204| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
4205| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
4206| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
4207| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
4208| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
4209| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
4210| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
4211| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
4212| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
4213| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
4214| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
4215| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
4216| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
4217| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
4218| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
4219| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
4220| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
4221| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
4222| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
4223| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4224| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
4225| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4226| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
4227| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
4228| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
4229| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
4230| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
4231| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
4232| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
4233| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
4234| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
4235| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4236| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
4237| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
4238| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
4239| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
4240| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
4241| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
4242| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
4243| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4244| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
4245| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
4246| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
4247| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
4248| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4249| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
4250| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
4251| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
4252| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
4253| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
4254| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
4255| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
4256| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
4257| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
4258| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
4259| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
4260| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
4261| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
4262| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
4263| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
4264| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
4265| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
4266| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
4267| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
4268| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
4269| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
4270| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
4271| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
4272| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
4273| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
4274| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
4275| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
4276| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
4277| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
4278| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
4279| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
4280| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
4281| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
4282| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
4283| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
4284| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
4285| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
4286| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
4287| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
4288| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
4289| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
4290| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
4291| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
4292| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
4293| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
4294| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
4295| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4296| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
4297| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
4298| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
4299| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
4300| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
4301| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
4302| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
4303| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
4304| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
4305| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
4306| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
4307| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
4308| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
4309| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
4310| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
4311| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
4312| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
4313| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
4314| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
4315| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
4316| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
4317| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
4318| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
4319| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4320| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
4321| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
4322| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
4323|
4324| SecurityFocus - https://www.securityfocus.com/bid/:
4325| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
4326| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
4327| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
4328| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
4329| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
4330| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
4331| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
4332| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
4333| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
4334| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
4335| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
4336| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
4337| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
4338| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
4339| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
4340| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
4341| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
4342| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
4343| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
4344| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
4345| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
4346| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
4347| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
4348| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4349| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
4350| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
4351| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
4352| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4353| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4354| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4355| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4356| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4357| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
4358| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4359| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4360| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4361| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4362| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4363| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4364| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4365| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4366| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4367| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4368| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4369| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4370| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4371| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4372| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4373| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4374| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4375| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4376| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4377| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4378| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4379| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4380| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4381| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4382| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4383| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4384| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4385| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4386| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4387| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4388| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4389| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4390| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4391| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4392| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4393| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4394| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4395| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4396| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4397| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4398| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4399| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4400| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4401| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4402| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4403| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4404| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4405| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4406| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4407| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4408| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4409| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4410| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4411| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4412| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4413| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4414| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4415| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4416| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4417| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4418| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4419| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4420| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4421| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4422| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4423| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4424| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4425| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4426| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4427| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4428| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4429| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4430| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4431| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4432| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4433| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4434| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4435| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4436| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4437| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4438| [100447] Apache2Triad Multiple Security Vulnerabilities
4439| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4440| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4441| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4442| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4443| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4444| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4445| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4446| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4447| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4448| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4449| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4450| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4451| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4452| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4453| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4454| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4455| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4456| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4457| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4458| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4459| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4460| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4461| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4462| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4463| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4464| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4465| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4466| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4467| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4468| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4469| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4470| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4471| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4472| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4473| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4474| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4475| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4476| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4477| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4478| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4479| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4480| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4481| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4482| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4483| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4484| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4485| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4486| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4487| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4488| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4489| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4490| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4491| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4492| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4493| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4494| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4495| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4496| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4497| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4498| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4499| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4500| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4501| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4502| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4503| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4504| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4505| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4506| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4507| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4508| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4509| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4510| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4511| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4512| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4513| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4514| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4515| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4516| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4517| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4518| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4519| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4520| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4521| [95675] Apache Struts Remote Code Execution Vulnerability
4522| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4523| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4524| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4525| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4526| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4527| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4528| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4529| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4530| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4531| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4532| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4533| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4534| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4535| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4536| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4537| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4538| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4539| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4540| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4541| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4542| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4543| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4544| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4545| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4546| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4547| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4548| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4549| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4550| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4551| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4552| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4553| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4554| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4555| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4556| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4557| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4558| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4559| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4560| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4561| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4562| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4563| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4564| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4565| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4566| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4567| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4568| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4569| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4570| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4571| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4572| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4573| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4574| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4575| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4576| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4577| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4578| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4579| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4580| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4581| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4582| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4583| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4584| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4585| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4586| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4587| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4588| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4589| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4590| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4591| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4592| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4593| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4594| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4595| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4596| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4597| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4598| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4599| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4600| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4601| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4602| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4603| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4604| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4605| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4606| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4607| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4608| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4609| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4610| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4611| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4612| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4613| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4614| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4615| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4616| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4617| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4618| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4619| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4620| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4621| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4622| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4623| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4624| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4625| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4626| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4627| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4628| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4629| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4630| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4631| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4632| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4633| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4634| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4635| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4636| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4637| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4638| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4639| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4640| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4641| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4642| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4643| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4644| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4645| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4646| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4647| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4648| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4649| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4650| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4651| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4652| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4653| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4654| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4655| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4656| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4657| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4658| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4659| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4660| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4661| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4662| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4663| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4664| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4665| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4666| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4667| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4668| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4669| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4670| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4671| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4672| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4673| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4674| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4675| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4676| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4677| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4678| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4679| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4680| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4681| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4682| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4683| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4684| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4685| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4686| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4687| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4688| [76933] Apache James Server Unspecified Command Execution Vulnerability
4689| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4690| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4691| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4692| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4693| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4694| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4695| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4696| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4697| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4698| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4699| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4700| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4701| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4702| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4703| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4704| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4705| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4706| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4707| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4708| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4709| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4710| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4711| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4712| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4713| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4714| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4715| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4716| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4717| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4718| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4719| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4720| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4721| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4722| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4723| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4724| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4725| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4726| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4727| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4728| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4729| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4730| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4731| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4732| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4733| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4734| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4735| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4736| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4737| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4738| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4739| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4740| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4741| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4742| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4743| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4744| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4745| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4746| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4747| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4748| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4749| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4750| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4751| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4752| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4753| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4754| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4755| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4756| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4757| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4758| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4759| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4760| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4761| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4762| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4763| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4764| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4765| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4766| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4767| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4768| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4769| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4770| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4771| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4772| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4773| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4774| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4775| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4776| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4777| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4778| [68229] Apache Harmony PRNG Entropy Weakness
4779| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4780| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4781| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4782| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4783| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4784| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4785| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4786| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4787| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4788| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4789| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4790| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4791| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4792| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4793| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4794| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4795| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4796| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4797| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4798| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4799| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4800| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4801| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4802| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4803| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4804| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4805| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4806| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4807| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4808| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4809| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4810| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4811| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4812| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4813| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4814| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4815| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4816| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4817| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4818| [64780] Apache CloudStack Unauthorized Access Vulnerability
4819| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4820| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4821| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4822| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4823| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4824| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4825| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4826| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4827| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4828| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4829| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4830| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4831| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4832| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4833| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4834| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4835| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4836| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4837| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4838| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4839| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4840| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4841| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4842| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4843| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4844| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4845| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4846| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4847| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4848| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4849| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4850| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4851| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4852| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4853| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4854| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4855| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4856| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4857| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4858| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4859| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4860| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4861| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4862| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4863| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4864| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4865| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4866| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4867| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4868| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4869| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4870| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4871| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4872| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4873| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4874| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4875| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4876| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4877| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4878| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4879| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4880| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4881| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4882| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4883| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4884| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4885| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4886| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4887| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4888| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4889| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4890| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4891| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4892| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4893| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4894| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4895| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4896| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4897| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4898| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4899| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4900| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4901| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4902| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4903| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4904| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4905| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4906| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4907| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4908| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4909| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4910| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4911| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4912| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4913| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4914| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4915| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4916| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4917| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4918| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4919| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4920| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4921| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4922| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4923| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4924| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4925| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4926| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4927| [54798] Apache Libcloud Man In The Middle Vulnerability
4928| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4929| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4930| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4931| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4932| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4933| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4934| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4935| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4936| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4937| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4938| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4939| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4940| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4941| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4942| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4943| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4944| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4945| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4946| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4947| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4948| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4949| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4950| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4951| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4952| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4953| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4954| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4955| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4956| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4957| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4958| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4959| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4960| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4961| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4962| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4963| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4964| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4965| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4966| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4967| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4968| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4969| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4970| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4971| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4972| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4973| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4974| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4975| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4976| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4977| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4978| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4979| [49290] Apache Wicket Cross Site Scripting Vulnerability
4980| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4981| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4982| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4983| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4984| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4985| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4986| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4987| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4988| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4989| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4990| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4991| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4992| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4993| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4994| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4995| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4996| [46953] Apache MPM-ITK Module Security Weakness
4997| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4998| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4999| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5000| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5001| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5002| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5003| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5004| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5005| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5006| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5007| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
5008| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
5009| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
5010| [44616] Apache Shiro Directory Traversal Vulnerability
5011| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
5012| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
5013| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
5014| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
5015| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
5016| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5017| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
5018| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
5019| [42492] Apache CXF XML DTD Processing Security Vulnerability
5020| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
5021| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5022| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5023| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
5024| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
5025| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5026| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
5027| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
5028| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
5029| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5030| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5031| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
5032| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
5033| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5034| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
5035| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
5036| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
5037| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
5038| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
5039| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
5040| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
5041| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
5042| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
5043| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
5044| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
5045| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
5046| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
5047| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5048| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
5049| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
5050| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5051| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5052| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
5053| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
5054| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
5055| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5056| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
5057| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
5058| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
5059| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
5060| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
5061| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5062| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5063| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
5064| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
5065| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5066| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5067| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
5068| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
5069| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5070| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
5071| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
5072| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5073| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
5074| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5075| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5076| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
5077| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5078| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
5079| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
5080| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5081| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
5082| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
5083| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
5084| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
5085| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
5086| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
5087| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
5088| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
5089| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
5090| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5091| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
5092| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5093| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
5094| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5095| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
5096| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
5097| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
5098| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5099| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
5100| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
5101| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5102| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
5103| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
5104| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
5105| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
5106| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
5107| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5108| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
5109| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
5110| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
5111| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
5112| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
5113| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
5114| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
5115| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
5116| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
5117| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
5118| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
5119| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
5120| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
5121| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
5122| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5123| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
5124| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
5125| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
5126| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
5127| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
5128| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
5129| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
5130| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
5131| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
5132| [20527] Apache Mod_TCL Remote Format String Vulnerability
5133| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
5134| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
5135| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
5136| [19106] Apache Tomcat Information Disclosure Vulnerability
5137| [18138] Apache James SMTP Denial Of Service Vulnerability
5138| [17342] Apache Struts Multiple Remote Vulnerabilities
5139| [17095] Apache Log4Net Denial Of Service Vulnerability
5140| [16916] Apache mod_python FileSession Code Execution Vulnerability
5141| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
5142| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
5143| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
5144| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
5145| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
5146| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
5147| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
5148| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
5149| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
5150| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
5151| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
5152| [15177] PHP Apache 2 Local Denial of Service Vulnerability
5153| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
5154| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
5155| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
5156| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
5157| [14106] Apache HTTP Request Smuggling Vulnerability
5158| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
5159| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
5160| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
5161| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
5162| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
5163| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
5164| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
5165| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
5166| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
5167| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
5168| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
5169| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
5170| [11471] Apache mod_include Local Buffer Overflow Vulnerability
5171| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
5172| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
5173| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
5174| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
5175| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5176| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
5177| [11094] Apache mod_ssl Denial Of Service Vulnerability
5178| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
5179| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
5180| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
5181| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
5182| [10478] ClueCentral Apache Suexec Patch Security Weakness
5183| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
5184| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
5185| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
5186| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
5187| [9921] Apache Connection Blocking Denial Of Service Vulnerability
5188| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
5189| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
5190| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
5191| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
5192| [9733] Apache Cygwin Directory Traversal Vulnerability
5193| [9599] Apache mod_php Global Variables Information Disclosure Weakness
5194| [9590] Apache-SSL Client Certificate Forging Vulnerability
5195| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
5196| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
5197| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
5198| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
5199| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
5200| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
5201| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
5202| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
5203| [8898] Red Hat Apache Directory Index Default Configuration Error
5204| [8883] Apache Cocoon Directory Traversal Vulnerability
5205| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
5206| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
5207| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
5208| [8707] Apache htpasswd Password Entropy Weakness
5209| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
5210| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
5211| [8226] Apache HTTP Server Multiple Vulnerabilities
5212| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
5213| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
5214| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
5215| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
5216| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
5217| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
5218| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
5219| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
5220| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
5221| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
5222| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
5223| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5224| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5225| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5226| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5227| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
5228| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
5229| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
5230| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5231| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5232| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5233| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5234| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
5235| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
5236| [6117] Apache mod_php File Descriptor Leakage Vulnerability
5237| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
5238| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
5239| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
5240| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
5241| [5992] Apache HTDigest Insecure Temporary File Vulnerability
5242| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
5243| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
5244| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
5245| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
5246| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
5247| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5248| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
5249| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
5250| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
5251| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
5252| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5253| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
5254| [5485] Apache 2.0 Path Disclosure Vulnerability
5255| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5256| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
5257| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
5258| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
5259| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
5260| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
5261| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
5262| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
5263| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
5264| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
5265| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
5266| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
5267| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
5268| [4437] Apache Error Message Cross-Site Scripting Vulnerability
5269| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
5270| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
5271| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
5272| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
5273| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
5274| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
5275| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
5276| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
5277| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
5278| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
5279| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
5280| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
5281| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
5282| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
5283| [3596] Apache Split-Logfile File Append Vulnerability
5284| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
5285| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
5286| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
5287| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
5288| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
5289| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
5290| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
5291| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
5292| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
5293| [3169] Apache Server Address Disclosure Vulnerability
5294| [3009] Apache Possible Directory Index Disclosure Vulnerability
5295| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
5296| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
5297| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
5298| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
5299| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
5300| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
5301| [2216] Apache Web Server DoS Vulnerability
5302| [2182] Apache /tmp File Race Vulnerability
5303| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
5304| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
5305| [1821] Apache mod_cookies Buffer Overflow Vulnerability
5306| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
5307| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
5308| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
5309| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
5310| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
5311| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
5312| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
5313| [1457] Apache::ASP source.asp Example Script Vulnerability
5314| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
5315| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
5316|
5317| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5318| [86258] Apache CloudStack text fields cross-site scripting
5319| [85983] Apache Subversion mod_dav_svn module denial of service
5320| [85875] Apache OFBiz UEL code execution
5321| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
5322| [85871] Apache HTTP Server mod_session_dbd unspecified
5323| [85756] Apache Struts OGNL expression command execution
5324| [85755] Apache Struts DefaultActionMapper class open redirect
5325| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
5326| [85574] Apache HTTP Server mod_dav denial of service
5327| [85573] Apache Struts Showcase App OGNL code execution
5328| [85496] Apache CXF denial of service
5329| [85423] Apache Geronimo RMI classloader code execution
5330| [85326] Apache Santuario XML Security for C++ buffer overflow
5331| [85323] Apache Santuario XML Security for Java spoofing
5332| [85319] Apache Qpid Python client SSL spoofing
5333| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
5334| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
5335| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
5336| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
5337| [84952] Apache Tomcat CVE-2012-3544 denial of service
5338| [84763] Apache Struts CVE-2013-2135 security bypass
5339| [84762] Apache Struts CVE-2013-2134 security bypass
5340| [84719] Apache Subversion CVE-2013-2088 command execution
5341| [84718] Apache Subversion CVE-2013-2112 denial of service
5342| [84717] Apache Subversion CVE-2013-1968 denial of service
5343| [84577] Apache Tomcat security bypass
5344| [84576] Apache Tomcat symlink
5345| [84543] Apache Struts CVE-2013-2115 security bypass
5346| [84542] Apache Struts CVE-2013-1966 security bypass
5347| [84154] Apache Tomcat session hijacking
5348| [84144] Apache Tomcat denial of service
5349| [84143] Apache Tomcat information disclosure
5350| [84111] Apache HTTP Server command execution
5351| [84043] Apache Virtual Computing Lab cross-site scripting
5352| [84042] Apache Virtual Computing Lab cross-site scripting
5353| [83782] Apache CloudStack information disclosure
5354| [83781] Apache CloudStack security bypass
5355| [83720] Apache ActiveMQ cross-site scripting
5356| [83719] Apache ActiveMQ denial of service
5357| [83718] Apache ActiveMQ denial of service
5358| [83263] Apache Subversion denial of service
5359| [83262] Apache Subversion denial of service
5360| [83261] Apache Subversion denial of service
5361| [83259] Apache Subversion denial of service
5362| [83035] Apache mod_ruid2 security bypass
5363| [82852] Apache Qpid federation_tag security bypass
5364| [82851] Apache Qpid qpid::framing::Buffer denial of service
5365| [82758] Apache Rave User RPC API information disclosure
5366| [82663] Apache Subversion svn_fs_file_length() denial of service
5367| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5368| [82641] Apache Qpid AMQP denial of service
5369| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5370| [82618] Apache Commons FileUpload symlink
5371| [82360] Apache HTTP Server manager interface cross-site scripting
5372| [82359] Apache HTTP Server hostnames cross-site scripting
5373| [82338] Apache Tomcat log/logdir information disclosure
5374| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5375| [82268] Apache OpenJPA deserialization command execution
5376| [81981] Apache CXF UsernameTokens security bypass
5377| [81980] Apache CXF WS-Security security bypass
5378| [81398] Apache OFBiz cross-site scripting
5379| [81240] Apache CouchDB directory traversal
5380| [81226] Apache CouchDB JSONP code execution
5381| [81225] Apache CouchDB Futon user interface cross-site scripting
5382| [81211] Apache Axis2/C SSL spoofing
5383| [81167] Apache CloudStack DeployVM information disclosure
5384| [81166] Apache CloudStack AddHost API information disclosure
5385| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5386| [80518] Apache Tomcat cross-site request forgery security bypass
5387| [80517] Apache Tomcat FormAuthenticator security bypass
5388| [80516] Apache Tomcat NIO denial of service
5389| [80408] Apache Tomcat replay-countermeasure security bypass
5390| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5391| [80317] Apache Tomcat slowloris denial of service
5392| [79984] Apache Commons HttpClient SSL spoofing
5393| [79983] Apache CXF SSL spoofing
5394| [79830] Apache Axis2/Java SSL spoofing
5395| [79829] Apache Axis SSL spoofing
5396| [79809] Apache Tomcat DIGEST security bypass
5397| [79806] Apache Tomcat parseHeaders() denial of service
5398| [79540] Apache OFBiz unspecified
5399| [79487] Apache Axis2 SAML security bypass
5400| [79212] Apache Cloudstack code execution
5401| [78734] Apache CXF SOAP Action security bypass
5402| [78730] Apache Qpid broker denial of service
5403| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5404| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5405| [78562] Apache mod_pagespeed module security bypass
5406| [78454] Apache Axis2 security bypass
5407| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5408| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5409| [78321] Apache Wicket unspecified cross-site scripting
5410| [78183] Apache Struts parameters denial of service
5411| [78182] Apache Struts cross-site request forgery
5412| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5413| [77987] mod_rpaf module for Apache denial of service
5414| [77958] Apache Struts skill name code execution
5415| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5416| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5417| [77568] Apache Qpid broker security bypass
5418| [77421] Apache Libcloud spoofing
5419| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5420| [77046] Oracle Solaris Apache HTTP Server information disclosure
5421| [76837] Apache Hadoop information disclosure
5422| [76802] Apache Sling CopyFrom denial of service
5423| [76692] Apache Hadoop symlink
5424| [76535] Apache Roller console cross-site request forgery
5425| [76534] Apache Roller weblog cross-site scripting
5426| [76152] Apache CXF elements security bypass
5427| [76151] Apache CXF child policies security bypass
5428| [75983] MapServer for Windows Apache file include
5429| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5430| [75558] Apache POI denial of service
5431| [75545] PHP apache_request_headers() buffer overflow
5432| [75302] Apache Qpid SASL security bypass
5433| [75211] Debian GNU/Linux apache 2 cross-site scripting
5434| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5435| [74871] Apache OFBiz FlexibleStringExpander code execution
5436| [74870] Apache OFBiz multiple cross-site scripting
5437| [74750] Apache Hadoop unspecified spoofing
5438| [74319] Apache Struts XSLTResult.java file upload
5439| [74313] Apache Traffic Server header buffer overflow
5440| [74276] Apache Wicket directory traversal
5441| [74273] Apache Wicket unspecified cross-site scripting
5442| [74181] Apache HTTP Server mod_fcgid module denial of service
5443| [73690] Apache Struts OGNL code execution
5444| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5445| [73100] Apache MyFaces in directory traversal
5446| [73096] Apache APR hash denial of service
5447| [73052] Apache Struts name cross-site scripting
5448| [73030] Apache CXF UsernameToken security bypass
5449| [72888] Apache Struts lastName cross-site scripting
5450| [72758] Apache HTTP Server httpOnly information disclosure
5451| [72757] Apache HTTP Server MPM denial of service
5452| [72585] Apache Struts ParameterInterceptor security bypass
5453| [72438] Apache Tomcat Digest security bypass
5454| [72437] Apache Tomcat Digest security bypass
5455| [72436] Apache Tomcat DIGEST security bypass
5456| [72425] Apache Tomcat parameter denial of service
5457| [72422] Apache Tomcat request object information disclosure
5458| [72377] Apache HTTP Server scoreboard security bypass
5459| [72345] Apache HTTP Server HTTP request denial of service
5460| [72229] Apache Struts ExceptionDelegator command execution
5461| [72089] Apache Struts ParameterInterceptor directory traversal
5462| [72088] Apache Struts CookieInterceptor command execution
5463| [72047] Apache Geronimo hash denial of service
5464| [72016] Apache Tomcat hash denial of service
5465| [71711] Apache Struts OGNL expression code execution
5466| [71654] Apache Struts interfaces security bypass
5467| [71620] Apache ActiveMQ failover denial of service
5468| [71617] Apache HTTP Server mod_proxy module information disclosure
5469| [71508] Apache MyFaces EL security bypass
5470| [71445] Apache HTTP Server mod_proxy security bypass
5471| [71203] Apache Tomcat servlets privilege escalation
5472| [71181] Apache HTTP Server ap_pregsub() denial of service
5473| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5474| [70336] Apache HTTP Server mod_proxy information disclosure
5475| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5476| [69472] Apache Tomcat AJP security bypass
5477| [69396] Apache HTTP Server ByteRange filter denial of service
5478| [69394] Apache Wicket multi window support cross-site scripting
5479| [69176] Apache Tomcat XML information disclosure
5480| [69161] Apache Tomcat jsvc information disclosure
5481| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5482| [68541] Apache Tomcat sendfile information disclosure
5483| [68420] Apache XML Security denial of service
5484| [68238] Apache Tomcat JMX information disclosure
5485| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5486| [67804] Apache Subversion control rules information disclosure
5487| [67803] Apache Subversion control rules denial of service
5488| [67802] Apache Subversion baselined denial of service
5489| [67672] Apache Archiva multiple cross-site scripting
5490| [67671] Apache Archiva multiple cross-site request forgery
5491| [67564] Apache APR apr_fnmatch() denial of service
5492| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5493| [67515] Apache Tomcat annotations security bypass
5494| [67480] Apache Struts s:submit information disclosure
5495| [67414] Apache APR apr_fnmatch() denial of service
5496| [67356] Apache Struts javatemplates cross-site scripting
5497| [67354] Apache Struts Xwork cross-site scripting
5498| [66676] Apache Tomcat HTTP BIO information disclosure
5499| [66675] Apache Tomcat web.xml security bypass
5500| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5501| [66241] Apache HttpComponents information disclosure
5502| [66154] Apache Tomcat ServletSecurity security bypass
5503| [65971] Apache Tomcat ServletSecurity security bypass
5504| [65876] Apache Subversion mod_dav_svn denial of service
5505| [65343] Apache Continuum unspecified cross-site scripting
5506| [65162] Apache Tomcat NIO connector denial of service
5507| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5508| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5509| [65159] Apache Tomcat ServletContect security bypass
5510| [65050] Apache CouchDB web-based administration UI cross-site scripting
5511| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5512| [64473] Apache Subversion blame -g denial of service
5513| [64472] Apache Subversion walk() denial of service
5514| [64407] Apache Axis2 CVE-2010-0219 code execution
5515| [63926] Apache Archiva password privilege escalation
5516| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5517| [63493] Apache Archiva credentials cross-site request forgery
5518| [63477] Apache Tomcat HttpOnly session hijacking
5519| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5520| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5521| [62959] Apache Shiro filters security bypass
5522| [62790] Apache Perl cgi module denial of service
5523| [62576] Apache Qpid exchange denial of service
5524| [62575] Apache Qpid AMQP denial of service
5525| [62354] Apache Qpid SSL denial of service
5526| [62235] Apache APR-util apr_brigade_split_line() denial of service
5527| [62181] Apache XML-RPC SAX Parser information disclosure
5528| [61721] Apache Traffic Server cache poisoning
5529| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5530| [61186] Apache CouchDB Futon cross-site request forgery
5531| [61169] Apache CXF DTD denial of service
5532| [61070] Apache Jackrabbit search.jsp SQL injection
5533| [61006] Apache SLMS Quoting cross-site request forgery
5534| [60962] Apache Tomcat time cross-site scripting
5535| [60883] Apache mod_proxy_http information disclosure
5536| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5537| [60264] Apache Tomcat Transfer-Encoding denial of service
5538| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5539| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5540| [59413] Apache mod_proxy_http timeout information disclosure
5541| [59058] Apache MyFaces unencrypted view state cross-site scripting
5542| [58827] Apache Axis2 xsd file include
5543| [58790] Apache Axis2 modules cross-site scripting
5544| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5545| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5546| [58056] Apache ActiveMQ .jsp source code disclosure
5547| [58055] Apache Tomcat realm name information disclosure
5548| [58046] Apache HTTP Server mod_auth_shadow security bypass
5549| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5550| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5551| [57429] Apache CouchDB algorithms information disclosure
5552| [57398] Apache ActiveMQ Web console cross-site request forgery
5553| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5554| [56653] Apache HTTP Server DNS spoofing
5555| [56652] Apache HTTP Server DNS cross-site scripting
5556| [56625] Apache HTTP Server request header information disclosure
5557| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5558| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5559| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5560| [55857] Apache Tomcat WAR files directory traversal
5561| [55856] Apache Tomcat autoDeploy attribute security bypass
5562| [55855] Apache Tomcat WAR directory traversal
5563| [55210] Intuit component for Joomla! Apache information disclosure
5564| [54533] Apache Tomcat 404 error page cross-site scripting
5565| [54182] Apache Tomcat admin default password
5566| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5567| [53666] Apache HTTP Server Solaris pollset support denial of service
5568| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5569| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5570| [53041] mod_proxy_ftp module for Apache denial of service
5571| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5572| [51953] Apache Tomcat Path Disclosure
5573| [51952] Apache Tomcat Path Traversal
5574| [51951] Apache stronghold-status Information Disclosure
5575| [51950] Apache stronghold-info Information Disclosure
5576| [51949] Apache PHP Source Code Disclosure
5577| [51948] Apache Multiviews Attack
5578| [51946] Apache JServ Environment Status Information Disclosure
5579| [51945] Apache error_log Information Disclosure
5580| [51944] Apache Default Installation Page Pattern Found
5581| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5582| [51942] Apache AXIS XML External Entity File Retrieval
5583| [51941] Apache AXIS Sample Servlet Information Leak
5584| [51940] Apache access_log Information Disclosure
5585| [51626] Apache mod_deflate denial of service
5586| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5587| [51365] Apache Tomcat RequestDispatcher security bypass
5588| [51273] Apache HTTP Server Incomplete Request denial of service
5589| [51195] Apache Tomcat XML information disclosure
5590| [50994] Apache APR-util xml/apr_xml.c denial of service
5591| [50993] Apache APR-util apr_brigade_vprintf denial of service
5592| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5593| [50930] Apache Tomcat j_security_check information disclosure
5594| [50928] Apache Tomcat AJP denial of service
5595| [50884] Apache HTTP Server XML ENTITY denial of service
5596| [50808] Apache HTTP Server AllowOverride privilege escalation
5597| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5598| [50059] Apache mod_proxy_ajp information disclosure
5599| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5600| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5601| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5602| [49921] Apache ActiveMQ Web interface cross-site scripting
5603| [49898] Apache Geronimo Services/Repository directory traversal
5604| [49725] Apache Tomcat mod_jk module information disclosure
5605| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5606| [49712] Apache Struts unspecified cross-site scripting
5607| [49213] Apache Tomcat cal2.jsp cross-site scripting
5608| [48934] Apache Tomcat POST doRead method information disclosure
5609| [48211] Apache Tomcat header HTTP request smuggling
5610| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5611| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5612| [47709] Apache Roller "
5613| [47104] Novell Netware ApacheAdmin console security bypass
5614| [47086] Apache HTTP Server OS fingerprinting unspecified
5615| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5616| [45791] Apache Tomcat RemoteFilterValve security bypass
5617| [44435] Oracle WebLogic Apache Connector buffer overflow
5618| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5619| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5620| [44156] Apache Tomcat RequestDispatcher directory traversal
5621| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5622| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5623| [42987] Apache HTTP Server mod_proxy module denial of service
5624| [42915] Apache Tomcat JSP files path disclosure
5625| [42914] Apache Tomcat MS-DOS path disclosure
5626| [42892] Apache Tomcat unspecified unauthorized access
5627| [42816] Apache Tomcat Host Manager cross-site scripting
5628| [42303] Apache 403 error cross-site scripting
5629| [41618] Apache-SSL ExpandCert() authentication bypass
5630| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5631| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5632| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5633| [40562] Apache Geronimo init information disclosure
5634| [40478] Novell Web Manager webadmin-apache.conf security bypass
5635| [40411] Apache Tomcat exception handling information disclosure
5636| [40409] Apache Tomcat native (APR based) connector weak security
5637| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5638| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5639| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5640| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5641| [39804] Apache Tomcat SingleSignOn information disclosure
5642| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5643| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5644| [39608] Apache HTTP Server balancer manager cross-site request forgery
5645| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5646| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5647| [39472] Apache HTTP Server mod_status cross-site scripting
5648| [39201] Apache Tomcat JULI logging weak security
5649| [39158] Apache HTTP Server Windows SMB shares information disclosure
5650| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5651| [38951] Apache::AuthCAS Perl module cookie SQL injection
5652| [38800] Apache HTTP Server 413 error page cross-site scripting
5653| [38211] Apache Geronimo SQLLoginModule authentication bypass
5654| [37243] Apache Tomcat WebDAV directory traversal
5655| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5656| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5657| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5658| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5659| [36782] Apache Geronimo MEJB unauthorized access
5660| [36586] Apache HTTP Server UTF-7 cross-site scripting
5661| [36468] Apache Geronimo LoginModule security bypass
5662| [36467] Apache Tomcat functions.jsp cross-site scripting
5663| [36402] Apache Tomcat calendar cross-site request forgery
5664| [36354] Apache HTTP Server mod_proxy module denial of service
5665| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5666| [36336] Apache Derby lock table privilege escalation
5667| [36335] Apache Derby schema privilege escalation
5668| [36006] Apache Tomcat "
5669| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5670| [35999] Apache Tomcat \"
5671| [35795] Apache Tomcat CookieExample cross-site scripting
5672| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5673| [35384] Apache HTTP Server mod_cache module denial of service
5674| [35097] Apache HTTP Server mod_status module cross-site scripting
5675| [35095] Apache HTTP Server Prefork MPM module denial of service
5676| [34984] Apache HTTP Server recall_headers information disclosure
5677| [34966] Apache HTTP Server MPM content spoofing
5678| [34965] Apache HTTP Server MPM information disclosure
5679| [34963] Apache HTTP Server MPM multiple denial of service
5680| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5681| [34869] Apache Tomcat JSP example Web application cross-site scripting
5682| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5683| [34496] Apache Tomcat JK Connector security bypass
5684| [34377] Apache Tomcat hello.jsp cross-site scripting
5685| [34212] Apache Tomcat SSL configuration security bypass
5686| [34210] Apache Tomcat Accept-Language cross-site scripting
5687| [34209] Apache Tomcat calendar application cross-site scripting
5688| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5689| [34167] Apache Axis WSDL file path disclosure
5690| [34068] Apache Tomcat AJP connector information disclosure
5691| [33584] Apache HTTP Server suEXEC privilege escalation
5692| [32988] Apache Tomcat proxy module directory traversal
5693| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5694| [32708] Debian Apache tty privilege escalation
5695| [32441] ApacheStats extract() PHP call unspecified
5696| [32128] Apache Tomcat default account
5697| [31680] Apache Tomcat RequestParamExample cross-site scripting
5698| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5699| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5700| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5701| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5702| [29550] Apache mod_tcl set_var() format string
5703| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5704| [28357] Apache HTTP Server mod_alias script source information disclosure
5705| [28063] Apache mod_rewrite off-by-one buffer overflow
5706| [27902] Apache Tomcat URL information disclosure
5707| [26786] Apache James SMTP server denial of service
5708| [25680] libapache2 /tmp/svn file upload
5709| [25614] Apache Struts lookupMap cross-site scripting
5710| [25613] Apache Struts ActionForm denial of service
5711| [25612] Apache Struts isCancelled() security bypass
5712| [24965] Apache mod_python FileSession command execution
5713| [24716] Apache James spooler memory leak denial of service
5714| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5715| [24158] Apache Geronimo jsp-examples cross-site scripting
5716| [24030] Apache auth_ldap module multiple format strings
5717| [24008] Apache mod_ssl custom error message denial of service
5718| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5719| [23612] Apache mod_imap referer field cross-site scripting
5720| [23173] Apache Struts error message cross-site scripting
5721| [22942] Apache Tomcat directory listing denial of service
5722| [22858] Apache Multi-Processing Module code allows denial of service
5723| [22602] RHSA-2005:582 updates for Apache httpd not installed
5724| [22520] Apache mod-auth-shadow "
5725| [22466] ApacheTop symlink
5726| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5727| [22006] Apache HTTP Server byte-range filter denial of service
5728| [21567] Apache mod_ssl off-by-one buffer overflow
5729| [21195] Apache HTTP Server header HTTP request smuggling
5730| [20383] Apache HTTP Server htdigest buffer overflow
5731| [19681] Apache Tomcat AJP12 request denial of service
5732| [18993] Apache HTTP server check_forensic symlink attack
5733| [18790] Apache Tomcat Manager cross-site scripting
5734| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5735| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5736| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5737| [17961] Apache Web server ServerTokens has not been set
5738| [17930] Apache HTTP Server HTTP GET request denial of service
5739| [17785] Apache mod_include module buffer overflow
5740| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5741| [17473] Apache HTTP Server Satisfy directive allows access to resources
5742| [17413] Apache htpasswd buffer overflow
5743| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5744| [17382] Apache HTTP Server IPv6 apr_util denial of service
5745| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5746| [17273] Apache HTTP Server speculative mode denial of service
5747| [17200] Apache HTTP Server mod_ssl denial of service
5748| [16890] Apache HTTP Server server-info request has been detected
5749| [16889] Apache HTTP Server server-status request has been detected
5750| [16705] Apache mod_ssl format string attack
5751| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5752| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5753| [16230] Apache HTTP Server PHP denial of service
5754| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5755| [15958] Apache HTTP Server authentication modules memory corruption
5756| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5757| [15540] Apache HTTP Server socket starvation denial of service
5758| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5759| [15422] Apache HTTP Server mod_access information disclosure
5760| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5761| [15293] Apache for Cygwin "
5762| [15065] Apache-SSL has a default password
5763| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5764| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5765| [14751] Apache Mod_python output filter information disclosure
5766| [14125] Apache HTTP Server mod_userdir module information disclosure
5767| [14075] Apache HTTP Server mod_php file descriptor leak
5768| [13703] Apache HTTP Server account
5769| [13689] Apache HTTP Server configuration allows symlinks
5770| [13688] Apache HTTP Server configuration allows SSI
5771| [13687] Apache HTTP Server Server: header value
5772| [13685] Apache HTTP Server ServerTokens value
5773| [13684] Apache HTTP Server ServerSignature value
5774| [13672] Apache HTTP Server config allows directory autoindexing
5775| [13671] Apache HTTP Server default content
5776| [13670] Apache HTTP Server config file directive references outside content root
5777| [13668] Apache HTTP Server httpd not running in chroot environment
5778| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5779| [13664] Apache HTTP Server config file contains ScriptAlias entry
5780| [13663] Apache HTTP Server CGI support modules loaded
5781| [13661] Apache HTTP Server config file contains AddHandler entry
5782| [13660] Apache HTTP Server 500 error page not CGI script
5783| [13659] Apache HTTP Server 413 error page not CGI script
5784| [13658] Apache HTTP Server 403 error page not CGI script
5785| [13657] Apache HTTP Server 401 error page not CGI script
5786| [13552] Apache HTTP Server mod_cgid module information disclosure
5787| [13550] Apache GET request directory traversal
5788| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5789| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5790| [13429] Apache Tomcat non-HTTP request denial of service
5791| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5792| [13295] Apache weak password encryption
5793| [13254] Apache Tomcat .jsp cross-site scripting
5794| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5795| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5796| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5797| [12662] Apache HTTP Server rotatelogs denial of service
5798| [12554] Apache Tomcat stores password in plain text
5799| [12553] Apache HTTP Server redirects and subrequests denial of service
5800| [12552] Apache HTTP Server FTP proxy server denial of service
5801| [12551] Apache HTTP Server prefork MPM denial of service
5802| [12550] Apache HTTP Server weaker than expected encryption
5803| [12549] Apache HTTP Server type-map file denial of service
5804| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5805| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5806| [12091] Apache HTTP Server apr_password_validate denial of service
5807| [12090] Apache HTTP Server apr_psprintf code execution
5808| [11804] Apache HTTP Server mod_access_referer denial of service
5809| [11750] Apache HTTP Server could leak sensitive file descriptors
5810| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5811| [11703] Apache long slash path allows directory listing
5812| [11695] Apache HTTP Server LF (Line Feed) denial of service
5813| [11694] Apache HTTP Server filestat.c denial of service
5814| [11438] Apache HTTP Server MIME message boundaries information disclosure
5815| [11412] Apache HTTP Server error log terminal escape sequence injection
5816| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5817| [11195] Apache Tomcat web.xml could be used to read files
5818| [11194] Apache Tomcat URL appended with a null character could list directories
5819| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5820| [11126] Apache HTTP Server illegal character file disclosure
5821| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5822| [11124] Apache HTTP Server DOS device name denial of service
5823| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5824| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5825| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5826| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5827| [10499] Apache HTTP Server WebDAV HTTP POST view source
5828| [10457] Apache HTTP Server mod_ssl "
5829| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5830| [10414] Apache HTTP Server htdigest multiple buffer overflows
5831| [10413] Apache HTTP Server htdigest temporary file race condition
5832| [10412] Apache HTTP Server htpasswd temporary file race condition
5833| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5834| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5835| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5836| [10280] Apache HTTP Server shared memory scorecard overwrite
5837| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5838| [10241] Apache HTTP Server Host: header cross-site scripting
5839| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5840| [10208] Apache HTTP Server mod_dav denial of service
5841| [10206] HP VVOS Apache mod_ssl denial of service
5842| [10200] Apache HTTP Server stderr denial of service
5843| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5844| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5845| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5846| [10098] Slapper worm targets OpenSSL/Apache systems
5847| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5848| [9875] Apache HTTP Server .var file request could disclose installation path
5849| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5850| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5851| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5852| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5853| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5854| [9396] Apache Tomcat null character to threads denial of service
5855| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5856| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5857| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5858| [8932] Apache Tomcat example class information disclosure
5859| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5860| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5861| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5862| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5863| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5864| [8400] Apache HTTP Server mod_frontpage buffer overflows
5865| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5866| [8308] Apache "
5867| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5868| [8119] Apache and PHP OPTIONS request reveals "
5869| [8054] Apache is running on the system
5870| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5871| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5872| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5873| [7836] Apache HTTP Server log directory denial of service
5874| [7815] Apache for Windows "
5875| [7810] Apache HTTP request could result in unexpected behavior
5876| [7599] Apache Tomcat reveals installation path
5877| [7494] Apache "
5878| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5879| [7363] Apache Web Server hidden HTTP requests
5880| [7249] Apache mod_proxy denial of service
5881| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5882| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5883| [7059] Apache "
5884| [7057] Apache "
5885| [7056] Apache "
5886| [7055] Apache "
5887| [7054] Apache "
5888| [6997] Apache Jakarta Tomcat error message may reveal information
5889| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5890| [6970] Apache crafted HTTP request could reveal the internal IP address
5891| [6921] Apache long slash path allows directory listing
5892| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5893| [6527] Apache Web Server for Windows and OS2 denial of service
5894| [6316] Apache Jakarta Tomcat may reveal JSP source code
5895| [6305] Apache Jakarta Tomcat directory traversal
5896| [5926] Linux Apache symbolic link
5897| [5659] Apache Web server discloses files when used with php script
5898| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5899| [5204] Apache WebDAV directory listings
5900| [5197] Apache Web server reveals CGI script source code
5901| [5160] Apache Jakarta Tomcat default installation
5902| [5099] Trustix Secure Linux installs Apache with world writable access
5903| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5904| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5905| [4931] Apache source.asp example file allows users to write to files
5906| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5907| [4205] Apache Jakarta Tomcat delivers file contents
5908| [2084] Apache on Debian by default serves the /usr/doc directory
5909| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5910| [697] Apache HTTP server beck exploit
5911| [331] Apache cookies buffer overflow
5912|
5913| Exploit-DB - https://www.exploit-db.com:
5914| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5915| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5916| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5917| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5918| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5919| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5920| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5921| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5922| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5923| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5924| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5925| [29859] Apache Roller OGNL Injection
5926| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5927| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5928| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5929| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5930| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5931| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5932| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5933| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5934| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5935| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5936| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5937| [27096] Apache Geronimo 1.0 Error Page XSS
5938| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5939| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5940| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5941| [25986] Plesk Apache Zeroday Remote Exploit
5942| [25980] Apache Struts includeParams Remote Code Execution
5943| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5944| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5945| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5946| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5947| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5948| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5949| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5950| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5951| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5952| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5953| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5954| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5955| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5956| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5957| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5958| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5959| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5960| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5961| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5962| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5963| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5964| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5965| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5966| [21719] Apache 2.0 Path Disclosure Vulnerability
5967| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5968| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5969| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5970| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5971| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5972| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5973| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5974| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5975| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5976| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5977| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5978| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5979| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5980| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5981| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5982| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5983| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5984| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5985| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5986| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5987| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5988| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5989| [20558] Apache 1.2 Web Server DoS Vulnerability
5990| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5991| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5992| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5993| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5994| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5995| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5996| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5997| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5998| [19231] PHP apache_request_headers Function Buffer Overflow
5999| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6000| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6001| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6002| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6003| [18442] Apache httpOnly Cookie Disclosure
6004| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6005| [18221] Apache HTTP Server Denial of Service
6006| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6007| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6008| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6009| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6010| [16782] Apache Win32 Chunked Encoding
6011| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6012| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6013| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6014| [15319] Apache 2.2 (Windows) Local Denial of Service
6015| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6016| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6017| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6018| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6019| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6020| [12330] Apache OFBiz - Multiple XSS
6021| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6022| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6023| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6024| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6025| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6026| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6027| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6028| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6029| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6030| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6031| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6032| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6033| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6034| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6035| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6036| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6037| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6038| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6039| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6040| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6041| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6042| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6043| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6044| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6045| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6046| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6047| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6048| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
6049| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
6050| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
6051| [466] htpasswd Apache 1.3.31 - Local Exploit
6052| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
6053| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
6054| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
6055| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
6056| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
6057| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
6058| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
6059| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
6060| [9] Apache HTTP Server 2.x Memory Leak Exploit
6061|
6062| OpenVAS (Nessus) - http://www.openvas.org:
6063| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
6064| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
6065| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6066| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
6067| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
6068| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6069| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6070| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
6071| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
6072| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
6073| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
6074| [900571] Apache APR-Utils Version Detection
6075| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
6076| [900496] Apache Tiles Multiple XSS Vulnerability
6077| [900493] Apache Tiles Version Detection
6078| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
6079| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
6080| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
6081| [870175] RedHat Update for apache RHSA-2008:0004-01
6082| [864591] Fedora Update for apache-poi FEDORA-2012-10835
6083| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
6084| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
6085| [864250] Fedora Update for apache-poi FEDORA-2012-7683
6086| [864249] Fedora Update for apache-poi FEDORA-2012-7686
6087| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
6088| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
6089| [855821] Solaris Update for Apache 1.3 122912-19
6090| [855812] Solaris Update for Apache 1.3 122911-19
6091| [855737] Solaris Update for Apache 1.3 122911-17
6092| [855731] Solaris Update for Apache 1.3 122912-17
6093| [855695] Solaris Update for Apache 1.3 122911-16
6094| [855645] Solaris Update for Apache 1.3 122912-16
6095| [855587] Solaris Update for kernel update and Apache 108529-29
6096| [855566] Solaris Update for Apache 116973-07
6097| [855531] Solaris Update for Apache 116974-07
6098| [855524] Solaris Update for Apache 2 120544-14
6099| [855494] Solaris Update for Apache 1.3 122911-15
6100| [855478] Solaris Update for Apache Security 114145-11
6101| [855472] Solaris Update for Apache Security 113146-12
6102| [855179] Solaris Update for Apache 1.3 122912-15
6103| [855147] Solaris Update for kernel update and Apache 108528-29
6104| [855077] Solaris Update for Apache 2 120543-14
6105| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
6106| [850088] SuSE Update for apache2 SUSE-SA:2007:061
6107| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
6108| [841209] Ubuntu Update for apache2 USN-1627-1
6109| [840900] Ubuntu Update for apache2 USN-1368-1
6110| [840798] Ubuntu Update for apache2 USN-1259-1
6111| [840734] Ubuntu Update for apache2 USN-1199-1
6112| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
6113| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
6114| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
6115| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
6116| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
6117| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
6118| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
6119| [835253] HP-UX Update for Apache Web Server HPSBUX02645
6120| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
6121| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
6122| [835236] HP-UX Update for Apache with PHP HPSBUX02543
6123| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
6124| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
6125| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
6126| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
6127| [835188] HP-UX Update for Apache HPSBUX02308
6128| [835181] HP-UX Update for Apache With PHP HPSBUX02332
6129| [835180] HP-UX Update for Apache with PHP HPSBUX02342
6130| [835172] HP-UX Update for Apache HPSBUX02365
6131| [835168] HP-UX Update for Apache HPSBUX02313
6132| [835148] HP-UX Update for Apache HPSBUX01064
6133| [835139] HP-UX Update for Apache with PHP HPSBUX01090
6134| [835131] HP-UX Update for Apache HPSBUX00256
6135| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
6136| [835104] HP-UX Update for Apache HPSBUX00224
6137| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
6138| [835101] HP-UX Update for Apache HPSBUX01232
6139| [835080] HP-UX Update for Apache HPSBUX02273
6140| [835078] HP-UX Update for ApacheStrong HPSBUX00255
6141| [835044] HP-UX Update for Apache HPSBUX01019
6142| [835040] HP-UX Update for Apache PHP HPSBUX00207
6143| [835025] HP-UX Update for Apache HPSBUX00197
6144| [835023] HP-UX Update for Apache HPSBUX01022
6145| [835022] HP-UX Update for Apache HPSBUX02292
6146| [835005] HP-UX Update for Apache HPSBUX02262
6147| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
6148| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
6149| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
6150| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
6151| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
6152| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
6153| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
6154| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
6155| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
6156| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
6157| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
6158| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
6159| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
6160| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
6161| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
6162| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
6163| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
6164| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
6165| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
6166| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
6167| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
6168| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
6169| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
6170| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
6171| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
6172| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
6173| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
6174| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
6175| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
6176| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
6177| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6178| [801942] Apache Archiva Multiple Vulnerabilities
6179| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
6180| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
6181| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
6182| [801284] Apache Derby Information Disclosure Vulnerability
6183| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
6184| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
6185| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
6186| [800680] Apache APR Version Detection
6187| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6188| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6189| [800677] Apache Roller Version Detection
6190| [800279] Apache mod_jk Module Version Detection
6191| [800278] Apache Struts Cross Site Scripting Vulnerability
6192| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
6193| [800276] Apache Struts Version Detection
6194| [800271] Apache Struts Directory Traversal Vulnerability
6195| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
6196| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6197| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6198| [103122] Apache Web Server ETag Header Information Disclosure Weakness
6199| [103074] Apache Continuum Cross Site Scripting Vulnerability
6200| [103073] Apache Continuum Detection
6201| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6202| [101023] Apache Open For Business Weak Password security check
6203| [101020] Apache Open For Business HTML injection vulnerability
6204| [101019] Apache Open For Business service detection
6205| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
6206| [100923] Apache Archiva Detection
6207| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6208| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6209| [100813] Apache Axis2 Detection
6210| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6211| [100795] Apache Derby Detection
6212| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
6213| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6214| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6215| [100514] Apache Multiple Security Vulnerabilities
6216| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6217| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6218| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6219| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6220| [72626] Debian Security Advisory DSA 2579-1 (apache2)
6221| [72612] FreeBSD Ports: apache22
6222| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
6223| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
6224| [71512] FreeBSD Ports: apache
6225| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
6226| [71256] Debian Security Advisory DSA 2452-1 (apache2)
6227| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
6228| [70737] FreeBSD Ports: apache
6229| [70724] Debian Security Advisory DSA 2405-1 (apache2)
6230| [70600] FreeBSD Ports: apache
6231| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
6232| [70235] Debian Security Advisory DSA 2298-2 (apache2)
6233| [70233] Debian Security Advisory DSA 2298-1 (apache2)
6234| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
6235| [69338] Debian Security Advisory DSA 2202-1 (apache2)
6236| [67868] FreeBSD Ports: apache
6237| [66816] FreeBSD Ports: apache
6238| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
6239| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
6240| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
6241| [66081] SLES11: Security update for Apache 2
6242| [66074] SLES10: Security update for Apache 2
6243| [66070] SLES9: Security update for Apache 2
6244| [65998] SLES10: Security update for apache2-mod_python
6245| [65893] SLES10: Security update for Apache 2
6246| [65888] SLES10: Security update for Apache 2
6247| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
6248| [65510] SLES9: Security update for Apache 2
6249| [65472] SLES9: Security update for Apache
6250| [65467] SLES9: Security update for Apache
6251| [65450] SLES9: Security update for apache2
6252| [65390] SLES9: Security update for Apache2
6253| [65363] SLES9: Security update for Apache2
6254| [65309] SLES9: Security update for Apache and mod_ssl
6255| [65296] SLES9: Security update for webdav apache module
6256| [65283] SLES9: Security update for Apache2
6257| [65249] SLES9: Security update for Apache 2
6258| [65230] SLES9: Security update for Apache 2
6259| [65228] SLES9: Security update for Apache 2
6260| [65212] SLES9: Security update for apache2-mod_python
6261| [65209] SLES9: Security update for apache2-worker
6262| [65207] SLES9: Security update for Apache 2
6263| [65168] SLES9: Security update for apache2-mod_python
6264| [65142] SLES9: Security update for Apache2
6265| [65136] SLES9: Security update for Apache 2
6266| [65132] SLES9: Security update for apache
6267| [65131] SLES9: Security update for Apache 2 oes/CORE
6268| [65113] SLES9: Security update for apache2
6269| [65072] SLES9: Security update for apache and mod_ssl
6270| [65017] SLES9: Security update for Apache 2
6271| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
6272| [64783] FreeBSD Ports: apache
6273| [64774] Ubuntu USN-802-2 (apache2)
6274| [64653] Ubuntu USN-813-2 (apache2)
6275| [64559] Debian Security Advisory DSA 1834-2 (apache2)
6276| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
6277| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
6278| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
6279| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
6280| [64443] Ubuntu USN-802-1 (apache2)
6281| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
6282| [64423] Debian Security Advisory DSA 1834-1 (apache2)
6283| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
6284| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
6285| [64251] Debian Security Advisory DSA 1816-1 (apache2)
6286| [64201] Ubuntu USN-787-1 (apache2)
6287| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
6288| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
6289| [63565] FreeBSD Ports: apache
6290| [63562] Ubuntu USN-731-1 (apache2)
6291| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
6292| [61185] FreeBSD Ports: apache
6293| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
6294| [60387] Slackware Advisory SSA:2008-045-02 apache
6295| [58826] FreeBSD Ports: apache-tomcat
6296| [58825] FreeBSD Ports: apache-tomcat
6297| [58804] FreeBSD Ports: apache
6298| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
6299| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
6300| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
6301| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
6302| [57335] Debian Security Advisory DSA 1167-1 (apache)
6303| [57201] Debian Security Advisory DSA 1131-1 (apache)
6304| [57200] Debian Security Advisory DSA 1132-1 (apache2)
6305| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
6306| [57145] FreeBSD Ports: apache
6307| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
6308| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
6309| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
6310| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
6311| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
6312| [56067] FreeBSD Ports: apache
6313| [55803] Slackware Advisory SSA:2005-310-04 apache
6314| [55519] Debian Security Advisory DSA 839-1 (apachetop)
6315| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
6316| [55355] FreeBSD Ports: apache
6317| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
6318| [55261] Debian Security Advisory DSA 805-1 (apache2)
6319| [55259] Debian Security Advisory DSA 803-1 (apache)
6320| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
6321| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
6322| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
6323| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
6324| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
6325| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
6326| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
6327| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
6328| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
6329| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
6330| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
6331| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
6332| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
6333| [54439] FreeBSD Ports: apache
6334| [53931] Slackware Advisory SSA:2004-133-01 apache
6335| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
6336| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
6337| [53878] Slackware Advisory SSA:2003-308-01 apache security update
6338| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
6339| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
6340| [53848] Debian Security Advisory DSA 131-1 (apache)
6341| [53784] Debian Security Advisory DSA 021-1 (apache)
6342| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
6343| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
6344| [53735] Debian Security Advisory DSA 187-1 (apache)
6345| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
6346| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
6347| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
6348| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
6349| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
6350| [53282] Debian Security Advisory DSA 594-1 (apache)
6351| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
6352| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
6353| [53215] Debian Security Advisory DSA 525-1 (apache)
6354| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
6355| [52529] FreeBSD Ports: apache+ssl
6356| [52501] FreeBSD Ports: apache
6357| [52461] FreeBSD Ports: apache
6358| [52390] FreeBSD Ports: apache
6359| [52389] FreeBSD Ports: apache
6360| [52388] FreeBSD Ports: apache
6361| [52383] FreeBSD Ports: apache
6362| [52339] FreeBSD Ports: apache+mod_ssl
6363| [52331] FreeBSD Ports: apache
6364| [52329] FreeBSD Ports: ru-apache+mod_ssl
6365| [52314] FreeBSD Ports: apache
6366| [52310] FreeBSD Ports: apache
6367| [15588] Detect Apache HTTPS
6368| [15555] Apache mod_proxy content-length buffer overflow
6369| [15554] Apache mod_include priviledge escalation
6370| [14771] Apache <= 1.3.33 htpasswd local overflow
6371| [14177] Apache mod_access rule bypass
6372| [13644] Apache mod_rootme Backdoor
6373| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6374| [12280] Apache Connection Blocking Denial of Service
6375| [12239] Apache Error Log Escape Sequence Injection
6376| [12123] Apache Tomcat source.jsp malformed request information disclosure
6377| [12085] Apache Tomcat servlet/JSP container default files
6378| [11438] Apache Tomcat Directory Listing and File disclosure
6379| [11204] Apache Tomcat Default Accounts
6380| [11092] Apache 2.0.39 Win32 directory traversal
6381| [11046] Apache Tomcat TroubleShooter Servlet Installed
6382| [11042] Apache Tomcat DOS Device Name XSS
6383| [11041] Apache Tomcat /servlet Cross Site Scripting
6384| [10938] Apache Remote Command Execution via .bat files
6385| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6386| [10773] MacOS X Finder reveals contents of Apache Web files
6387| [10766] Apache UserDir Sensitive Information Disclosure
6388| [10756] MacOS X Finder reveals contents of Apache Web directories
6389| [10752] Apache Auth Module SQL Insertion Attack
6390| [10704] Apache Directory Listing
6391| [10678] Apache /server-info accessible
6392| [10677] Apache /server-status accessible
6393| [10440] Check for Apache Multiple / vulnerability
6394|
6395| SecurityTracker - https://www.securitytracker.com:
6396| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6397| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6398| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6399| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6400| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6401| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6402| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6403| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6404| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6405| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6406| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6407| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6408| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6409| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6410| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6411| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6412| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6413| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6414| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6415| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6416| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6417| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6418| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6419| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6420| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6421| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6422| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6423| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6424| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6425| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6426| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6427| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6428| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6429| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6430| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6431| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6432| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6433| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6434| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6435| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6436| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6437| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6438| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6439| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6440| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6441| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6442| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6443| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6444| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6445| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6446| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6447| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6448| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6449| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6450| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6451| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6452| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6453| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6454| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6455| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6456| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6457| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6458| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6459| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6460| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6461| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6462| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6463| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6464| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6465| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6466| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6467| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6468| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6469| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6470| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6471| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6472| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6473| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6474| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6475| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6476| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6477| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6478| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6479| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6480| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6481| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6482| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6483| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6484| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6485| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6486| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6487| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6488| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6489| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6490| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6491| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6492| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6493| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6494| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6495| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6496| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6497| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6498| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6499| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6500| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6501| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6502| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6503| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6504| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6505| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6506| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6507| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6508| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6509| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6510| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6511| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6512| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6513| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6514| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6515| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6516| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6517| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6518| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6519| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6520| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6521| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6522| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6523| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6524| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6525| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6526| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6527| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6528| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6529| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6530| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6531| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6532| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6533| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6534| [1008920] Apache mod_digest May Validate Replayed Client Responses
6535| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6536| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6537| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6538| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6539| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6540| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6541| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6542| [1008029] Apache mod_alias Contains a Buffer Overflow
6543| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6544| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6545| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6546| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6547| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6548| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6549| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6550| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6551| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6552| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6553| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6554| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6555| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6556| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6557| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6558| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6559| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6560| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6561| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6562| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6563| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6564| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6565| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6566| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6567| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6568| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6569| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6570| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6571| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6572| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6573| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6574| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6575| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6576| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6577| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6578| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6579| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6580| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6581| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6582| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6583| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6584| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6585| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6586| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6587| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6588| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6589| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6590| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6591| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6592| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6593| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6594| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6595| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6596| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6597| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6598| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6599|
6600| OSVDB - http://www.osvdb.org:
6601| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6602| [96077] Apache CloudStack Global Settings Multiple Field XSS
6603| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6604| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6605| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6606| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6607| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6608| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6609| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6610| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6611| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6612| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6613| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6614| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6615| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6616| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6617| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6618| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6619| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6620| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6621| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6622| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6623| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6624| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6625| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6626| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6627| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6628| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6629| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6630| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6631| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6632| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6633| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6634| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6635| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6636| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6637| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6638| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6639| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6640| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6641| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6642| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6643| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6644| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6645| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6646| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6647| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6648| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6649| [94279] Apache Qpid CA Certificate Validation Bypass
6650| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6651| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6652| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6653| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6654| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6655| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6656| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6657| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6658| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6659| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6660| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6661| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6662| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6663| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6664| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6665| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6666| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6667| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6668| [93541] Apache Solr json.wrf Callback XSS
6669| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6670| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6671| [93520] Apache CloudStack Default SSL Key Weakness
6672| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6673| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6674| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6675| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6676| [93515] Apache HBase table.jsp name Parameter XSS
6677| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6678| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6679| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6680| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6681| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6682| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6683| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6684| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6685| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6686| [93252] Apache Tomcat FORM Authenticator Session Fixation
6687| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6688| [93171] Apache Sling HtmlResponse Error Message XSS
6689| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6690| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6691| [93168] Apache Click ErrorReport.java id Parameter XSS
6692| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6693| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6694| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6695| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6696| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6697| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6698| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6699| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6700| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6701| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6702| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6703| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6704| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6705| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6706| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6707| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6708| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6709| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6710| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6711| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6712| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6713| [93144] Apache Solr Admin Command Execution CSRF
6714| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6715| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6716| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6717| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6718| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6719| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6720| [92748] Apache CloudStack VM Console Access Restriction Bypass
6721| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6722| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6723| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6724| [92706] Apache ActiveMQ Debug Log Rendering XSS
6725| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6726| [92270] Apache Tomcat Unspecified CSRF
6727| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6728| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6729| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6730| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6731| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6732| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6733| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6734| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6735| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6736| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6737| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6738| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6739| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6740| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6741| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6742| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6743| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6744| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6745| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6746| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6747| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6748| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6749| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6750| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6751| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6752| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6753| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6754| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6755| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6756| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6757| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6758| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6759| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6760| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6761| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6762| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6763| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6764| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6765| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6766| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6767| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6768| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6769| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6770| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6771| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6772| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6773| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6774| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6775| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6776| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6777| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6778| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6779| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6780| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6781| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6782| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6783| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6784| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6785| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6786| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6787| [86901] Apache Tomcat Error Message Path Disclosure
6788| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6789| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6790| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6791| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6792| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6793| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6794| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6795| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6796| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6797| [85430] Apache mod_pagespeed Module Unspecified XSS
6798| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6799| [85249] Apache Wicket Unspecified XSS
6800| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6801| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6802| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6803| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6804| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6805| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6806| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6807| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6808| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6809| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6810| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6811| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6812| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6813| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6814| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6815| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6816| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6817| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6818| [83339] Apache Roller Blogger Roll Unspecified XSS
6819| [83270] Apache Roller Unspecified Admin Action CSRF
6820| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6821| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6822| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6823| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6824| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6825| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6826| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6827| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6828| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6829| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6830| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6831| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6832| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6833| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6834| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6835| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6836| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6837| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6838| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6839| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6840| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6841| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6842| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6843| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6844| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6845| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6846| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6847| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6848| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6849| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6850| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6851| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6852| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6853| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6854| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6855| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6856| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6857| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6858| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6859| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6860| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6861| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6862| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6863| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6864| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6865| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6866| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6867| [77593] Apache Struts Conversion Error OGNL Expression Injection
6868| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6869| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6870| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6871| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6872| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6873| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6874| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6875| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6876| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6877| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6878| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6879| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6880| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6881| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6882| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6883| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6884| [74725] Apache Wicket Multi Window Support Unspecified XSS
6885| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6886| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6887| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6888| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6889| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6890| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6891| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6892| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6893| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6894| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6895| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6896| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6897| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6898| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6899| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6900| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6901| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6902| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6903| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6904| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6905| [73154] Apache Archiva Multiple Unspecified CSRF
6906| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6907| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6908| [72238] Apache Struts Action / Method Names <
6909| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6910| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6911| [71557] Apache Tomcat HTML Manager Multiple XSS
6912| [71075] Apache Archiva User Management Page XSS
6913| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6914| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6915| [70924] Apache Continuum Multiple Admin Function CSRF
6916| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6917| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6918| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6919| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6920| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6921| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6922| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6923| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6924| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6925| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6926| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6927| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6928| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6929| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6930| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6931| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6932| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6933| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6934| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6935| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6936| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6937| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6938| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6939| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6940| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6941| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6942| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6943| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6944| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6945| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6946| [65054] Apache ActiveMQ Jetty Error Handler XSS
6947| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6948| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6949| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6950| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6951| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6952| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6953| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6954| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6955| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6956| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6957| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6958| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6959| [63895] Apache HTTP Server mod_headers Unspecified Issue
6960| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6961| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6962| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6963| [63140] Apache Thrift Service Malformed Data Remote DoS
6964| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6965| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6966| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6967| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6968| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6969| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6970| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6971| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6972| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6973| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6974| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6975| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6976| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6977| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6978| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6979| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6980| [60678] Apache Roller Comment Email Notification Manipulation DoS
6981| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6982| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6983| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6984| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6985| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6986| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6987| [60232] PHP on Apache php.exe Direct Request Remote DoS
6988| [60176] Apache Tomcat Windows Installer Admin Default Password
6989| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6990| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6991| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6992| [59944] Apache Hadoop jobhistory.jsp XSS
6993| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6994| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6995| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6996| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6997| [59019] Apache mod_python Cookie Salting Weakness
6998| [59018] Apache Harmony Error Message Handling Overflow
6999| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7000| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7001| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7002| [59010] Apache Solr get-file.jsp XSS
7003| [59009] Apache Solr action.jsp XSS
7004| [59008] Apache Solr analysis.jsp XSS
7005| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7006| [59006] Apache Beehive select / checkbox Tag XSS
7007| [59005] Apache Beehive jpfScopeID Global Parameter XSS
7008| [59004] Apache Beehive Error Message XSS
7009| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
7010| [59002] Apache Jetspeed default-page.psml URI XSS
7011| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
7012| [59000] Apache CXF Unsigned Message Policy Bypass
7013| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
7014| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
7015| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
7016| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
7017| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
7018| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
7019| [58993] Apache Hadoop browseBlock.jsp XSS
7020| [58991] Apache Hadoop browseDirectory.jsp XSS
7021| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
7022| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
7023| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
7024| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
7025| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
7026| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
7027| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
7028| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
7029| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
7030| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
7031| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
7032| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
7033| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
7034| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
7035| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
7036| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
7037| [58974] Apache Sling /apps Script User Session Management Access Weakness
7038| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
7039| [58931] Apache Geronimo Cookie Parameters Validation Weakness
7040| [58930] Apache Xalan-C++ XPath Handling Remote DoS
7041| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
7042| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
7043| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
7044| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
7045| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
7046| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
7047| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
7048| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
7049| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
7050| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7051| [58805] Apache Derby Unauthenticated Database / Admin Access
7052| [58804] Apache Wicket Header Contribution Unspecified Issue
7053| [58803] Apache Wicket Session Fixation
7054| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7055| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
7056| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
7057| [58799] Apache Tapestry Logging Cleartext Password Disclosure
7058| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
7059| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
7060| [58796] Apache Jetspeed Unsalted Password Storage Weakness
7061| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
7062| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
7063| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
7064| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
7065| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
7066| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
7067| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
7068| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
7069| [58775] Apache JSPWiki preview.jsp action Parameter XSS
7070| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7071| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
7072| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
7073| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
7074| [58770] Apache JSPWiki Group.jsp group Parameter XSS
7075| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
7076| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
7077| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
7078| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
7079| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7080| [58763] Apache JSPWiki Include Tag Multiple Script XSS
7081| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
7082| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
7083| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
7084| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
7085| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
7086| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
7087| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
7088| [58755] Apache Harmony DRLVM Non-public Class Member Access
7089| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
7090| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
7091| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
7092| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
7093| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
7094| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
7095| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
7096| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
7097| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
7098| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
7099| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
7100| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7101| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
7102| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
7103| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
7104| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
7105| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
7106| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
7107| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
7108| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
7109| [58725] Apache Tapestry Basic String ACL Bypass Weakness
7110| [58724] Apache Roller Logout Functionality Failure Session Persistence
7111| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
7112| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
7113| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
7114| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
7115| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
7116| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
7117| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
7118| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
7119| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
7120| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
7121| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
7122| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
7123| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
7124| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
7125| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
7126| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
7127| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
7128| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
7129| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
7130| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
7131| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
7132| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
7133| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
7134| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
7135| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
7136| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
7137| [58687] Apache Axis Invalid wsdl Request XSS
7138| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
7139| [58685] Apache Velocity Template Designer Privileged Code Execution
7140| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
7141| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
7142| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
7143| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
7144| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
7145| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
7146| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
7147| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
7148| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
7149| [58667] Apache Roller Database Cleartext Passwords Disclosure
7150| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
7151| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
7152| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
7153| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
7154| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
7155| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
7156| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
7157| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
7158| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
7159| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
7160| [56984] Apache Xerces2 Java Malformed XML Input DoS
7161| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
7162| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
7163| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
7164| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
7165| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
7166| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
7167| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
7168| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
7169| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
7170| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
7171| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
7172| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
7173| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
7174| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
7175| [55056] Apache Tomcat Cross-application TLD File Manipulation
7176| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
7177| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
7178| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
7179| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
7180| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
7181| [54589] Apache Jserv Nonexistent JSP Request XSS
7182| [54122] Apache Struts s:a / s:url Tag href Element XSS
7183| [54093] Apache ActiveMQ Web Console JMS Message XSS
7184| [53932] Apache Geronimo Multiple Admin Function CSRF
7185| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
7186| [53930] Apache Geronimo /console/portal/ URI XSS
7187| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
7188| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
7189| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
7190| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
7191| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
7192| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
7193| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
7194| [53380] Apache Struts Unspecified XSS
7195| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
7196| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
7197| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
7198| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
7199| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
7200| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
7201| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
7202| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
7203| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
7204| [51151] Apache Roller Search Function q Parameter XSS
7205| [50482] PHP with Apache php_value Order Unspecified Issue
7206| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
7207| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
7208| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
7209| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
7210| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
7211| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
7212| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
7213| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
7214| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
7215| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
7216| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
7217| [47096] Oracle Weblogic Apache Connector POST Request Overflow
7218| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
7219| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
7220| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
7221| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
7222| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
7223| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7224| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
7225| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
7226| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
7227| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
7228| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7229| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7230| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
7231| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7232| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
7233| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
7234| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
7235| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7236| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7237| [43452] Apache Tomcat HTTP Request Smuggling
7238| [43309] Apache Geronimo LoginModule Login Method Bypass
7239| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
7240| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7241| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
7242| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
7243| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7244| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
7245| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
7246| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
7247| [42091] Apache Maven Site Plugin Installation Permission Weakness
7248| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
7249| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
7250| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
7251| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
7252| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
7253| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
7254| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
7255| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
7256| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
7257| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
7258| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
7259| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
7260| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
7261| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
7262| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
7263| [40262] Apache HTTP Server mod_status refresh XSS
7264| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
7265| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
7266| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
7267| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
7268| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
7269| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
7270| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
7271| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
7272| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
7273| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
7274| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
7275| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
7276| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
7277| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
7278| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
7279| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
7280| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
7281| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
7282| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
7283| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
7284| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
7285| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
7286| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
7287| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
7288| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
7289| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
7290| [36080] Apache Tomcat JSP Examples Crafted URI XSS
7291| [36079] Apache Tomcat Manager Uploaded Filename XSS
7292| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
7293| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
7294| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
7295| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
7296| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
7297| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
7298| [34881] Apache Tomcat Malformed Accept-Language Header XSS
7299| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
7300| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
7301| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
7302| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
7303| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
7304| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
7305| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
7306| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
7307| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
7308| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
7309| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
7310| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
7311| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
7312| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
7313| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
7314| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
7315| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
7316| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
7317| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
7318| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
7319| [32724] Apache mod_python _filter_read Freed Memory Disclosure
7320| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
7321| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
7322| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
7323| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
7324| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
7325| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
7326| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
7327| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
7328| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
7329| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
7330| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
7331| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
7332| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
7333| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
7334| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
7335| [24365] Apache Struts Multiple Function Error Message XSS
7336| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
7337| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
7338| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
7339| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
7340| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
7341| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
7342| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
7343| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
7344| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
7345| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
7346| [22459] Apache Geronimo Error Page XSS
7347| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
7348| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7349| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7350| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7351| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7352| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7353| [21021] Apache Struts Error Message XSS
7354| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
7355| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
7356| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7357| [20439] Apache Tomcat Directory Listing Saturation DoS
7358| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
7359| [20285] Apache HTTP Server Log File Control Character Injection
7360| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7361| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7362| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7363| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7364| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7365| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7366| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7367| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7368| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7369| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7370| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7371| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7372| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7373| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7374| [18233] Apache HTTP Server htdigest user Variable Overfow
7375| [17738] Apache HTTP Server HTTP Request Smuggling
7376| [16586] Apache HTTP Server Win32 GET Overflow DoS
7377| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7378| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7379| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7380| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7381| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7382| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7383| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7384| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7385| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7386| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7387| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7388| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7389| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7390| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7391| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7392| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7393| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7394| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7395| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7396| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7397| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7398| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7399| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7400| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7401| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7402| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7403| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7404| [13304] Apache Tomcat realPath.jsp Path Disclosure
7405| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7406| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7407| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7408| [12848] Apache HTTP Server htdigest realm Variable Overflow
7409| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7410| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7411| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7412| [12557] Apache HTTP Server prefork MPM accept Error DoS
7413| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7414| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7415| [12231] Apache Tomcat web.xml Arbitrary File Access
7416| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7417| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7418| [12178] Apache Jakarta Lucene results.jsp XSS
7419| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7420| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7421| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7422| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7423| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7424| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7425| [10471] Apache Xerces-C++ XML Parser DoS
7426| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7427| [10068] Apache HTTP Server htpasswd Local Overflow
7428| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7429| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7430| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7431| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7432| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7433| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7434| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7435| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7436| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7437| [9714] Apache Authentication Module Threaded MPM DoS
7438| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7439| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7440| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7441| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7442| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7443| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7444| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7445| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7446| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7447| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7448| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7449| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7450| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7451| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7452| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7453| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7454| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7455| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7456| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7457| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7458| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7459| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7460| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7461| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7462| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7463| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7464| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7465| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7466| [9208] Apache Tomcat .jsp Encoded Newline XSS
7467| [9204] Apache Tomcat ROOT Application XSS
7468| [9203] Apache Tomcat examples Application XSS
7469| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7470| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7471| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7472| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7473| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7474| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7475| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7476| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7477| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7478| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7479| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7480| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7481| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7482| [7611] Apache HTTP Server mod_alias Local Overflow
7483| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7484| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7485| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7486| [6882] Apache mod_python Malformed Query String Variant DoS
7487| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7488| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7489| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7490| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7491| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7492| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7493| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7494| [5278] Apache Tomcat web.xml Restriction Bypass
7495| [5051] Apache Tomcat Null Character DoS
7496| [4973] Apache Tomcat servlet Mapping XSS
7497| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7498| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7499| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7500| [4568] mod_survey For Apache ENV Tags SQL Injection
7501| [4553] Apache HTTP Server ApacheBench Overflow DoS
7502| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7503| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7504| [4383] Apache HTTP Server Socket Race Condition DoS
7505| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7506| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7507| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7508| [4231] Apache Cocoon Error Page Server Path Disclosure
7509| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7510| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7511| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7512| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7513| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7514| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7515| [3322] mod_php for Apache HTTP Server Process Hijack
7516| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7517| [2885] Apache mod_python Malformed Query String DoS
7518| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7519| [2733] Apache HTTP Server mod_rewrite Local Overflow
7520| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7521| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7522| [2149] Apache::Gallery Privilege Escalation
7523| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7524| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7525| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7526| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7527| [872] Apache Tomcat Multiple Default Accounts
7528| [862] Apache HTTP Server SSI Error Page XSS
7529| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7530| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7531| [845] Apache Tomcat MSDOS Device XSS
7532| [844] Apache Tomcat Java Servlet Error Page XSS
7533| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7534| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7535| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7536| [775] Apache mod_python Module Importing Privilege Function Execution
7537| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7538| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7539| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7540| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7541| [637] Apache HTTP Server UserDir Directive Username Enumeration
7542| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7543| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7544| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7545| [561] Apache Web Servers mod_status /server-status Information Disclosure
7546| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7547| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7548| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7549| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7550| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7551| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7552| [376] Apache Tomcat contextAdmin Arbitrary File Access
7553| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7554| [222] Apache HTTP Server test-cgi Arbitrary File Access
7555| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7556| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7557|_
7558Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7559Device type: general purpose
7560Running (JUST GUESSING): Linux 3.X|4.X (90%)
7561OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.0
7562Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 4.0 (90%), Linux 4.4 (89%), Linux 3.10 - 3.12 (87%), Linux 3.10 (86%), Linux 4.9 (86%)
7563No exact OS matches for host (test conditions non-ideal).
7564Uptime guess: 37.156 days (since Tue Oct 29 19:32:49 2019)
7565Network Distance: 14 hops
7566TCP Sequence Prediction: Difficulty=263 (Good luck!)
7567IP ID Sequence Generation: All zeros
7568
7569TRACEROUTE (using port 80/tcp)
7570HOP RTT ADDRESS
75711 410.60 ms 10.249.204.1
75722 410.66 ms 213.184.122.97
75733 410.64 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
75744 410.66 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
75755 410.68 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
75766 410.70 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
75777 410.72 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
75788 410.74 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
75799 410.76 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
758010 410.81 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
758111 ...
758212 458.78 ms 5.23.0.38
758313 458.80 ms host-91-93-194-138.reverse.superonline.net (91.93.194.138)
758414 458.80 ms ns1.ihsdnsx45.com (94.138.199.135)
7585
7586NSE: Script Post-scanning.
7587Initiating NSE at 22:17
7588Completed NSE at 22:17, 0.00s elapsed
7589Initiating NSE at 22:17
7590Completed NSE at 22:17, 0.00s elapsed
7591#######################################################################################################################################
7592Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 22:17 EST
7593NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
7594NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
7595NSE: [pop3-brute] passwords: Time limit 10m00s exceeded.
7596Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
7597Host is up (0.39s latency).
7598
7599PORT STATE SERVICE VERSION
7600110/tcp open pop3 Courier pop3d
7601| pop3-brute:
7602| Accounts: No valid accounts found
7603|_ Statistics: Performed 7264 guesses in 601 seconds, average tps: 11.8
7604|_pop3-capabilities: TOP STLS USER UIDL IMPLEMENTATION(Courier Mail Server) PIPELINING APOP LOGIN-DELAY(10) SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN)
7605| vulscan: VulDB - https://vuldb.com:
7606| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
7607| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
7608| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
7609| [50725] e-Courier CMS cross site scripting
7610| [46287] Pre Courier and Cargo Business unknown vulnerability
7611| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
7612| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
7613|
7614| MITRE CVE - https://cve.mitre.org:
7615| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7616| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
7617| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
7618| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
7619| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
7620| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
7621| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
7622| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
7623| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
7624| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
7625| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
7626| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7627| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
7628| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
7629| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7630| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
7631| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
7632| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
7633| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
7634| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
7635| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
7636| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
7637| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
7638| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
7639| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
7640| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
7641| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7642|
7643| SecurityFocus - https://www.securityfocus.com/bid/:
7644| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
7645| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
7646| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
7647| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
7648| [39838] tpop3d Remote Denial of Service Vulnerability
7649| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
7650| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
7651| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
7652| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
7653| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
7654| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
7655| [15771] Courier Mail Server Unauthorized Access Vulnerability
7656| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
7657| [10976] Courier-IMAP Remote Format String Vulnerability
7658| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
7659| [8495] akpop3d User Name SQL Injection Vulnerability
7660| [8473] Vpop3d Remote Denial Of Service Vulnerability
7661| [6738] Courier-IMAP Username SQL Injection Vulnerability
7662| [6189] Courier SqWebMail File Disclosure Vulnerability
7663| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
7664| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
7665| [3990] ZPop3D Bad Login Logging Failure Vulnerability
7666| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
7667|
7668| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7669| [54180] e-Courier CMS multiple scripts cross-site scripting
7670| [54143] e-Courier CMS index.asp cross-site scripting
7671| [47494] Courier Authentication Library Postgres SQL injection
7672| [47436] PRE COURIER &
7673| [43628] Novell OpenSUSE courier-authlib SQL injection
7674| [42950] Courier authentication library username SQL injection
7675| [33805] Gentoo Courier-IMAP command execution
7676| [26998] Courier Mail Server libs/comverp.c usernames denial of service
7677| [26578] Cyrus IMAP pop3d buffer overflow
7678| [23532] Courier Mail Server authentication daemon allows deactivated account access
7679| [21565] Courier Mail Server rfc1035/spf.c denial of service
7680| [17034] Courier-IMAP auth_debug format string attack
7681| [15434] Courier Japanese codeset converter buffer overflow
7682| [13018] akpop3d authentication code SQL injection
7683| [11213] Courier-IMAP authpgsqllib username SQL injection
7684| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
7685| [9228] Courier MTA long year denial of service
7686| [7345] Slackware Linux imapd and ipop3d core dump
7687| [6269] imap, ipop2d and ipop3d buffer overflows
7688| [5923] Linuxconf vpop3d symbolic link
7689| [4918] IPOP3D, Buffer overflow attack
7690| [1560] IPOP3D, user login successful
7691| [1559] IPOP3D user login to remote host successful
7692| [1525] IPOP3D, user logout
7693| [1524] IPOP3D, user auto-logout
7694| [1523] IPOP3D, user login failure
7695| [1522] IPOP3D, brute force attack
7696| [1521] IPOP3D, user kiss of death logout
7697| [418] pop3d mktemp creates insecure temporary files
7698|
7699| Exploit-DB - https://www.exploit-db.com:
7700| [23053] Vpop3d Remote Denial of Service Vulnerability
7701| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
7702| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
7703| [11893] tPop3d 1.5.3 DoS
7704| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
7705| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
7706| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
7707| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
7708|
7709| OpenVAS (Nessus) - http://www.openvas.org:
7710| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
7711| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
7712| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
7713| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
7714| [61192] FreeBSD Ports: courier-authlib
7715| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
7716| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
7717| [57001] Debian Security Advisory DSA 1101-1 (courier)
7718| [55972] Debian Security Advisory DSA 917-1 (courier)
7719| [55421] Debian Security Advisory DSA 820-1 (courier)
7720| [55204] Debian Security Advisory DSA 793-1 (courier)
7721| [55165] Debian Security Advisory DSA 784-1 (courier)
7722| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
7723| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
7724| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
7725| [53589] Debian Security Advisory DSA 247-1 (courier)
7726| [53441] Debian Security Advisory DSA 197-1 (courier)
7727| [53222] Debian Security Advisory DSA 533-1 (courier)
7728| [52431] FreeBSD Ports: courier
7729| [52418] FreeBSD Ports: courier-imap
7730|
7731| SecurityTracker - https://www.securitytracker.com:
7732| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
7733| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
7734| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
7735| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
7736| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
7737| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
7738| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
7739|
7740| OSVDB - http://www.osvdb.org:
7741| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
7742| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
7743| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
7744| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
7745| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
7746| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
7747| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
7748| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
7749| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
7750| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
7751| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
7752| [47516] openSUSE courier-authlib Unspecified SQL Injection
7753| [46049] Courier Authentication Library Username SQL Injection
7754| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
7755| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
7756| [26232] Courier Mail Server Crafted Username Encoding DoS
7757| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7758| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
7759| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
7760| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
7761| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
7762| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7763| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
7764| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
7765| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
7766| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
7767| [5857] Linux pop3d Arbitrary Mail File Access
7768| [5052] Double Precision Courier MTA Invalid Year DoS
7769| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
7770| [2471] akpop3d username SQL Injection
7771|_
7772Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7773Device type: general purpose
7774Running (JUST GUESSING): Linux 3.X|4.X (90%)
7775OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4
7776Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.10 (88%), Linux 3.10 - 3.12 (87%), Linux 4.4 (87%), Linux 4.9 (87%), Linux 4.0 (86%)
7777No exact OS matches for host (test conditions non-ideal).
7778Network Distance: 14 hops
7779Service Info: Host: localhost.localdomain
7780
7781TRACEROUTE (using port 443/tcp)
7782HOP RTT ADDRESS
77831 320.98 ms 10.249.204.1
77842 321.06 ms 213.184.122.97
77853 321.05 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
77864 321.05 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
77875 321.12 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
77886 321.11 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
77897 321.20 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
77908 321.19 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
77919 321.25 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
779210 321.29 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
779311 458.99 ms 5.23.0.38
779412 459.07 ms host-91-93-194-138.reverse.superonline.net (91.93.194.138)
779513 459.09 ms host-91-93-194-138.reverse.superonline.net (91.93.194.138)
779614 458.80 ms ns1.ihsdnsx45.com (94.138.199.135)
7797#######################################################################################################################################
7798https://94.138.199.135 [200 OK] Apache, Country[TURKEY][TR], HTML5, HTTPServer[Apache], IP[94.138.199.135], Plesk[Lin], Title[Web Server's Default Page], X-Powered-By[PleskLin], X-UA-Compatible[IE=edge]
7799#######################################################################################################################################
7800Version: 1.11.13-static
7801OpenSSL 1.0.2-chacha (1.0.2g-dev)
7802
7803Connected to 94.138.199.135
7804
7805Testing SSL server 94.138.199.135 on port 443 using SNI name 94.138.199.135
7806
7807 TLS Fallback SCSV:
7808Server supports TLS Fallback SCSV
7809
7810 TLS renegotiation:
7811Session renegotiation not supported
7812
7813 TLS Compression:
7814Compression disabled
7815
7816 Heartbleed:
7817TLS 1.2 not vulnerable to heartbleed
7818TLS 1.1 not vulnerable to heartbleed
7819TLS 1.0 not vulnerable to heartbleed
7820
7821 Supported Server Cipher(s):
7822Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
7823Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
7824
7825 SSL Certificate:
7826Signature Algorithm: sha256WithRSAEncryption
7827RSA Key Strength: 2048
7828
7829Subject: Plesk
7830Issuer: Plesk
7831
7832Not valid before: Dec 14 12:15:58 2017 GMT
7833Not valid after: Dec 14 12:15:58 2018 GMT
7834#######################################################################################################################################
7835Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-05 22:36 EST
7836NSE: Loaded 47 scripts for scanning.
7837NSE: Script Pre-scanning.
7838Initiating NSE at 22:36
7839Completed NSE at 22:36, 0.00s elapsed
7840Initiating NSE at 22:36
7841Completed NSE at 22:36, 0.00s elapsed
7842Initiating Parallel DNS resolution of 1 host. at 22:36
7843Completed Parallel DNS resolution of 1 host. at 22:36, 0.02s elapsed
7844Initiating SYN Stealth Scan at 22:36
7845Scanning ns1.ihsdnsx45.com (94.138.199.135) [65535 ports]
7846Discovered open port 143/tcp on 94.138.199.135
7847Discovered open port 21/tcp on 94.138.199.135
7848Discovered open port 80/tcp on 94.138.199.135
7849Discovered open port 53/tcp on 94.138.199.135
7850Discovered open port 443/tcp on 94.138.199.135
7851Discovered open port 110/tcp on 94.138.199.135
7852Discovered open port 587/tcp on 94.138.199.135
7853SYN Stealth Scan Timing: About 2.16% done; ETC: 23:00 (0:23:23 remaining)
7854SYN Stealth Scan Timing: About 6.82% done; ETC: 22:51 (0:13:54 remaining)
7855SYN Stealth Scan Timing: About 13.03% done; ETC: 22:48 (0:10:07 remaining)
7856SYN Stealth Scan Timing: About 19.79% done; ETC: 22:46 (0:08:10 remaining)
7857SYN Stealth Scan Timing: About 28.37% done; ETC: 22:45 (0:06:21 remaining)
7858SYN Stealth Scan Timing: About 37.95% done; ETC: 22:44 (0:04:56 remaining)
7859SYN Stealth Scan Timing: About 46.94% done; ETC: 22:44 (0:03:59 remaining)
7860SYN Stealth Scan Timing: About 55.03% done; ETC: 22:43 (0:03:17 remaining)
7861SYN Stealth Scan Timing: About 65.31% done; ETC: 22:43 (0:02:24 remaining)
7862SYN Stealth Scan Timing: About 73.67% done; ETC: 22:43 (0:01:48 remaining)
7863SYN Stealth Scan Timing: About 81.25% done; ETC: 22:43 (0:01:16 remaining)
7864SYN Stealth Scan Timing: About 87.41% done; ETC: 22:43 (0:00:53 remaining)
7865Completed SYN Stealth Scan at 22:43, 429.72s elapsed (65535 total ports)
7866Initiating Service scan at 22:43
7867Scanning 7 services on ns1.ihsdnsx45.com (94.138.199.135)
7868Completed Service scan at 22:44, 20.58s elapsed (7 services on 1 host)
7869Initiating OS detection (try #1) against ns1.ihsdnsx45.com (94.138.199.135)
7870Retrying OS detection (try #2) against ns1.ihsdnsx45.com (94.138.199.135)
7871Initiating Traceroute at 22:44
7872Completed Traceroute at 22:44, 0.34s elapsed
7873Initiating Parallel DNS resolution of 2 hosts. at 22:44
7874Completed Parallel DNS resolution of 2 hosts. at 22:44, 0.01s elapsed
7875NSE: Script scanning 94.138.199.135.
7876Initiating NSE at 22:44
7877Completed NSE at 22:45, 40.94s elapsed
7878Initiating NSE at 22:45
7879Completed NSE at 22:45, 3.57s elapsed
7880Nmap scan report for ns1.ihsdnsx45.com (94.138.199.135)
7881Host is up (0.34s latency).
7882Not shown: 65524 filtered ports
7883PORT STATE SERVICE VERSION
788421/tcp open ftp ProFTPD
7885| vulscan: VulDB - https://vuldb.com:
7886| [138380] ProFTPD 1.3.5b mod_copy Code Execution
7887| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
7888| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
7889| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
7890| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
7891| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
7892| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
7893| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
7894| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
7895| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
7896| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
7897| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
7898| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
7899| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
7900| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
7901| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
7902| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
7903| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
7904| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
7905| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
7906| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
7907| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
7908|
7909| MITRE CVE - https://cve.mitre.org:
7910| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
7911| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
7912| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
7913| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
7914| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
7915| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
7916| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
7917| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
7918| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
7919| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
7920| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
7921| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
7922| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
7923| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
7924| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
7925| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
7926| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
7927| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
7928| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
7929| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
7930| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
7931| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
7932| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
7933| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
7934| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
7935| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
7936| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
7937| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
7938| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
7939| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
7940| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
7941| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
7942| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
7943| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
7944| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
7945| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
7946| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
7947| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
7948| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
7949|
7950| SecurityFocus - https://www.securityfocus.com/bid/:
7951| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
7952| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
7953| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
7954| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
7955| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
7956| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
7957| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
7958| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
7959| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
7960| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
7961| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
7962| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
7963| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
7964| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
7965| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
7966| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
7967| [44562] ProFTPD Multiple Remote Vulnerabilities
7968| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
7969| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
7970| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
7971| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
7972| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
7973| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
7974| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
7975| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
7976| [14381] ProFTPD Shutdown Message Format String Vulnerability
7977| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
7978| [12588] GProFTPD GProstats Remote Format String Vulnerability
7979| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
7980| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
7981| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
7982| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
7983| [7974] ProFTPD SQL Injection mod_sql Vulnerability
7984| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
7985| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
7986| [3310] ProFTPD Client Hostname Resolving Vulnerability
7987| [2366] ProFTPD USER Remote Denial of Service Vulnerability
7988| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
7989| [812] ProFTPD mod_sqlpw Vulnerability
7990| [650] ProFTPD snprintf Vulnerability
7991| [612] ProFTPD Remote Buffer Overflow
7992|
7993| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7994| [80980] ProFTPD FTP commands symlink
7995| [71226] ProFTPD pool code execution
7996| [65207] ProFTPD mod_sftp module denial of service
7997| [64495] ProFTPD sql_prepare_where() buffer overflow
7998| [63658] ProFTPD FTP server backdoor
7999| [63407] mod_sql module for ProFTPD buffer overflow
8000| [63155] ProFTPD pr_data_xfer denial of service
8001| [62909] ProFTPD mod_site_misc directory traversal
8002| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
8003| [53936] ProFTPD mod_tls SSL certificate security bypass
8004| [48951] ProFTPD mod_sql username percent SQL injection
8005| [48558] ProFTPD NLS support SQL injection protection bypass
8006| [45274] ProFTPD URL cross-site request forgery
8007| [33733] ProFTPD Auth API security bypass
8008| [31461] ProFTPD mod_radius buffer overflow
8009| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
8010| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
8011| [30147] ProFTPD sreplace() buffer overflow
8012| [21530] ProFTPD mod_sql format string attack
8013| [21528] ProFTPD shutdown message format string attack
8014| [19410] GProFTPD file name format string attack
8015| [18453] ProFTPD SITE CHGRP command allows group ownership modification
8016| [17724] ProFTPD could allow an attacker to obtain valid accounts
8017| [16038] ProFTPD CIDR entry ACL bypass
8018| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
8019| [12369] ProFTPD mod_sql SQL injection
8020| [12200] ProFTPD ASCII file newline buffer overflow
8021| [10932] ProFTPD long PASS command buffer overflow
8022| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
8023| [7818] ProFTPD ls "
8024| [7816] ProFTPD file globbing denial of service
8025| [7126] ProFTPD fails to resolve hostnames
8026| [6433] ProFTPD format string
8027| [6209] proFTPD /var symlink
8028| [6208] ProFTPD contains configuration error in postinst script when running as root
8029| [5801] proftpd memory leak when using SIZE or USER commands
8030| [5737] ProFTPD system using mod_sqlpw unauthorized access
8031|
8032| Exploit-DB - https://www.exploit-db.com:
8033| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
8034| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
8035| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
8036| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
8037| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
8038| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
8039| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
8040| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
8041| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
8042| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
8043| [16921] ProFTPD-1.3.3c Backdoor Command Execution
8044| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
8045| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
8046| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
8047| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
8048| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
8049| [15449] ProFTPD IAC Remote Root Exploit
8050| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
8051| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
8052| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
8053| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
8054| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
8055| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
8056| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
8057| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
8058| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
8059| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
8060| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
8061| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
8062| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
8063| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
8064| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
8065| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
8066|
8067| OpenVAS (Nessus) - http://www.openvas.org:
8068| [900815] ProFTPD Server Remote Version Detection
8069| [900507] ProFTPD Server SQL Injection Vulnerability
8070| [900506] ProFTPD Server Version Detection
8071| [900133] ProFTPD Long Command Handling Security Vulnerability
8072| [863897] Fedora Update for proftpd FEDORA-2011-15765
8073| [863633] Fedora Update for proftpd FEDORA-2011-15741
8074| [863630] Fedora Update for proftpd FEDORA-2011-15740
8075| [862999] Fedora Update for proftpd FEDORA-2011-5040
8076| [862992] Fedora Update for proftpd FEDORA-2011-5033
8077| [862829] Fedora Update for proftpd FEDORA-2011-0613
8078| [862828] Fedora Update for proftpd FEDORA-2011-0610
8079| [862658] Fedora Update for proftpd FEDORA-2010-17091
8080| [862546] Fedora Update for proftpd FEDORA-2010-17220
8081| [862544] Fedora Update for proftpd FEDORA-2010-17098
8082| [861120] Fedora Update for proftpd FEDORA-2007-2613
8083| [831503] Mandriva Update for proftpd MDVSA-2011:181 (proftpd)
8084| [831323] Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
8085| [831242] Mandriva Update for proftpd MDVSA-2010:227 (proftpd)
8086| [830311] Mandriva Update for proftpd MDKSA-2007:130 (proftpd)
8087| [830197] Mandriva Update for proftpd MDKA-2007:089 (proftpd)
8088| [801640] ProFTPD Denial of Service Vulnerability
8089| [801639] ProFTPD Multiple Remote Vulnerabilities
8090| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
8091| [100933] ProFTPD Backdoor Unauthorized Access Vulnerability
8092| [100316] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
8093| [71967] Slackware Advisory SSA:2012-041-04 proftpd
8094| [70586] FreeBSD Ports: proftpd, proftpd-mysql
8095| [70560] Debian Security Advisory DSA 2346-2 (proftpd-dfsg)
8096| [70559] Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
8097| [69584] Slackware Advisory SSA:2011-095-01 proftpd
8098| [69327] Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
8099| [69322] Debian Security Advisory DSA 2185-1 (proftpd-dfsg)
8100| [68801] Slackware Advisory SSA:2010-357-02 proftpd
8101| [68702] FreeBSD Ports: proftpd
8102| [68697] FreeBSD Ports: proftpd
8103| [68466] Slackware Advisory SSA:2010-305-03 proftpd
8104| [66585] Fedora Core 11 FEDORA-2009-13236 (proftpd)
8105| [66583] Fedora Core 12 FEDORA-2009-13250 (proftpd)
8106| [66291] Fedora Core 10 FEDORA-2009-11666 (proftpd)
8107| [66290] Fedora Core 11 FEDORA-2009-11649 (proftpd)
8108| [66205] Debian Security Advisory DSA 1925-1 (proftpd-dfsg)
8109| [66091] Mandrake Security Advisory MDVSA-2009:288 (proftpd)
8110| [64966] Fedora Core 10 FEDORA-2009-9386 (proftpd)
8111| [63630] FreeBSD Ports: proftpd, proftpd-mysql
8112| [63573] Debian Security Advisory DSA 1727-1 (proftpd-dfsg)
8113| [63558] Gentoo Security Advisory GLSA 200903-27 (proftpd)
8114| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
8115| [63128] Fedora Core 8 FEDORA-2009-0195 (proftpd)
8116| [63119] Fedora Core 10 FEDORA-2009-0089 (proftpd)
8117| [63117] Fedora Core 9 FEDORA-2009-0064 (proftpd)
8118| [63061] Debian Security Advisory DSA 1689-1 (proftpd-dfsg)
8119| [61656] FreeBSD Ports: proftpd, proftpd-mysql
8120| [58019] Gentoo Security Advisory GLSA 200702-02 (proftpd)
8121| [57939] Gentoo Security Advisory GLSA 200611-26 (proftpd)
8122| [57786] Debian Security Advisory DSA 1245-1 (proftpd)
8123| [57725] FreeBSD Ports: proftpd, proftpd-mysql
8124| [57703] Slackware Advisory SSA:2006-335-02 proftpd
8125| [57686] Debian Security Advisory DSA 1222-2 (proftpd)
8126| [57683] Debian Security Advisory DSA 1222-1 (proftpd)
8127| [57592] Debian Security Advisory DSA 1218-1 (proftpd)
8128| [57576] FreeBSD Ports: proftpd, proftpd-mysql
8129| [55234] Debian Security Advisory DSA 795-2 (proftpd)
8130| [55007] Gentoo Security Advisory GLSA 200508-02 (proftpd)
8131| [54858] Gentoo Security Advisory GLSA 200502-26 (GProFTPD)
8132| [54569] Gentoo Security Advisory GLSA 200405-09 (proftpd)
8133| [54483] FreeBSD Ports: proftpd, proftpd-mysql
8134| [53882] Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
8135| [53794] Debian Security Advisory DSA 032-1 (proftpd)
8136| [53791] Debian Security Advisory DSA 029-1 (proftpd)
8137| [52532] FreeBSD Ports: proftpd
8138| [52464] FreeBSD Ports: proftpd
8139| [15484] proftpd < 1.2.11 remote user enumeration
8140|
8141| SecurityTracker - https://www.securitytracker.com:
8142| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
8143| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
8144| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
8145| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
8146| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
8147| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
8148| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
8149| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
8150| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
8151| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
8152| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
8153| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
8154| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
8155| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
8156|
8157| OSVDB - http://www.osvdb.org:
8158| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
8159| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
8160| [70868] ProFTPD mod_sftp Component SSH Payload DoS
8161| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
8162| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
8163| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
8164| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
8165| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
8166| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
8167| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
8168| [57310] ProFTPD Multiple Unspecified Overflows
8169| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
8170| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
8171| [57307] ProFTPD Multiple Modules Unspecified Overflows
8172| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
8173| [57305] ProFTPD src/main.c Unspecified Overflow
8174| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
8175| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
8176| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
8177| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
8178| [51849] ProFTPD Character Encoding SQL Injection
8179| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
8180| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
8181| [48411] ProFTPD FTP Command Truncation CSRF
8182| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
8183| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
8184| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
8185| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
8186| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
8187| [23063] ProFTPD mod_radius Password Overflow DoS
8188| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
8189| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
8190| [18270] ProFTPD ftpshut Shutdown Message Format String
8191| [14012] GProftpd gprostats Utility Log Parser Remote Format String
8192| [10769] ProFTPD File Transfer Newline Character Overflow
8193| [10768] ProFTPD STAT Command Remote DoS
8194| [10758] ProFTPD Login Timing Account Name Enumeration
8195| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
8196| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
8197| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
8198| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
8199| [7165] ProFTPD USER Command Memory Leak DoS
8200| [5744] ProFTPD CIDR IP Subnet ACL Bypass
8201| [5705] ProFTPD Malformed cwd Command Format String
8202| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
8203| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
8204| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
8205|_
820625/tcp closed smtp
820753/tcp open domain (unknown banner: none)
8208| fingerprint-strings:
8209| DNSVersionBindReqTCP:
8210| version
8211| bind
8212|_ none
821380/tcp open http Apache httpd (PleskLin)
8214|_http-server-header: Apache
8215| vulscan: VulDB - https://vuldb.com:
8216| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8217| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8218| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8219| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8220| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8221| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8222| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8223| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8224| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8225| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8226| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8227| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8228| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8229| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8230| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8231| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8232| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8233| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8234| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8235| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8236| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8237| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8238| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8239| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8240| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8241| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8242| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8243| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8244| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8245| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8246| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8247| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8248| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8249| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8250| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
8251| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8252| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
8253| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
8254| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
8255| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
8256| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8257| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8258| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
8259| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
8260| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
8261| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8262| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8263| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
8264| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
8265| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8266| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8267| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
8268| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
8269| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
8270| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
8271| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
8272| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
8273| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
8274| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
8275| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
8276| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
8277| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8278| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8279| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
8280| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
8281| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8282| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
8283| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
8284| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
8285| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
8286| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
8287| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
8288| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
8289| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
8290| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
8291| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
8292| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
8293| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
8294| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
8295| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
8296| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
8297| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
8298| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
8299| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
8300| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
8301| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
8302| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
8303| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
8304| [136370] Apache Fineract up to 1.2.x sql injection
8305| [136369] Apache Fineract up to 1.2.x sql injection
8306| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
8307| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
8308| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
8309| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
8310| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
8311| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8312| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8313| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8314| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8315| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8316| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8317| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8318| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8319| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8320| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8321| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8322| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8323| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8324| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8325| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8326| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8327| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8328| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8329| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8330| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8331| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8332| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8333| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8334| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8335| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8336| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8337| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8338| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8339| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8340| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8341| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8342| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8343| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8344| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8345| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8346| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8347| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8348| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8349| [130629] Apache Guacamole Cookie Flag weak encryption
8350| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8351| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8352| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8353| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8354| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8355| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8356| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8357| [130123] Apache Airflow up to 1.8.2 information disclosure
8358| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8359| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8360| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8361| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8362| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8363| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8364| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8365| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8366| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8367| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8368| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8369| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8370| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8371| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8372| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8373| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8374| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8375| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8376| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8377| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8378| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8379| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8380| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8381| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8382| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8383| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8384| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8385| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8386| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8387| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8388| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8389| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8390| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8391| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8392| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8393| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8394| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8395| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8396| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8397| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8398| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8399| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8400| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8401| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8402| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8403| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8404| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8405| [127007] Apache Spark Request Code Execution
8406| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8407| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8408| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8409| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8410| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8411| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8412| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8413| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8414| [126346] Apache Tomcat Path privilege escalation
8415| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8416| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8417| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8418| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8419| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8420| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8421| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8422| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8423| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8424| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8425| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8426| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8427| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8428| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8429| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8430| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8431| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8432| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8433| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8434| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8435| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8436| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8437| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8438| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8439| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8440| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8441| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8442| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8443| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8444| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8445| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8446| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8447| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8448| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8449| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8450| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8451| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8452| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8453| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8454| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8455| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8456| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8457| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8458| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8459| [123197] Apache Sentry up to 2.0.0 privilege escalation
8460| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8461| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8462| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8463| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8464| [122800] Apache Spark 1.3.0 REST API weak authentication
8465| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8466| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8467| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8468| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8469| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8470| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8471| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8472| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8473| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8474| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8475| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8476| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8477| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8478| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8479| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8480| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8481| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8482| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8483| [121354] Apache CouchDB HTTP API Code Execution
8484| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8485| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8486| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8487| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8488| [120168] Apache CXF weak authentication
8489| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8490| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8491| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8492| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8493| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8494| [119306] Apache MXNet Network Interface privilege escalation
8495| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8496| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8497| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8498| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8499| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8500| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8501| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8502| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8503| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8504| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8505| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8506| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8507| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8508| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8509| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8510| [117115] Apache Tika up to 1.17 tika-server command injection
8511| [116929] Apache Fineract getReportType Parameter privilege escalation
8512| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8513| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8514| [116926] Apache Fineract REST Parameter privilege escalation
8515| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8516| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8517| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8518| [115883] Apache Hive up to 2.3.2 privilege escalation
8519| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8520| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8521| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8522| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8523| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8524| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8525| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8526| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8527| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8528| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8529| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8530| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8531| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8532| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8533| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8534| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8535| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8536| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8537| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8538| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8539| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8540| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8541| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8542| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8543| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8544| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8545| [113895] Apache Geode up to 1.3.x Code Execution
8546| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8547| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8548| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8549| [113747] Apache Tomcat Servlets privilege escalation
8550| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8551| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8552| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8553| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8554| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8555| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8556| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8557| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8558| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8559| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8560| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8561| [112885] Apache Allura up to 1.8.0 File information disclosure
8562| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8563| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8564| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8565| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8566| [112625] Apache POI up to 3.16 Loop denial of service
8567| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8568| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8569| [112339] Apache NiFi 1.5.0 Header privilege escalation
8570| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8571| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8572| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8573| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8574| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8575| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8576| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8577| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8578| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8579| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8580| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8581| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8582| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8583| [112114] Oracle 9.1 Apache Log4j privilege escalation
8584| [112113] Oracle 9.1 Apache Log4j privilege escalation
8585| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8586| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8587| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8588| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8589| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8590| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8591| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8592| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8593| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8594| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8595| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8596| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8597| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8598| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8599| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8600| [110701] Apache Fineract Query Parameter sql injection
8601| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8602| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8603| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8604| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8605| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8606| [110106] Apache CXF Fediz Spring cross site request forgery
8607| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8608| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8609| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8610| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8611| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8612| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8613| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8614| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8615| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8616| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8617| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8618| [108938] Apple macOS up to 10.13.1 apache denial of service
8619| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8620| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8621| [108935] Apple macOS up to 10.13.1 apache denial of service
8622| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8623| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8624| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8625| [108931] Apple macOS up to 10.13.1 apache denial of service
8626| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8627| [108929] Apple macOS up to 10.13.1 apache denial of service
8628| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8629| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8630| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8631| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8632| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8633| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8634| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8635| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8636| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8637| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8638| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8639| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8640| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8641| [108782] Apache Xerces2 XML Service denial of service
8642| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8643| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8644| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8645| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8646| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8647| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8648| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8649| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8650| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8651| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8652| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8653| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8654| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8655| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8656| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8657| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8658| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8659| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8660| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8661| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8662| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8663| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8664| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8665| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8666| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8667| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8668| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8669| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8670| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8671| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8672| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8673| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8674| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8675| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8676| [107639] Apache NiFi 1.4.0 XML External Entity
8677| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8678| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8679| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8680| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8681| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8682| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8683| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8684| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8685| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8686| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8687| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8688| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8689| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8690| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8691| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8692| [107084] Apache Struts up to 2.3.19 cross site scripting
8693| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8694| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8695| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8696| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8697| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8698| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8699| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8700| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8701| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8702| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8703| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8704| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8705| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8706| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8707| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8708| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8709| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8710| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8711| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8712| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8713| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8714| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8715| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8716| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8717| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8718| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8719| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8720| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8721| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8722| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8723| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8724| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8725| [105643] Apache Pony Mail up to 0.8b weak authentication
8726| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8727| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8728| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8729| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8730| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8731| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8732| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8733| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8734| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8735| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8736| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8737| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8738| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8739| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8740| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8741| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8742| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8743| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8744| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8745| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8746| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8747| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8748| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8749| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8750| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8751| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8752| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8753| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8754| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8755| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8756| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8757| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8758| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8759| [103690] Apache OpenMeetings 1.0.0 sql injection
8760| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8761| [103688] Apache OpenMeetings 1.0.0 weak encryption
8762| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8763| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8764| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8765| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8766| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8767| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8768| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8769| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8770| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8771| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8772| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8773| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8774| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8775| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8776| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8777| [103352] Apache Solr Node weak authentication
8778| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8779| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8780| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8781| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8782| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8783| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8784| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8785| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8786| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8787| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8788| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8789| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8790| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8791| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8792| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8793| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8794| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8795| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8796| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8797| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8798| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8799| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8800| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8801| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8802| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8803| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8804| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8805| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8806| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8807| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8808| [99937] Apache Batik up to 1.8 privilege escalation
8809| [99936] Apache FOP up to 2.1 privilege escalation
8810| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8811| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8812| [99930] Apache Traffic Server up to 6.2.0 denial of service
8813| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8814| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8815| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8816| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8817| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8818| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8819| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8820| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8821| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8822| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8823| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8824| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8825| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8826| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8827| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8828| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8829| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8830| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8831| [98605] Apple macOS up to 10.12.3 Apache denial of service
8832| [98604] Apple macOS up to 10.12.3 Apache denial of service
8833| [98603] Apple macOS up to 10.12.3 Apache denial of service
8834| [98602] Apple macOS up to 10.12.3 Apache denial of service
8835| [98601] Apple macOS up to 10.12.3 Apache denial of service
8836| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8837| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8838| [98199] Apache Camel Validation XML External Entity
8839| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8840| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8841| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8842| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8843| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8844| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8845| [97081] Apache Tomcat HTTPS Request denial of service
8846| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8847| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8848| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8849| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8850| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8851| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8852| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8853| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8854| [95311] Apache Storm UI Daemon privilege escalation
8855| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8856| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8857| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8858| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8859| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8860| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8861| [94540] Apache Tika 1.9 tika-server File information disclosure
8862| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8863| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8864| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8865| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8866| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8867| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8868| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8869| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8870| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8871| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8872| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8873| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8874| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8875| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8876| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8877| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8878| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8879| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8880| [93532] Apache Commons Collections Library Java privilege escalation
8881| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8882| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8883| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8884| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8885| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8886| [93098] Apache Commons FileUpload privilege escalation
8887| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8888| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8889| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8890| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8891| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8892| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8893| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8894| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8895| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8896| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8897| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8898| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8899| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8900| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8901| [92549] Apache Tomcat on Red Hat privilege escalation
8902| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8903| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8904| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8905| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8906| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8907| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8908| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8909| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8910| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8911| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8912| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8913| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8914| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8915| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8916| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8917| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8918| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8919| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8920| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8921| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8922| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8923| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8924| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8925| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8926| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8927| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8928| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8929| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8930| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8931| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8932| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8933| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8934| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8935| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8936| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8937| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8938| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8939| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8940| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8941| [90263] Apache Archiva Header denial of service
8942| [90262] Apache Archiva Deserialize privilege escalation
8943| [90261] Apache Archiva XML DTD Connection privilege escalation
8944| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8945| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8946| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8947| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8948| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8949| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8950| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8951| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8952| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8953| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8954| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8955| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8956| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8957| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8958| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8959| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8960| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8961| [87765] Apache James Server 2.3.2 Command privilege escalation
8962| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8963| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8964| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8965| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8966| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8967| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8968| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8969| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8970| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8971| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8972| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8973| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8974| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8975| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8976| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8977| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8978| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8979| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8980| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8981| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8982| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8983| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8984| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8985| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8986| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8987| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8988| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8989| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8990| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8991| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8992| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8993| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8994| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8995| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8996| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8997| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8998| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8999| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9000| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9001| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9002| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9003| [82076] Apache Ranger up to 0.5.1 privilege escalation
9004| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9005| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9006| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9007| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9008| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9009| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9010| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9011| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9012| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9013| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9014| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9015| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9016| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9017| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9018| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9019| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9020| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9021| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9022| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9023| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9024| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9025| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9026| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9027| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9028| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9029| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9030| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9031| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9032| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9033| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9034| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9035| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9036| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9037| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9038| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9039| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9040| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9041| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9042| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9043| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9044| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9045| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9046| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9047| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9048| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9049| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9050| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9051| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9052| [78989] Apache Ambari up to 2.1.1 Open Redirect
9053| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9054| [78987] Apache Ambari up to 2.0.x cross site scripting
9055| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9056| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9057| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9058| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9059| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9060| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9061| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9062| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9063| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9064| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9065| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9066| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9067| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9068| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9069| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9070| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9071| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9072| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9073| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9074| [76567] Apache Struts 2.3.20 unknown vulnerability
9075| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9076| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9077| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9078| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9079| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9080| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9081| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9082| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9083| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9084| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9085| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9086| [74793] Apache Tomcat File Upload denial of service
9087| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9088| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9089| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9090| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9091| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9092| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9093| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9094| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9095| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9096| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9097| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9098| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9099| [74468] Apache Batik up to 1.6 denial of service
9100| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9101| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9102| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9103| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9104| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9105| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9106| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9107| [73731] Apache XML Security unknown vulnerability
9108| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9109| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9110| [73593] Apache Traffic Server up to 5.1.0 denial of service
9111| [73511] Apache POI up to 3.10 Deadlock denial of service
9112| [73510] Apache Solr up to 4.3.0 cross site scripting
9113| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9114| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9115| [73173] Apache CloudStack Stack-Based unknown vulnerability
9116| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9117| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9118| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9119| [72890] Apache Qpid 0.30 unknown vulnerability
9120| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9121| [72878] Apache Cordova 3.5.0 cross site request forgery
9122| [72877] Apache Cordova 3.5.0 cross site request forgery
9123| [72876] Apache Cordova 3.5.0 cross site request forgery
9124| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9125| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9126| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9127| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9128| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9129| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9130| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9131| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9132| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9133| [71629] Apache Axis2/C spoofing
9134| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9135| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9136| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9137| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9138| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9139| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9140| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9141| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9142| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9143| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9144| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9145| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9146| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9147| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9148| [70809] Apache POI up to 3.11 Crash denial of service
9149| [70808] Apache POI up to 3.10 unknown vulnerability
9150| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9151| [70749] Apache Axis up to 1.4 getCN spoofing
9152| [70701] Apache Traffic Server up to 3.3.5 denial of service
9153| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9154| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9155| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9156| [70661] Apache Subversion up to 1.6.17 denial of service
9157| [70660] Apache Subversion up to 1.6.17 spoofing
9158| [70659] Apache Subversion up to 1.6.17 spoofing
9159| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9160| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9161| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9162| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9163| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9164| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9165| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9166| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9167| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9168| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9169| [69846] Apache HBase up to 0.94.8 information disclosure
9170| [69783] Apache CouchDB up to 1.2.0 memory corruption
9171| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9172| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9173| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9174| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9175| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9176| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9177| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9178| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9179| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9180| [69431] Apache Archiva up to 1.3.6 cross site scripting
9181| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9182| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9183| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9184| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9185| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9186| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9187| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9188| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9189| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9190| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9191| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9192| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9193| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9194| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9195| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9196| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9197| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9198| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9199| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9200| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9201| [66356] Apache Wicket up to 6.8.0 information disclosure
9202| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9203| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9204| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9205| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9206| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9207| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9208| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9209| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9210| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9211| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9212| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9213| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9214| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9215| [65668] Apache Solr 4.0.0 Updater denial of service
9216| [65665] Apache Solr up to 4.3.0 denial of service
9217| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9218| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9219| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9220| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9221| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9222| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9223| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9224| [65410] Apache Struts 2.3.15.3 cross site scripting
9225| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9226| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9227| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9228| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9229| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9230| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9231| [65340] Apache Shindig 2.5.0 information disclosure
9232| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9233| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9234| [10826] Apache Struts 2 File privilege escalation
9235| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9236| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9237| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9238| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9239| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9240| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9241| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9242| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9243| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9244| [64722] Apache XML Security for C++ Heap-based memory corruption
9245| [64719] Apache XML Security for C++ Heap-based memory corruption
9246| [64718] Apache XML Security for C++ verify denial of service
9247| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9248| [64716] Apache XML Security for C++ spoofing
9249| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9250| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9251| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9252| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9253| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9254| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9255| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9256| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9257| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9258| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9259| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9260| [64467] Apache Geronimo 3.0 memory corruption
9261| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9262| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9263| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9264| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9265| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9266| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9267| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9268| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9269| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9270| [8873] Apache Struts 2.3.14 privilege escalation
9271| [8872] Apache Struts 2.3.14 privilege escalation
9272| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9273| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9274| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9275| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9276| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9277| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9278| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9279| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9280| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9281| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9282| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9283| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9284| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9285| [8427] Apache Tomcat Session Transaction weak authentication
9286| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9287| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9288| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9289| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9290| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9291| [63747] Apache Rave up to 0.20 User Account information disclosure
9292| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9293| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9294| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9295| [7687] Apache CXF up to 2.7.2 Token weak authentication
9296| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9297| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9298| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9299| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9300| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9301| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9302| [63090] Apache Tomcat up to 4.1.24 denial of service
9303| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9304| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9305| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9306| [62833] Apache CXF -/2.6.0 spoofing
9307| [62832] Apache Axis2 up to 1.6.2 spoofing
9308| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9309| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9310| [62826] Apache Libcloud up to 0.11.0 spoofing
9311| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9312| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9313| [62661] Apache Axis2 unknown vulnerability
9314| [62658] Apache Axis2 unknown vulnerability
9315| [62467] Apache Qpid up to 0.17 denial of service
9316| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9317| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9318| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9319| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9320| [62035] Apache Struts up to 2.3.4 denial of service
9321| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
9322| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9323| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9324| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9325| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9326| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9327| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9328| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9329| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9330| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9331| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9332| [61229] Apache Sling up to 2.1.1 denial of service
9333| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9334| [61094] Apache Roller up to 5.0 cross site scripting
9335| [61093] Apache Roller up to 5.0 cross site request forgery
9336| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9337| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9338| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9339| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9340| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9341| [60708] Apache Qpid 0.12 unknown vulnerability
9342| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9343| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9344| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9345| [4882] Apache Wicket up to 1.5.4 directory traversal
9346| [4881] Apache Wicket up to 1.4.19 cross site scripting
9347| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9348| [60352] Apache Struts up to 2.2.3 memory corruption
9349| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9350| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9351| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9352| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9353| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9354| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9355| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9356| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9357| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9358| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9359| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9360| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9361| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9362| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9363| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9364| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9365| [59888] Apache Tomcat up to 6.0.6 denial of service
9366| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9367| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9368| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9369| [59850] Apache Geronimo up to 2.2.1 denial of service
9370| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9371| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9372| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9373| [58413] Apache Tomcat up to 6.0.10 spoofing
9374| [58381] Apache Wicket up to 1.4.17 cross site scripting
9375| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9376| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9377| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9378| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9379| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9380| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9381| [57568] Apache Archiva up to 1.3.4 cross site scripting
9382| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9383| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9384| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9385| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9386| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9387| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9388| [57025] Apache Tomcat up to 7.0.11 information disclosure
9389| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9390| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9391| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9392| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9393| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9394| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9395| [56512] Apache Continuum up to 1.4.0 cross site scripting
9396| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9397| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9398| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9399| [56441] Apache Tomcat up to 7.0.6 denial of service
9400| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9401| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9402| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9403| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9404| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9405| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9406| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9407| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9408| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9409| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9410| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9411| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9412| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9413| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9414| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9415| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9416| [54012] Apache Tomcat up to 6.0.10 denial of service
9417| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9418| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9419| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9420| [52894] Apache Tomcat up to 6.0.7 information disclosure
9421| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9422| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9423| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9424| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9425| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9426| [52584] Apache CouchDB up to 0.10.1 information disclosure
9427| [51757] Apache HTTP Server 2.0.44 cross site scripting
9428| [51756] Apache HTTP Server 2.0.44 spoofing
9429| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9430| [51690] Apache Tomcat up to 6.0 directory traversal
9431| [51689] Apache Tomcat up to 6.0 information disclosure
9432| [51688] Apache Tomcat up to 6.0 directory traversal
9433| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9434| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9435| [50626] Apache Solr 1.0.0 cross site scripting
9436| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9437| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9438| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9439| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9440| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9441| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9442| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9443| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9444| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9445| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9446| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9447| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9448| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9449| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9450| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9451| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9452| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9453| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9454| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9455| [47214] Apachefriends xampp 1.6.8 spoofing
9456| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9457| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9458| [47065] Apache Tomcat 4.1.23 cross site scripting
9459| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9460| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9461| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9462| [86625] Apache Struts directory traversal
9463| [44461] Apache Tomcat up to 5.5.0 information disclosure
9464| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9465| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9466| [43663] Apache Tomcat up to 6.0.16 directory traversal
9467| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9468| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9469| [43516] Apache Tomcat up to 4.1.20 directory traversal
9470| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9471| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9472| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9473| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9474| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9475| [40924] Apache Tomcat up to 6.0.15 information disclosure
9476| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9477| [40922] Apache Tomcat up to 6.0 information disclosure
9478| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9479| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9480| [40656] Apache Tomcat 5.5.20 information disclosure
9481| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9482| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9483| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9484| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9485| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9486| [40234] Apache Tomcat up to 6.0.15 directory traversal
9487| [40221] Apache HTTP Server 2.2.6 information disclosure
9488| [40027] David Castro Apache Authcas 0.4 sql injection
9489| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9490| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9491| [3414] Apache Tomcat WebDAV Stored privilege escalation
9492| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9493| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9494| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9495| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9496| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9497| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9498| [38524] Apache Geronimo 2.0 unknown vulnerability
9499| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9500| [38331] Apache Tomcat 4.1.24 information disclosure
9501| [38330] Apache Tomcat 4.1.24 information disclosure
9502| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9503| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9504| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9505| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9506| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9507| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9508| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9509| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9510| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9511| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9512| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9513| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9514| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9515| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9516| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9517| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9518| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9519| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9520| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9521| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9522| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9523| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9524| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9525| [34252] Apache HTTP Server denial of service
9526| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9527| [33877] Apache Opentaps 0.9.3 cross site scripting
9528| [33876] Apache Open For Business Project unknown vulnerability
9529| [33875] Apache Open For Business Project cross site scripting
9530| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9531| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9532|
9533| MITRE CVE - https://cve.mitre.org:
9534| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9535| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9536| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9537| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9538| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9539| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9540| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9541| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9542| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9543| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9544| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9545| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9546| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9547| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9548| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9549| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9550| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9551| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9552| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9553| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9554| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9555| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9556| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9557| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9558| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9559| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9560| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9561| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9562| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9563| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9564| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9565| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9566| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9567| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9568| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9569| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9570| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9571| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9572| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9573| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9574| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9575| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9576| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9577| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9578| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9579| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9580| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9581| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9582| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9583| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9584| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9585| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9586| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9587| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9588| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9589| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9590| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9591| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9592| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9593| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9594| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9595| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9596| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9597| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9598| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9599| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9600| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9601| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9602| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9603| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9604| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9605| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9606| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9607| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9608| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9609| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9610| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9611| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9612| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9613| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9614| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9615| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9616| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9617| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9618| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9619| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9620| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9621| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9622| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9623| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9624| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9625| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9626| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9627| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9628| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9629| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9630| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9631| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9632| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9633| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9634| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9635| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9636| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9637| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9638| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9639| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9640| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9641| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9642| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9643| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9644| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9645| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9646| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9647| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9648| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9649| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9650| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9651| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9652| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9653| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9654| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9655| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9656| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9657| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9658| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9659| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9660| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9661| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9662| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9663| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9664| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9665| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9666| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9667| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9668| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9669| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9670| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9671| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9672| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9673| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9674| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9675| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9676| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9677| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9678| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9679| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9680| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9681| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9682| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9683| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9684| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9685| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9686| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9687| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9688| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9689| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9690| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9691| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9692| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9693| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9694| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9695| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9696| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9697| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9698| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9699| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9700| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9701| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9702| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9703| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9704| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9705| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9706| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9707| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9708| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9709| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9710| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9711| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9712| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9713| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9714| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9715| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9716| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9717| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9718| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9719| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9720| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9721| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9722| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9723| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9724| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9725| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9726| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9727| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9728| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9729| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9730| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9731| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9732| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9733| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9734| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9735| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9736| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9737| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9738| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9739| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9740| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9741| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9742| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9743| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9744| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9745| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9746| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9747| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9748| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9749| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9750| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9751| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9752| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9753| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9754| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9755| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9756| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9757| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9758| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9759| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9760| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9761| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9762| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9763| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9764| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9765| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9766| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9767| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9768| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9769| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9770| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9771| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9772| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9773| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9774| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9775| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9776| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9777| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9778| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9779| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9780| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9781| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9782| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9783| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9784| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9785| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9786| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9787| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9788| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9789| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9790| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9791| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9792| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9793| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9794| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9795| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9796| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9797| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9798| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9799| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9800| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9801| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9802| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9803| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9804| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9805| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9806| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9807| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9808| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9809| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9810| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9811| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9812| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9813| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9814| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9815| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9816| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9817| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9818| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9819| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9820| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9821| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9822| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9823| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9824| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9825| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9826| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9827| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9828| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9829| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9830| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9831| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9832| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9833| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9834| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9835| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9836| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9837| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9838| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9839| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9840| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9841| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9842| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9843| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9844| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9845| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9846| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9847| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9848| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9849| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9850| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9851| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9852| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9853| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9854| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9855| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9856| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9857| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9858| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9859| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9860| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9861| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9862| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9863| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9864| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9865| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9866| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9867| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9868| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9869| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9870| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9871| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9872| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9873| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9874| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9875| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9876| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9877| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9878| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9879| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9880| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9881| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9882| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9883| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9884| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9885| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9886| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9887| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9888| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9889| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9890| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9891| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9892| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9893| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9894| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9895| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9896| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9897| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9898| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9899| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9900| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9901| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9902| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9903| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9904| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9905| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9906| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9907| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9908| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9909| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9910| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9911| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9912| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9913| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9914| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9915| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9916| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9917| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9918| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9919| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9920| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9921| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9922| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9923| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9924| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9925| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9926| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9927| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9928| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9929| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9930| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9931| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9932| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9933| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9934| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9935| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9936| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9937| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9938| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9939| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9940| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9941| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9942| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9943| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9944| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9945| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9946| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9947| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9948| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9949| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9950| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9951| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9952| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9953| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9954| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9955| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9956| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9957| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9958| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9959| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9960| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9961| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9962| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9963| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9964| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9965| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9966| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9967| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9968| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9969| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9970| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9971| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9972| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9973| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9974| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9975| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9976| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9977| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9978| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9979| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9980| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9981| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9982| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9983| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9984| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9985| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9986| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9987| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9988| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9989| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9990| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9991| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9992| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9993| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9994| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9995| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9996| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9997| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9998| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9999| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10000| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10001| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10002| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10003| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10004| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10005| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10006| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10007| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10008| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10009| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10010| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10011| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10012| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10013| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10014| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10015| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10016| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10017| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10018| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10019| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10020| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10021| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10022| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10023| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10024| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10025| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10026| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10027| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10028| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10029| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10030| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10031| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10032| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10033| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10034| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10035| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10036| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10037| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10038| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10039| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10040| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10041| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10042| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10043| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10044| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10045| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10046| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10047| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10048| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10049| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10050| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10051| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10052| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10053| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10054| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10055| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10056| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10057| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10058| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10059| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10060| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10061| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10062| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10063| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10064| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10065| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10066| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10067| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10068| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10069| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10070| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10071| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10072| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10073| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10074| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10075| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10076| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10077| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10078| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10079| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10080| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10081| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10082| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10083| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10084| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10085| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10086| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10087| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10088| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10089| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10090| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10091| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10092| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10093| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10094| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10095| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10096| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10097| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10098| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10099| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10100| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10101| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10102| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10103| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10104| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10105| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10106| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10107| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10108| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10109| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10110| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10111| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10112| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10113| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10114| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10115| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10116| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10117| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10118| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10119| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10120| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10121| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10122| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10123| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10124| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10125| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10126| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10127| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10128| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10129| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10130| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10131| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10132| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10133| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10134| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10135| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10136| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10137| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10138| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10139| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10140| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10141| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10142| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10143|
10144| SecurityFocus - https://www.securityfocus.com/bid/:
10145| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10146| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10147| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10148| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10149| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10150| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10151| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10152| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10153| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10154| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10155| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10156| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10157| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10158| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10159| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10160| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10161| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10162| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10163| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10164| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10165| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10166| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10167| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10168| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10169| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10170| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10171| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10172| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10173| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10174| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10175| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10176| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10177| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10178| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10179| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10180| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10181| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10182| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10183| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10184| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10185| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10186| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10187| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10188| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10189| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10190| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10191| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10192| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10193| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10194| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10195| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10196| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10197| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10198| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10199| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10200| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10201| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10202| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10203| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10204| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10205| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10206| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10207| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10208| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10209| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10210| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10211| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10212| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10213| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10214| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10215| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10216| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10217| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10218| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10219| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10220| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10221| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10222| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10223| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10224| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10225| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10226| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10227| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10228| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10229| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10230| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10231| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10232| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10233| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10234| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10235| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10236| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10237| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10238| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10239| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10240| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10241| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10242| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10243| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10244| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10245| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10246| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10247| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10248| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10249| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10250| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10251| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10252| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10253| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10254| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10255| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10256| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10257| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10258| [100447] Apache2Triad Multiple Security Vulnerabilities
10259| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10260| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10261| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10262| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10263| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10264| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10265| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10266| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10267| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10268| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10269| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10270| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10271| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10272| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10273| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10274| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10275| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10276| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10277| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10278| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10279| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10280| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10281| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10282| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10283| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10284| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10285| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10286| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10287| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10288| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10289| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10290| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10291| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10292| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10293| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10294| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10295| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10296| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10297| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10298| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10299| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10300| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10301| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10302| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10303| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10304| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10305| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10306| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10307| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10308| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10309| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10310| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10311| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10312| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10313| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10314| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10315| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10316| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10317| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10318| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10319| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10320| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10321| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10322| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10323| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10324| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10325| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10326| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10327| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10328| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10329| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10330| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10331| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10332| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10333| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10334| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10335| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10336| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10337| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10338| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10339| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10340| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10341| [95675] Apache Struts Remote Code Execution Vulnerability
10342| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10343| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10344| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10345| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10346| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10347| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10348| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10349| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10350| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10351| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10352| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10353| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10354| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10355| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10356| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10357| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10358| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10359| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10360| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10361| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10362| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10363| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10364| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10365| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10366| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10367| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10368| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10369| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10370| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10371| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10372| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10373| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10374| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10375| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10376| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10377| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10378| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10379| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10380| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10381| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10382| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10383| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10384| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10385| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10386| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10387| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10388| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10389| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10390| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10391| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10392| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10393| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10394| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10395| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10396| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10397| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10398| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10399| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10400| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10401| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10402| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10403| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10404| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10405| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10406| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10407| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10408| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10409| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10410| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10411| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10412| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10413| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10414| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10415| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10416| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10417| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10418| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10419| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10420| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10421| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10422| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10423| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10424| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10425| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10426| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10427| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10428| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10429| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10430| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10431| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10432| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10433| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10434| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10435| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10436| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10437| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10438| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10439| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10440| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10441| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10442| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10443| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10444| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10445| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10446| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10447| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10448| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10449| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10450| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10451| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10452| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10453| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10454| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10455| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10456| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10457| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10458| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10459| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10460| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10461| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10462| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10463| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10464| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10465| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10466| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10467| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10468| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10469| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10470| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10471| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10472| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10473| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10474| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10475| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10476| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10477| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10478| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10479| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10480| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10481| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10482| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10483| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10484| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10485| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10486| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10487| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10488| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10489| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10490| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10491| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10492| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10493| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10494| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10495| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10496| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10497| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10498| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10499| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10500| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10501| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10502| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10503| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10504| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10505| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10506| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10507| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10508| [76933] Apache James Server Unspecified Command Execution Vulnerability
10509| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10510| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10511| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10512| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10513| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10514| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10515| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10516| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10517| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10518| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10519| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10520| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10521| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10522| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10523| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10524| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10525| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10526| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10527| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10528| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10529| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10530| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10531| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10532| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10533| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10534| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10535| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10536| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10537| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10538| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10539| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10540| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10541| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10542| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10543| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10544| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10545| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10546| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10547| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10548| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10549| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10550| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10551| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10552| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10553| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10554| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10555| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10556| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10557| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10558| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10559| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10560| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10561| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10562| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10563| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10564| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10565| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10566| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10567| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10568| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10569| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10570| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10571| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10572| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10573| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10574| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10575| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10576| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10577| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10578| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10579| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10580| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10581| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10582| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10583| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10584| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10585| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10586| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10587| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10588| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10589| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10590| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10591| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10592| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10593| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10594| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10595| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10596| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10597| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10598| [68229] Apache Harmony PRNG Entropy Weakness
10599| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10600| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10601| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10602| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10603| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10604| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10605| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10606| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10607| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10608| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10609| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10610| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10611| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10612| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10613| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10614| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10615| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10616| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10617| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10618| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10619| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10620| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10621| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10622| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10623| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10624| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10625| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10626| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10627| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10628| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10629| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10630| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10631| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10632| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10633| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10634| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10635| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10636| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10637| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10638| [64780] Apache CloudStack Unauthorized Access Vulnerability
10639| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10640| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10641| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10642| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10643| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10644| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10645| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10646| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10647| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10648| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10649| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10650| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10651| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10652| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10653| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10654| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10655| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10656| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10657| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10658| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10659| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10660| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10661| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10662| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10663| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10664| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10665| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10666| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10667| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10668| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10669| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10670| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10671| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10672| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10673| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10674| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10675| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10676| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10677| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10678| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10679| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10680| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10681| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10682| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10683| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10684| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10685| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10686| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10687| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10688| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10689| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10690| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10691| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10692| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10693| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10694| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10695| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10696| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10697| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10698| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10699| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10700| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10701| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10702| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10703| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10704| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10705| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10706| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10707| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10708| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10709| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10710| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10711| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10712| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10713| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10714| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10715| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10716| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10717| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10718| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10719| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10720| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10721| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10722| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10723| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10724| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10725| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10726| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10727| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10728| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10729| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10730| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10731| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10732| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10733| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10734| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10735| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10736| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10737| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10738| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10739| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10740| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10741| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10742| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10743| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10744| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10745| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10746| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10747| [54798] Apache Libcloud Man In The Middle Vulnerability
10748| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10749| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10750| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10751| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10752| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10753| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10754| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10755| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10756| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10757| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10758| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10759| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10760| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10761| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10762| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10763| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10764| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10765| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10766| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10767| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10768| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10769| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10770| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10771| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10772| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10773| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10774| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10775| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10776| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10777| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10778| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10779| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10780| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10781| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10782| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10783| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10784| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10785| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10786| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10787| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10788| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10789| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10790| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10791| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10792| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10793| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10794| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10795| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10796| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10797| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10798| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10799| [49290] Apache Wicket Cross Site Scripting Vulnerability
10800| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10801| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10802| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10803| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10804| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10805| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10806| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10807| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10808| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10809| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10810| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10811| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10812| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10813| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10814| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10815| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10816| [46953] Apache MPM-ITK Module Security Weakness
10817| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10818| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10819| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10820| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10821| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10822| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10823| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10824| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10825| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10826| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10827| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10828| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10829| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10830| [44616] Apache Shiro Directory Traversal Vulnerability
10831| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10832| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10833| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10834| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10835| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10836| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10837| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10838| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10839| [42492] Apache CXF XML DTD Processing Security Vulnerability
10840| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10841| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10842| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10843| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10844| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10845| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10846| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10847| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10848| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10849| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10850| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10851| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10852| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10853| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10854| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10855| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10856| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10857| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10858| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10859| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10860| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10861| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10862| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10863| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10864| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10865| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10866| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10867| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10868| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10869| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10870| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10871| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10872| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10873| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10874| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10875| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10876| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10877| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10878| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10879| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10880| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10881| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10882| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10883| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10884| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10885| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10886| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10887| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10888| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10889| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10890| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10891| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10892| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10893| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10894| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10895| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10896| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10897| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10898| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10899| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10900| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10901| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10902| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10903| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10904| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10905| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10906| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10907| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10908| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10909| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10910| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10911| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10912| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10913| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10914| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10915| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10916| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10917| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10918| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10919| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10920| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10921| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10922| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10923| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10924| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10925| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10926| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10927| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10928| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10929| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10930| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10931| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10932| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10933| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10934| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10935| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10936| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10937| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10938| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10939| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10940| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10941| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10942| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10943| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10944| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10945| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10946| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10947| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10948| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10949| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10950| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10951| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10952| [20527] Apache Mod_TCL Remote Format String Vulnerability
10953| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10954| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10955| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10956| [19106] Apache Tomcat Information Disclosure Vulnerability
10957| [18138] Apache James SMTP Denial Of Service Vulnerability
10958| [17342] Apache Struts Multiple Remote Vulnerabilities
10959| [17095] Apache Log4Net Denial Of Service Vulnerability
10960| [16916] Apache mod_python FileSession Code Execution Vulnerability
10961| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10962| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10963| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10964| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10965| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10966| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10967| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10968| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10969| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10970| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10971| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10972| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10973| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10974| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10975| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10976| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10977| [14106] Apache HTTP Request Smuggling Vulnerability
10978| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10979| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10980| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10981| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10982| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10983| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10984| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10985| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10986| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10987| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10988| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10989| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10990| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10991| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10992| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10993| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10994| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10995| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10996| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10997| [11094] Apache mod_ssl Denial Of Service Vulnerability
10998| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10999| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11000| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11001| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11002| [10478] ClueCentral Apache Suexec Patch Security Weakness
11003| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11004| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11005| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11006| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11007| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11008| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11009| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11010| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11011| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11012| [9733] Apache Cygwin Directory Traversal Vulnerability
11013| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11014| [9590] Apache-SSL Client Certificate Forging Vulnerability
11015| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11016| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11017| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11018| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11019| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11020| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11021| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11022| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11023| [8898] Red Hat Apache Directory Index Default Configuration Error
11024| [8883] Apache Cocoon Directory Traversal Vulnerability
11025| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11026| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11027| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11028| [8707] Apache htpasswd Password Entropy Weakness
11029| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11030| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11031| [8226] Apache HTTP Server Multiple Vulnerabilities
11032| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11033| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11034| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11035| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11036| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11037| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11038| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11039| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11040| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11041| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11042| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11043| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11044| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11045| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11046| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11047| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11048| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11049| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11050| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11051| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11052| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11053| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11054| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11055| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11056| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11057| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11058| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11059| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11060| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11061| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11062| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11063| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11064| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11065| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11066| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11067| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11068| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11069| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11070| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11071| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11072| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11073| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11074| [5485] Apache 2.0 Path Disclosure Vulnerability
11075| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11076| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11077| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11078| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11079| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11080| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11081| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11082| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11083| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11084| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11085| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11086| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11087| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11088| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11089| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11090| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11091| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11092| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11093| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11094| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11095| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11096| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11097| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11098| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11099| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11100| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11101| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11102| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11103| [3596] Apache Split-Logfile File Append Vulnerability
11104| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11105| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11106| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11107| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11108| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11109| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11110| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11111| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11112| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11113| [3169] Apache Server Address Disclosure Vulnerability
11114| [3009] Apache Possible Directory Index Disclosure Vulnerability
11115| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11116| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11117| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11118| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11119| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11120| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11121| [2216] Apache Web Server DoS Vulnerability
11122| [2182] Apache /tmp File Race Vulnerability
11123| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11124| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11125| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11126| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11127| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11128| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11129| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11130| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11131| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11132| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11133| [1457] Apache::ASP source.asp Example Script Vulnerability
11134| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11135| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11136|
11137| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11138| [86258] Apache CloudStack text fields cross-site scripting
11139| [85983] Apache Subversion mod_dav_svn module denial of service
11140| [85875] Apache OFBiz UEL code execution
11141| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11142| [85871] Apache HTTP Server mod_session_dbd unspecified
11143| [85756] Apache Struts OGNL expression command execution
11144| [85755] Apache Struts DefaultActionMapper class open redirect
11145| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11146| [85574] Apache HTTP Server mod_dav denial of service
11147| [85573] Apache Struts Showcase App OGNL code execution
11148| [85496] Apache CXF denial of service
11149| [85423] Apache Geronimo RMI classloader code execution
11150| [85326] Apache Santuario XML Security for C++ buffer overflow
11151| [85323] Apache Santuario XML Security for Java spoofing
11152| [85319] Apache Qpid Python client SSL spoofing
11153| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11154| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11155| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11156| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11157| [84952] Apache Tomcat CVE-2012-3544 denial of service
11158| [84763] Apache Struts CVE-2013-2135 security bypass
11159| [84762] Apache Struts CVE-2013-2134 security bypass
11160| [84719] Apache Subversion CVE-2013-2088 command execution
11161| [84718] Apache Subversion CVE-2013-2112 denial of service
11162| [84717] Apache Subversion CVE-2013-1968 denial of service
11163| [84577] Apache Tomcat security bypass
11164| [84576] Apache Tomcat symlink
11165| [84543] Apache Struts CVE-2013-2115 security bypass
11166| [84542] Apache Struts CVE-2013-1966 security bypass
11167| [84154] Apache Tomcat session hijacking
11168| [84144] Apache Tomcat denial of service
11169| [84143] Apache Tomcat information disclosure
11170| [84111] Apache HTTP Server command execution
11171| [84043] Apache Virtual Computing Lab cross-site scripting
11172| [84042] Apache Virtual Computing Lab cross-site scripting
11173| [83782] Apache CloudStack information disclosure
11174| [83781] Apache CloudStack security bypass
11175| [83720] Apache ActiveMQ cross-site scripting
11176| [83719] Apache ActiveMQ denial of service
11177| [83718] Apache ActiveMQ denial of service
11178| [83263] Apache Subversion denial of service
11179| [83262] Apache Subversion denial of service
11180| [83261] Apache Subversion denial of service
11181| [83259] Apache Subversion denial of service
11182| [83035] Apache mod_ruid2 security bypass
11183| [82852] Apache Qpid federation_tag security bypass
11184| [82851] Apache Qpid qpid::framing::Buffer denial of service
11185| [82758] Apache Rave User RPC API information disclosure
11186| [82663] Apache Subversion svn_fs_file_length() denial of service
11187| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11188| [82641] Apache Qpid AMQP denial of service
11189| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11190| [82618] Apache Commons FileUpload symlink
11191| [82360] Apache HTTP Server manager interface cross-site scripting
11192| [82359] Apache HTTP Server hostnames cross-site scripting
11193| [82338] Apache Tomcat log/logdir information disclosure
11194| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11195| [82268] Apache OpenJPA deserialization command execution
11196| [81981] Apache CXF UsernameTokens security bypass
11197| [81980] Apache CXF WS-Security security bypass
11198| [81398] Apache OFBiz cross-site scripting
11199| [81240] Apache CouchDB directory traversal
11200| [81226] Apache CouchDB JSONP code execution
11201| [81225] Apache CouchDB Futon user interface cross-site scripting
11202| [81211] Apache Axis2/C SSL spoofing
11203| [81167] Apache CloudStack DeployVM information disclosure
11204| [81166] Apache CloudStack AddHost API information disclosure
11205| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11206| [80518] Apache Tomcat cross-site request forgery security bypass
11207| [80517] Apache Tomcat FormAuthenticator security bypass
11208| [80516] Apache Tomcat NIO denial of service
11209| [80408] Apache Tomcat replay-countermeasure security bypass
11210| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11211| [80317] Apache Tomcat slowloris denial of service
11212| [79984] Apache Commons HttpClient SSL spoofing
11213| [79983] Apache CXF SSL spoofing
11214| [79830] Apache Axis2/Java SSL spoofing
11215| [79829] Apache Axis SSL spoofing
11216| [79809] Apache Tomcat DIGEST security bypass
11217| [79806] Apache Tomcat parseHeaders() denial of service
11218| [79540] Apache OFBiz unspecified
11219| [79487] Apache Axis2 SAML security bypass
11220| [79212] Apache Cloudstack code execution
11221| [78734] Apache CXF SOAP Action security bypass
11222| [78730] Apache Qpid broker denial of service
11223| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11224| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11225| [78562] Apache mod_pagespeed module security bypass
11226| [78454] Apache Axis2 security bypass
11227| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11228| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11229| [78321] Apache Wicket unspecified cross-site scripting
11230| [78183] Apache Struts parameters denial of service
11231| [78182] Apache Struts cross-site request forgery
11232| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11233| [77987] mod_rpaf module for Apache denial of service
11234| [77958] Apache Struts skill name code execution
11235| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11236| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11237| [77568] Apache Qpid broker security bypass
11238| [77421] Apache Libcloud spoofing
11239| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11240| [77046] Oracle Solaris Apache HTTP Server information disclosure
11241| [76837] Apache Hadoop information disclosure
11242| [76802] Apache Sling CopyFrom denial of service
11243| [76692] Apache Hadoop symlink
11244| [76535] Apache Roller console cross-site request forgery
11245| [76534] Apache Roller weblog cross-site scripting
11246| [76152] Apache CXF elements security bypass
11247| [76151] Apache CXF child policies security bypass
11248| [75983] MapServer for Windows Apache file include
11249| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11250| [75558] Apache POI denial of service
11251| [75545] PHP apache_request_headers() buffer overflow
11252| [75302] Apache Qpid SASL security bypass
11253| [75211] Debian GNU/Linux apache 2 cross-site scripting
11254| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11255| [74871] Apache OFBiz FlexibleStringExpander code execution
11256| [74870] Apache OFBiz multiple cross-site scripting
11257| [74750] Apache Hadoop unspecified spoofing
11258| [74319] Apache Struts XSLTResult.java file upload
11259| [74313] Apache Traffic Server header buffer overflow
11260| [74276] Apache Wicket directory traversal
11261| [74273] Apache Wicket unspecified cross-site scripting
11262| [74181] Apache HTTP Server mod_fcgid module denial of service
11263| [73690] Apache Struts OGNL code execution
11264| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11265| [73100] Apache MyFaces in directory traversal
11266| [73096] Apache APR hash denial of service
11267| [73052] Apache Struts name cross-site scripting
11268| [73030] Apache CXF UsernameToken security bypass
11269| [72888] Apache Struts lastName cross-site scripting
11270| [72758] Apache HTTP Server httpOnly information disclosure
11271| [72757] Apache HTTP Server MPM denial of service
11272| [72585] Apache Struts ParameterInterceptor security bypass
11273| [72438] Apache Tomcat Digest security bypass
11274| [72437] Apache Tomcat Digest security bypass
11275| [72436] Apache Tomcat DIGEST security bypass
11276| [72425] Apache Tomcat parameter denial of service
11277| [72422] Apache Tomcat request object information disclosure
11278| [72377] Apache HTTP Server scoreboard security bypass
11279| [72345] Apache HTTP Server HTTP request denial of service
11280| [72229] Apache Struts ExceptionDelegator command execution
11281| [72089] Apache Struts ParameterInterceptor directory traversal
11282| [72088] Apache Struts CookieInterceptor command execution
11283| [72047] Apache Geronimo hash denial of service
11284| [72016] Apache Tomcat hash denial of service
11285| [71711] Apache Struts OGNL expression code execution
11286| [71654] Apache Struts interfaces security bypass
11287| [71620] Apache ActiveMQ failover denial of service
11288| [71617] Apache HTTP Server mod_proxy module information disclosure
11289| [71508] Apache MyFaces EL security bypass
11290| [71445] Apache HTTP Server mod_proxy security bypass
11291| [71203] Apache Tomcat servlets privilege escalation
11292| [71181] Apache HTTP Server ap_pregsub() denial of service
11293| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11294| [70336] Apache HTTP Server mod_proxy information disclosure
11295| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11296| [69472] Apache Tomcat AJP security bypass
11297| [69396] Apache HTTP Server ByteRange filter denial of service
11298| [69394] Apache Wicket multi window support cross-site scripting
11299| [69176] Apache Tomcat XML information disclosure
11300| [69161] Apache Tomcat jsvc information disclosure
11301| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11302| [68541] Apache Tomcat sendfile information disclosure
11303| [68420] Apache XML Security denial of service
11304| [68238] Apache Tomcat JMX information disclosure
11305| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11306| [67804] Apache Subversion control rules information disclosure
11307| [67803] Apache Subversion control rules denial of service
11308| [67802] Apache Subversion baselined denial of service
11309| [67672] Apache Archiva multiple cross-site scripting
11310| [67671] Apache Archiva multiple cross-site request forgery
11311| [67564] Apache APR apr_fnmatch() denial of service
11312| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11313| [67515] Apache Tomcat annotations security bypass
11314| [67480] Apache Struts s:submit information disclosure
11315| [67414] Apache APR apr_fnmatch() denial of service
11316| [67356] Apache Struts javatemplates cross-site scripting
11317| [67354] Apache Struts Xwork cross-site scripting
11318| [66676] Apache Tomcat HTTP BIO information disclosure
11319| [66675] Apache Tomcat web.xml security bypass
11320| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11321| [66241] Apache HttpComponents information disclosure
11322| [66154] Apache Tomcat ServletSecurity security bypass
11323| [65971] Apache Tomcat ServletSecurity security bypass
11324| [65876] Apache Subversion mod_dav_svn denial of service
11325| [65343] Apache Continuum unspecified cross-site scripting
11326| [65162] Apache Tomcat NIO connector denial of service
11327| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11328| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11329| [65159] Apache Tomcat ServletContect security bypass
11330| [65050] Apache CouchDB web-based administration UI cross-site scripting
11331| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11332| [64473] Apache Subversion blame -g denial of service
11333| [64472] Apache Subversion walk() denial of service
11334| [64407] Apache Axis2 CVE-2010-0219 code execution
11335| [63926] Apache Archiva password privilege escalation
11336| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11337| [63493] Apache Archiva credentials cross-site request forgery
11338| [63477] Apache Tomcat HttpOnly session hijacking
11339| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11340| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11341| [62959] Apache Shiro filters security bypass
11342| [62790] Apache Perl cgi module denial of service
11343| [62576] Apache Qpid exchange denial of service
11344| [62575] Apache Qpid AMQP denial of service
11345| [62354] Apache Qpid SSL denial of service
11346| [62235] Apache APR-util apr_brigade_split_line() denial of service
11347| [62181] Apache XML-RPC SAX Parser information disclosure
11348| [61721] Apache Traffic Server cache poisoning
11349| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11350| [61186] Apache CouchDB Futon cross-site request forgery
11351| [61169] Apache CXF DTD denial of service
11352| [61070] Apache Jackrabbit search.jsp SQL injection
11353| [61006] Apache SLMS Quoting cross-site request forgery
11354| [60962] Apache Tomcat time cross-site scripting
11355| [60883] Apache mod_proxy_http information disclosure
11356| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11357| [60264] Apache Tomcat Transfer-Encoding denial of service
11358| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11359| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11360| [59413] Apache mod_proxy_http timeout information disclosure
11361| [59058] Apache MyFaces unencrypted view state cross-site scripting
11362| [58827] Apache Axis2 xsd file include
11363| [58790] Apache Axis2 modules cross-site scripting
11364| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11365| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11366| [58056] Apache ActiveMQ .jsp source code disclosure
11367| [58055] Apache Tomcat realm name information disclosure
11368| [58046] Apache HTTP Server mod_auth_shadow security bypass
11369| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11370| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11371| [57429] Apache CouchDB algorithms information disclosure
11372| [57398] Apache ActiveMQ Web console cross-site request forgery
11373| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11374| [56653] Apache HTTP Server DNS spoofing
11375| [56652] Apache HTTP Server DNS cross-site scripting
11376| [56625] Apache HTTP Server request header information disclosure
11377| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11378| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11379| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11380| [55857] Apache Tomcat WAR files directory traversal
11381| [55856] Apache Tomcat autoDeploy attribute security bypass
11382| [55855] Apache Tomcat WAR directory traversal
11383| [55210] Intuit component for Joomla! Apache information disclosure
11384| [54533] Apache Tomcat 404 error page cross-site scripting
11385| [54182] Apache Tomcat admin default password
11386| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11387| [53666] Apache HTTP Server Solaris pollset support denial of service
11388| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11389| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11390| [53041] mod_proxy_ftp module for Apache denial of service
11391| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11392| [51953] Apache Tomcat Path Disclosure
11393| [51952] Apache Tomcat Path Traversal
11394| [51951] Apache stronghold-status Information Disclosure
11395| [51950] Apache stronghold-info Information Disclosure
11396| [51949] Apache PHP Source Code Disclosure
11397| [51948] Apache Multiviews Attack
11398| [51946] Apache JServ Environment Status Information Disclosure
11399| [51945] Apache error_log Information Disclosure
11400| [51944] Apache Default Installation Page Pattern Found
11401| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11402| [51942] Apache AXIS XML External Entity File Retrieval
11403| [51941] Apache AXIS Sample Servlet Information Leak
11404| [51940] Apache access_log Information Disclosure
11405| [51626] Apache mod_deflate denial of service
11406| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11407| [51365] Apache Tomcat RequestDispatcher security bypass
11408| [51273] Apache HTTP Server Incomplete Request denial of service
11409| [51195] Apache Tomcat XML information disclosure
11410| [50994] Apache APR-util xml/apr_xml.c denial of service
11411| [50993] Apache APR-util apr_brigade_vprintf denial of service
11412| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11413| [50930] Apache Tomcat j_security_check information disclosure
11414| [50928] Apache Tomcat AJP denial of service
11415| [50884] Apache HTTP Server XML ENTITY denial of service
11416| [50808] Apache HTTP Server AllowOverride privilege escalation
11417| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11418| [50059] Apache mod_proxy_ajp information disclosure
11419| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11420| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11421| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11422| [49921] Apache ActiveMQ Web interface cross-site scripting
11423| [49898] Apache Geronimo Services/Repository directory traversal
11424| [49725] Apache Tomcat mod_jk module information disclosure
11425| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11426| [49712] Apache Struts unspecified cross-site scripting
11427| [49213] Apache Tomcat cal2.jsp cross-site scripting
11428| [48934] Apache Tomcat POST doRead method information disclosure
11429| [48211] Apache Tomcat header HTTP request smuggling
11430| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11431| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11432| [47709] Apache Roller "
11433| [47104] Novell Netware ApacheAdmin console security bypass
11434| [47086] Apache HTTP Server OS fingerprinting unspecified
11435| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11436| [45791] Apache Tomcat RemoteFilterValve security bypass
11437| [44435] Oracle WebLogic Apache Connector buffer overflow
11438| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11439| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11440| [44156] Apache Tomcat RequestDispatcher directory traversal
11441| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11442| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11443| [42987] Apache HTTP Server mod_proxy module denial of service
11444| [42915] Apache Tomcat JSP files path disclosure
11445| [42914] Apache Tomcat MS-DOS path disclosure
11446| [42892] Apache Tomcat unspecified unauthorized access
11447| [42816] Apache Tomcat Host Manager cross-site scripting
11448| [42303] Apache 403 error cross-site scripting
11449| [41618] Apache-SSL ExpandCert() authentication bypass
11450| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11451| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11452| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11453| [40562] Apache Geronimo init information disclosure
11454| [40478] Novell Web Manager webadmin-apache.conf security bypass
11455| [40411] Apache Tomcat exception handling information disclosure
11456| [40409] Apache Tomcat native (APR based) connector weak security
11457| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11458| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11459| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11460| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11461| [39804] Apache Tomcat SingleSignOn information disclosure
11462| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11463| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11464| [39608] Apache HTTP Server balancer manager cross-site request forgery
11465| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11466| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11467| [39472] Apache HTTP Server mod_status cross-site scripting
11468| [39201] Apache Tomcat JULI logging weak security
11469| [39158] Apache HTTP Server Windows SMB shares information disclosure
11470| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11471| [38951] Apache::AuthCAS Perl module cookie SQL injection
11472| [38800] Apache HTTP Server 413 error page cross-site scripting
11473| [38211] Apache Geronimo SQLLoginModule authentication bypass
11474| [37243] Apache Tomcat WebDAV directory traversal
11475| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11476| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11477| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11478| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11479| [36782] Apache Geronimo MEJB unauthorized access
11480| [36586] Apache HTTP Server UTF-7 cross-site scripting
11481| [36468] Apache Geronimo LoginModule security bypass
11482| [36467] Apache Tomcat functions.jsp cross-site scripting
11483| [36402] Apache Tomcat calendar cross-site request forgery
11484| [36354] Apache HTTP Server mod_proxy module denial of service
11485| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11486| [36336] Apache Derby lock table privilege escalation
11487| [36335] Apache Derby schema privilege escalation
11488| [36006] Apache Tomcat "
11489| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11490| [35999] Apache Tomcat \"
11491| [35795] Apache Tomcat CookieExample cross-site scripting
11492| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11493| [35384] Apache HTTP Server mod_cache module denial of service
11494| [35097] Apache HTTP Server mod_status module cross-site scripting
11495| [35095] Apache HTTP Server Prefork MPM module denial of service
11496| [34984] Apache HTTP Server recall_headers information disclosure
11497| [34966] Apache HTTP Server MPM content spoofing
11498| [34965] Apache HTTP Server MPM information disclosure
11499| [34963] Apache HTTP Server MPM multiple denial of service
11500| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11501| [34869] Apache Tomcat JSP example Web application cross-site scripting
11502| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11503| [34496] Apache Tomcat JK Connector security bypass
11504| [34377] Apache Tomcat hello.jsp cross-site scripting
11505| [34212] Apache Tomcat SSL configuration security bypass
11506| [34210] Apache Tomcat Accept-Language cross-site scripting
11507| [34209] Apache Tomcat calendar application cross-site scripting
11508| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11509| [34167] Apache Axis WSDL file path disclosure
11510| [34068] Apache Tomcat AJP connector information disclosure
11511| [33584] Apache HTTP Server suEXEC privilege escalation
11512| [32988] Apache Tomcat proxy module directory traversal
11513| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11514| [32708] Debian Apache tty privilege escalation
11515| [32441] ApacheStats extract() PHP call unspecified
11516| [32128] Apache Tomcat default account
11517| [31680] Apache Tomcat RequestParamExample cross-site scripting
11518| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11519| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11520| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11521| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11522| [29550] Apache mod_tcl set_var() format string
11523| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11524| [28357] Apache HTTP Server mod_alias script source information disclosure
11525| [28063] Apache mod_rewrite off-by-one buffer overflow
11526| [27902] Apache Tomcat URL information disclosure
11527| [26786] Apache James SMTP server denial of service
11528| [25680] libapache2 /tmp/svn file upload
11529| [25614] Apache Struts lookupMap cross-site scripting
11530| [25613] Apache Struts ActionForm denial of service
11531| [25612] Apache Struts isCancelled() security bypass
11532| [24965] Apache mod_python FileSession command execution
11533| [24716] Apache James spooler memory leak denial of service
11534| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11535| [24158] Apache Geronimo jsp-examples cross-site scripting
11536| [24030] Apache auth_ldap module multiple format strings
11537| [24008] Apache mod_ssl custom error message denial of service
11538| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11539| [23612] Apache mod_imap referer field cross-site scripting
11540| [23173] Apache Struts error message cross-site scripting
11541| [22942] Apache Tomcat directory listing denial of service
11542| [22858] Apache Multi-Processing Module code allows denial of service
11543| [22602] RHSA-2005:582 updates for Apache httpd not installed
11544| [22520] Apache mod-auth-shadow "
11545| [22466] ApacheTop symlink
11546| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11547| [22006] Apache HTTP Server byte-range filter denial of service
11548| [21567] Apache mod_ssl off-by-one buffer overflow
11549| [21195] Apache HTTP Server header HTTP request smuggling
11550| [20383] Apache HTTP Server htdigest buffer overflow
11551| [19681] Apache Tomcat AJP12 request denial of service
11552| [18993] Apache HTTP server check_forensic symlink attack
11553| [18790] Apache Tomcat Manager cross-site scripting
11554| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11555| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11556| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11557| [17961] Apache Web server ServerTokens has not been set
11558| [17930] Apache HTTP Server HTTP GET request denial of service
11559| [17785] Apache mod_include module buffer overflow
11560| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11561| [17473] Apache HTTP Server Satisfy directive allows access to resources
11562| [17413] Apache htpasswd buffer overflow
11563| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11564| [17382] Apache HTTP Server IPv6 apr_util denial of service
11565| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11566| [17273] Apache HTTP Server speculative mode denial of service
11567| [17200] Apache HTTP Server mod_ssl denial of service
11568| [16890] Apache HTTP Server server-info request has been detected
11569| [16889] Apache HTTP Server server-status request has been detected
11570| [16705] Apache mod_ssl format string attack
11571| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11572| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11573| [16230] Apache HTTP Server PHP denial of service
11574| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11575| [15958] Apache HTTP Server authentication modules memory corruption
11576| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11577| [15540] Apache HTTP Server socket starvation denial of service
11578| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11579| [15422] Apache HTTP Server mod_access information disclosure
11580| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11581| [15293] Apache for Cygwin "
11582| [15065] Apache-SSL has a default password
11583| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11584| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11585| [14751] Apache Mod_python output filter information disclosure
11586| [14125] Apache HTTP Server mod_userdir module information disclosure
11587| [14075] Apache HTTP Server mod_php file descriptor leak
11588| [13703] Apache HTTP Server account
11589| [13689] Apache HTTP Server configuration allows symlinks
11590| [13688] Apache HTTP Server configuration allows SSI
11591| [13687] Apache HTTP Server Server: header value
11592| [13685] Apache HTTP Server ServerTokens value
11593| [13684] Apache HTTP Server ServerSignature value
11594| [13672] Apache HTTP Server config allows directory autoindexing
11595| [13671] Apache HTTP Server default content
11596| [13670] Apache HTTP Server config file directive references outside content root
11597| [13668] Apache HTTP Server httpd not running in chroot environment
11598| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11599| [13664] Apache HTTP Server config file contains ScriptAlias entry
11600| [13663] Apache HTTP Server CGI support modules loaded
11601| [13661] Apache HTTP Server config file contains AddHandler entry
11602| [13660] Apache HTTP Server 500 error page not CGI script
11603| [13659] Apache HTTP Server 413 error page not CGI script
11604| [13658] Apache HTTP Server 403 error page not CGI script
11605| [13657] Apache HTTP Server 401 error page not CGI script
11606| [13552] Apache HTTP Server mod_cgid module information disclosure
11607| [13550] Apache GET request directory traversal
11608| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11609| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11610| [13429] Apache Tomcat non-HTTP request denial of service
11611| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11612| [13295] Apache weak password encryption
11613| [13254] Apache Tomcat .jsp cross-site scripting
11614| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11615| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11616| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11617| [12662] Apache HTTP Server rotatelogs denial of service
11618| [12554] Apache Tomcat stores password in plain text
11619| [12553] Apache HTTP Server redirects and subrequests denial of service
11620| [12552] Apache HTTP Server FTP proxy server denial of service
11621| [12551] Apache HTTP Server prefork MPM denial of service
11622| [12550] Apache HTTP Server weaker than expected encryption
11623| [12549] Apache HTTP Server type-map file denial of service
11624| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11625| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11626| [12091] Apache HTTP Server apr_password_validate denial of service
11627| [12090] Apache HTTP Server apr_psprintf code execution
11628| [11804] Apache HTTP Server mod_access_referer denial of service
11629| [11750] Apache HTTP Server could leak sensitive file descriptors
11630| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11631| [11703] Apache long slash path allows directory listing
11632| [11695] Apache HTTP Server LF (Line Feed) denial of service
11633| [11694] Apache HTTP Server filestat.c denial of service
11634| [11438] Apache HTTP Server MIME message boundaries information disclosure
11635| [11412] Apache HTTP Server error log terminal escape sequence injection
11636| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11637| [11195] Apache Tomcat web.xml could be used to read files
11638| [11194] Apache Tomcat URL appended with a null character could list directories
11639| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11640| [11126] Apache HTTP Server illegal character file disclosure
11641| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11642| [11124] Apache HTTP Server DOS device name denial of service
11643| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11644| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11645| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11646| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11647| [10499] Apache HTTP Server WebDAV HTTP POST view source
11648| [10457] Apache HTTP Server mod_ssl "
11649| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11650| [10414] Apache HTTP Server htdigest multiple buffer overflows
11651| [10413] Apache HTTP Server htdigest temporary file race condition
11652| [10412] Apache HTTP Server htpasswd temporary file race condition
11653| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11654| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11655| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11656| [10280] Apache HTTP Server shared memory scorecard overwrite
11657| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11658| [10241] Apache HTTP Server Host: header cross-site scripting
11659| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11660| [10208] Apache HTTP Server mod_dav denial of service
11661| [10206] HP VVOS Apache mod_ssl denial of service
11662| [10200] Apache HTTP Server stderr denial of service
11663| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11664| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11665| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11666| [10098] Slapper worm targets OpenSSL/Apache systems
11667| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11668| [9875] Apache HTTP Server .var file request could disclose installation path
11669| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11670| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11671| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11672| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11673| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11674| [9396] Apache Tomcat null character to threads denial of service
11675| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11676| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11677| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11678| [8932] Apache Tomcat example class information disclosure
11679| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11680| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11681| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11682| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11683| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11684| [8400] Apache HTTP Server mod_frontpage buffer overflows
11685| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11686| [8308] Apache "
11687| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11688| [8119] Apache and PHP OPTIONS request reveals "
11689| [8054] Apache is running on the system
11690| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11691| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11692| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11693| [7836] Apache HTTP Server log directory denial of service
11694| [7815] Apache for Windows "
11695| [7810] Apache HTTP request could result in unexpected behavior
11696| [7599] Apache Tomcat reveals installation path
11697| [7494] Apache "
11698| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11699| [7363] Apache Web Server hidden HTTP requests
11700| [7249] Apache mod_proxy denial of service
11701| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11702| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11703| [7059] Apache "
11704| [7057] Apache "
11705| [7056] Apache "
11706| [7055] Apache "
11707| [7054] Apache "
11708| [6997] Apache Jakarta Tomcat error message may reveal information
11709| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11710| [6970] Apache crafted HTTP request could reveal the internal IP address
11711| [6921] Apache long slash path allows directory listing
11712| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11713| [6527] Apache Web Server for Windows and OS2 denial of service
11714| [6316] Apache Jakarta Tomcat may reveal JSP source code
11715| [6305] Apache Jakarta Tomcat directory traversal
11716| [5926] Linux Apache symbolic link
11717| [5659] Apache Web server discloses files when used with php script
11718| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11719| [5204] Apache WebDAV directory listings
11720| [5197] Apache Web server reveals CGI script source code
11721| [5160] Apache Jakarta Tomcat default installation
11722| [5099] Trustix Secure Linux installs Apache with world writable access
11723| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11724| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11725| [4931] Apache source.asp example file allows users to write to files
11726| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11727| [4205] Apache Jakarta Tomcat delivers file contents
11728| [2084] Apache on Debian by default serves the /usr/doc directory
11729| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11730| [697] Apache HTTP server beck exploit
11731| [331] Apache cookies buffer overflow
11732|
11733| Exploit-DB - https://www.exploit-db.com:
11734| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11735| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11736| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11737| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11738| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11739| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11740| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11741| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11742| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11743| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11744| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11745| [29859] Apache Roller OGNL Injection
11746| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11747| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11748| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11749| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11750| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11751| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11752| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11753| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11754| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11755| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11756| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11757| [27096] Apache Geronimo 1.0 Error Page XSS
11758| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11759| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11760| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11761| [25986] Plesk Apache Zeroday Remote Exploit
11762| [25980] Apache Struts includeParams Remote Code Execution
11763| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11764| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11765| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11766| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11767| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11768| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11769| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11770| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11771| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11772| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11773| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11774| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11775| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11776| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11777| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11778| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11779| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11780| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11781| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11782| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11783| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11784| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11785| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11786| [21719] Apache 2.0 Path Disclosure Vulnerability
11787| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11788| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11789| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11790| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11791| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11792| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11793| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11794| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11795| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11796| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11797| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11798| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11799| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11800| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11801| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11802| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11803| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11804| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11805| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11806| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11807| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11808| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11809| [20558] Apache 1.2 Web Server DoS Vulnerability
11810| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11811| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11812| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11813| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11814| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11815| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11816| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11817| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11818| [19231] PHP apache_request_headers Function Buffer Overflow
11819| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11820| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11821| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11822| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11823| [18442] Apache httpOnly Cookie Disclosure
11824| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11825| [18221] Apache HTTP Server Denial of Service
11826| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11827| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11828| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11829| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11830| [16782] Apache Win32 Chunked Encoding
11831| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11832| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11833| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11834| [15319] Apache 2.2 (Windows) Local Denial of Service
11835| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11836| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11837| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11838| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11839| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11840| [12330] Apache OFBiz - Multiple XSS
11841| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11842| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11843| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11844| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11845| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11846| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11847| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11848| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11849| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11850| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11851| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11852| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11853| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11854| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11855| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11856| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11857| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11858| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11859| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11860| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11861| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11862| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11863| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11864| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11865| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11866| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11867| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11868| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11869| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11870| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11871| [466] htpasswd Apache 1.3.31 - Local Exploit
11872| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11873| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11874| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11875| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11876| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11877| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11878| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11879| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11880| [9] Apache HTTP Server 2.x Memory Leak Exploit
11881|
11882| OpenVAS (Nessus) - http://www.openvas.org:
11883| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11884| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11885| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11886| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11887| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11888| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11889| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11890| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11891| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11892| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11893| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11894| [900571] Apache APR-Utils Version Detection
11895| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11896| [900496] Apache Tiles Multiple XSS Vulnerability
11897| [900493] Apache Tiles Version Detection
11898| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11899| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11900| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11901| [870175] RedHat Update for apache RHSA-2008:0004-01
11902| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11903| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11904| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11905| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11906| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11907| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11908| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11909| [855821] Solaris Update for Apache 1.3 122912-19
11910| [855812] Solaris Update for Apache 1.3 122911-19
11911| [855737] Solaris Update for Apache 1.3 122911-17
11912| [855731] Solaris Update for Apache 1.3 122912-17
11913| [855695] Solaris Update for Apache 1.3 122911-16
11914| [855645] Solaris Update for Apache 1.3 122912-16
11915| [855587] Solaris Update for kernel update and Apache 108529-29
11916| [855566] Solaris Update for Apache 116973-07
11917| [855531] Solaris Update for Apache 116974-07
11918| [855524] Solaris Update for Apache 2 120544-14
11919| [855494] Solaris Update for Apache 1.3 122911-15
11920| [855478] Solaris Update for Apache Security 114145-11
11921| [855472] Solaris Update for Apache Security 113146-12
11922| [855179] Solaris Update for Apache 1.3 122912-15
11923| [855147] Solaris Update for kernel update and Apache 108528-29
11924| [855077] Solaris Update for Apache 2 120543-14
11925| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11926| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11927| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11928| [841209] Ubuntu Update for apache2 USN-1627-1
11929| [840900] Ubuntu Update for apache2 USN-1368-1
11930| [840798] Ubuntu Update for apache2 USN-1259-1
11931| [840734] Ubuntu Update for apache2 USN-1199-1
11932| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11933| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11934| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11935| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11936| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11937| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11938| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11939| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11940| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11941| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11942| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11943| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11944| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11945| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11946| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11947| [835188] HP-UX Update for Apache HPSBUX02308
11948| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11949| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11950| [835172] HP-UX Update for Apache HPSBUX02365
11951| [835168] HP-UX Update for Apache HPSBUX02313
11952| [835148] HP-UX Update for Apache HPSBUX01064
11953| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11954| [835131] HP-UX Update for Apache HPSBUX00256
11955| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11956| [835104] HP-UX Update for Apache HPSBUX00224
11957| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11958| [835101] HP-UX Update for Apache HPSBUX01232
11959| [835080] HP-UX Update for Apache HPSBUX02273
11960| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11961| [835044] HP-UX Update for Apache HPSBUX01019
11962| [835040] HP-UX Update for Apache PHP HPSBUX00207
11963| [835025] HP-UX Update for Apache HPSBUX00197
11964| [835023] HP-UX Update for Apache HPSBUX01022
11965| [835022] HP-UX Update for Apache HPSBUX02292
11966| [835005] HP-UX Update for Apache HPSBUX02262
11967| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11968| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11969| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11970| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11971| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11972| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11973| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11974| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11975| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11976| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11977| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11978| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11979| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11980| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11981| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11982| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11983| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11984| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11985| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11986| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11987| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11988| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11989| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11990| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11991| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11992| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11993| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11994| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11995| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11996| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11997| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11998| [801942] Apache Archiva Multiple Vulnerabilities
11999| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12000| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12001| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12002| [801284] Apache Derby Information Disclosure Vulnerability
12003| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12004| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12005| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12006| [800680] Apache APR Version Detection
12007| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12008| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12009| [800677] Apache Roller Version Detection
12010| [800279] Apache mod_jk Module Version Detection
12011| [800278] Apache Struts Cross Site Scripting Vulnerability
12012| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12013| [800276] Apache Struts Version Detection
12014| [800271] Apache Struts Directory Traversal Vulnerability
12015| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12016| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12017| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12018| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12019| [103074] Apache Continuum Cross Site Scripting Vulnerability
12020| [103073] Apache Continuum Detection
12021| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12022| [101023] Apache Open For Business Weak Password security check
12023| [101020] Apache Open For Business HTML injection vulnerability
12024| [101019] Apache Open For Business service detection
12025| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12026| [100923] Apache Archiva Detection
12027| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12028| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12029| [100813] Apache Axis2 Detection
12030| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12031| [100795] Apache Derby Detection
12032| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12033| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12034| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12035| [100514] Apache Multiple Security Vulnerabilities
12036| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12037| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12038| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12039| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12040| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12041| [72612] FreeBSD Ports: apache22
12042| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12043| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12044| [71512] FreeBSD Ports: apache
12045| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12046| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12047| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12048| [70737] FreeBSD Ports: apache
12049| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12050| [70600] FreeBSD Ports: apache
12051| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12052| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12053| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12054| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12055| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12056| [67868] FreeBSD Ports: apache
12057| [66816] FreeBSD Ports: apache
12058| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12059| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12060| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12061| [66081] SLES11: Security update for Apache 2
12062| [66074] SLES10: Security update for Apache 2
12063| [66070] SLES9: Security update for Apache 2
12064| [65998] SLES10: Security update for apache2-mod_python
12065| [65893] SLES10: Security update for Apache 2
12066| [65888] SLES10: Security update for Apache 2
12067| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12068| [65510] SLES9: Security update for Apache 2
12069| [65472] SLES9: Security update for Apache
12070| [65467] SLES9: Security update for Apache
12071| [65450] SLES9: Security update for apache2
12072| [65390] SLES9: Security update for Apache2
12073| [65363] SLES9: Security update for Apache2
12074| [65309] SLES9: Security update for Apache and mod_ssl
12075| [65296] SLES9: Security update for webdav apache module
12076| [65283] SLES9: Security update for Apache2
12077| [65249] SLES9: Security update for Apache 2
12078| [65230] SLES9: Security update for Apache 2
12079| [65228] SLES9: Security update for Apache 2
12080| [65212] SLES9: Security update for apache2-mod_python
12081| [65209] SLES9: Security update for apache2-worker
12082| [65207] SLES9: Security update for Apache 2
12083| [65168] SLES9: Security update for apache2-mod_python
12084| [65142] SLES9: Security update for Apache2
12085| [65136] SLES9: Security update for Apache 2
12086| [65132] SLES9: Security update for apache
12087| [65131] SLES9: Security update for Apache 2 oes/CORE
12088| [65113] SLES9: Security update for apache2
12089| [65072] SLES9: Security update for apache and mod_ssl
12090| [65017] SLES9: Security update for Apache 2
12091| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12092| [64783] FreeBSD Ports: apache
12093| [64774] Ubuntu USN-802-2 (apache2)
12094| [64653] Ubuntu USN-813-2 (apache2)
12095| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12096| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12097| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12098| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12099| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12100| [64443] Ubuntu USN-802-1 (apache2)
12101| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12102| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12103| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12104| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12105| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12106| [64201] Ubuntu USN-787-1 (apache2)
12107| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12108| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12109| [63565] FreeBSD Ports: apache
12110| [63562] Ubuntu USN-731-1 (apache2)
12111| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12112| [61185] FreeBSD Ports: apache
12113| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12114| [60387] Slackware Advisory SSA:2008-045-02 apache
12115| [58826] FreeBSD Ports: apache-tomcat
12116| [58825] FreeBSD Ports: apache-tomcat
12117| [58804] FreeBSD Ports: apache
12118| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12119| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12120| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12121| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12122| [57335] Debian Security Advisory DSA 1167-1 (apache)
12123| [57201] Debian Security Advisory DSA 1131-1 (apache)
12124| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12125| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12126| [57145] FreeBSD Ports: apache
12127| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12128| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12129| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12130| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12131| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12132| [56067] FreeBSD Ports: apache
12133| [55803] Slackware Advisory SSA:2005-310-04 apache
12134| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12135| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12136| [55355] FreeBSD Ports: apache
12137| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12138| [55261] Debian Security Advisory DSA 805-1 (apache2)
12139| [55259] Debian Security Advisory DSA 803-1 (apache)
12140| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12141| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12142| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12143| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12144| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12145| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12146| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12147| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12148| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12149| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12150| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12151| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12152| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12153| [54439] FreeBSD Ports: apache
12154| [53931] Slackware Advisory SSA:2004-133-01 apache
12155| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12156| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12157| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12158| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12159| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12160| [53848] Debian Security Advisory DSA 131-1 (apache)
12161| [53784] Debian Security Advisory DSA 021-1 (apache)
12162| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12163| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12164| [53735] Debian Security Advisory DSA 187-1 (apache)
12165| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12166| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12167| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12168| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12169| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12170| [53282] Debian Security Advisory DSA 594-1 (apache)
12171| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12172| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12173| [53215] Debian Security Advisory DSA 525-1 (apache)
12174| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12175| [52529] FreeBSD Ports: apache+ssl
12176| [52501] FreeBSD Ports: apache
12177| [52461] FreeBSD Ports: apache
12178| [52390] FreeBSD Ports: apache
12179| [52389] FreeBSD Ports: apache
12180| [52388] FreeBSD Ports: apache
12181| [52383] FreeBSD Ports: apache
12182| [52339] FreeBSD Ports: apache+mod_ssl
12183| [52331] FreeBSD Ports: apache
12184| [52329] FreeBSD Ports: ru-apache+mod_ssl
12185| [52314] FreeBSD Ports: apache
12186| [52310] FreeBSD Ports: apache
12187| [15588] Detect Apache HTTPS
12188| [15555] Apache mod_proxy content-length buffer overflow
12189| [15554] Apache mod_include priviledge escalation
12190| [14771] Apache <= 1.3.33 htpasswd local overflow
12191| [14177] Apache mod_access rule bypass
12192| [13644] Apache mod_rootme Backdoor
12193| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12194| [12280] Apache Connection Blocking Denial of Service
12195| [12239] Apache Error Log Escape Sequence Injection
12196| [12123] Apache Tomcat source.jsp malformed request information disclosure
12197| [12085] Apache Tomcat servlet/JSP container default files
12198| [11438] Apache Tomcat Directory Listing and File disclosure
12199| [11204] Apache Tomcat Default Accounts
12200| [11092] Apache 2.0.39 Win32 directory traversal
12201| [11046] Apache Tomcat TroubleShooter Servlet Installed
12202| [11042] Apache Tomcat DOS Device Name XSS
12203| [11041] Apache Tomcat /servlet Cross Site Scripting
12204| [10938] Apache Remote Command Execution via .bat files
12205| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12206| [10773] MacOS X Finder reveals contents of Apache Web files
12207| [10766] Apache UserDir Sensitive Information Disclosure
12208| [10756] MacOS X Finder reveals contents of Apache Web directories
12209| [10752] Apache Auth Module SQL Insertion Attack
12210| [10704] Apache Directory Listing
12211| [10678] Apache /server-info accessible
12212| [10677] Apache /server-status accessible
12213| [10440] Check for Apache Multiple / vulnerability
12214|
12215| SecurityTracker - https://www.securitytracker.com:
12216| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12217| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12218| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12219| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12220| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12221| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12222| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12223| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12224| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12225| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12226| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12227| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12228| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12229| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12230| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12231| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12232| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12233| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12234| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12235| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12236| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12237| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12238| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12239| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12240| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12241| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12242| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12243| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12244| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12245| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12246| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12247| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12248| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12249| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12250| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12251| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12252| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12253| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12254| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12255| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12256| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12257| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12258| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12259| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12260| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12261| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12262| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12263| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12264| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12265| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12266| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12267| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12268| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12269| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12270| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12271| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12272| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12273| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12274| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12275| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12276| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12277| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12278| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12279| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12280| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12281| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12282| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12283| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12284| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12285| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12286| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12287| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12288| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12289| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12290| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12291| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12292| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12293| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12294| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12295| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12296| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12297| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12298| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12299| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12300| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12301| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12302| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12303| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12304| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12305| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12306| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12307| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12308| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12309| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12310| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12311| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12312| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12313| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12314| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12315| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12316| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12317| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12318| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12319| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12320| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12321| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12322| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12323| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12324| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12325| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12326| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12327| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12328| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12329| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12330| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12331| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12332| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12333| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12334| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12335| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12336| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12337| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12338| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12339| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12340| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12341| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12342| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12343| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12344| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12345| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12346| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12347| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12348| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12349| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12350| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12351| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12352| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12353| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12354| [1008920] Apache mod_digest May Validate Replayed Client Responses
12355| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12356| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12357| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12358| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12359| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12360| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12361| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12362| [1008029] Apache mod_alias Contains a Buffer Overflow
12363| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12364| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12365| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12366| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12367| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12368| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12369| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12370| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12371| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12372| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12373| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12374| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12375| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12376| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12377| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12378| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12379| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12380| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12381| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12382| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12383| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12384| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12385| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12386| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12387| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12388| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12389| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12390| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12391| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12392| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12393| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12394| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12395| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12396| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12397| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12398| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12399| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12400| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12401| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12402| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12403| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12404| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12405| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12406| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12407| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12408| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12409| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12410| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12411| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12412| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12413| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12414| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12415| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12416| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12417| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12418| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12419|
12420| OSVDB - http://www.osvdb.org:
12421| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12422| [96077] Apache CloudStack Global Settings Multiple Field XSS
12423| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12424| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12425| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12426| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12427| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12428| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12429| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12430| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12431| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12432| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12433| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12434| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12435| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12436| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12437| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12438| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12439| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12440| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12441| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12442| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12443| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12444| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12445| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12446| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12447| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12448| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12449| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12450| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12451| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12452| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12453| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12454| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12455| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12456| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12457| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12458| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12459| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12460| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12461| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12462| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12463| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12464| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12465| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12466| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12467| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12468| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12469| [94279] Apache Qpid CA Certificate Validation Bypass
12470| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12471| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12472| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12473| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12474| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12475| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12476| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12477| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12478| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12479| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12480| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12481| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12482| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12483| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12484| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12485| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12486| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12487| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12488| [93541] Apache Solr json.wrf Callback XSS
12489| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12490| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12491| [93520] Apache CloudStack Default SSL Key Weakness
12492| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12493| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12494| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12495| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12496| [93515] Apache HBase table.jsp name Parameter XSS
12497| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12498| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12499| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12500| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12501| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12502| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12503| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12504| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12505| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12506| [93252] Apache Tomcat FORM Authenticator Session Fixation
12507| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12508| [93171] Apache Sling HtmlResponse Error Message XSS
12509| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12510| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12511| [93168] Apache Click ErrorReport.java id Parameter XSS
12512| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12513| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12514| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12515| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12516| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12517| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12518| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12519| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12520| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12521| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12522| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12523| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12524| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12525| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12526| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12527| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12528| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12529| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12530| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12531| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12532| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12533| [93144] Apache Solr Admin Command Execution CSRF
12534| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12535| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12536| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12537| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12538| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12539| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12540| [92748] Apache CloudStack VM Console Access Restriction Bypass
12541| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12542| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12543| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12544| [92706] Apache ActiveMQ Debug Log Rendering XSS
12545| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12546| [92270] Apache Tomcat Unspecified CSRF
12547| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12548| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12549| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12550| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12551| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12552| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12553| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12554| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12555| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12556| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12557| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12558| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12559| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12560| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12561| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12562| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12563| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12564| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12565| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12566| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12567| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12568| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12569| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12570| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12571| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12572| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12573| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12574| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12575| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12576| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12577| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12578| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12579| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12580| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12581| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12582| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12583| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12584| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12585| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12586| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12587| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12588| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12589| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12590| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12591| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12592| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12593| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12594| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12595| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12596| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12597| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12598| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12599| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12600| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12601| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12602| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12603| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12604| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12605| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12606| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12607| [86901] Apache Tomcat Error Message Path Disclosure
12608| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12609| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12610| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12611| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12612| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12613| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12614| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12615| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12616| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12617| [85430] Apache mod_pagespeed Module Unspecified XSS
12618| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12619| [85249] Apache Wicket Unspecified XSS
12620| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12621| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12622| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12623| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12624| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12625| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12626| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12627| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12628| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12629| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12630| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12631| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12632| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12633| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12634| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12635| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12636| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12637| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12638| [83339] Apache Roller Blogger Roll Unspecified XSS
12639| [83270] Apache Roller Unspecified Admin Action CSRF
12640| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12641| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12642| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12643| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12644| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12645| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12646| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12647| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12648| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12649| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12650| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12651| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12652| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12653| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12654| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12655| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12656| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12657| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12658| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12659| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12660| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12661| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12662| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12663| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12664| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12665| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12666| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12667| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12668| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12669| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12670| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12671| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12672| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12673| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12674| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12675| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12676| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12677| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12678| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12679| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12680| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12681| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12682| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12683| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12684| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12685| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12686| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12687| [77593] Apache Struts Conversion Error OGNL Expression Injection
12688| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12689| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12690| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12691| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12692| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12693| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12694| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12695| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12696| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12697| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12698| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12699| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12700| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12701| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12702| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12703| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12704| [74725] Apache Wicket Multi Window Support Unspecified XSS
12705| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12706| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12707| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12708| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12709| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12710| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12711| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12712| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12713| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12714| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12715| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12716| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12717| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12718| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12719| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12720| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12721| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12722| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12723| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12724| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12725| [73154] Apache Archiva Multiple Unspecified CSRF
12726| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12727| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12728| [72238] Apache Struts Action / Method Names <
12729| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12730| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12731| [71557] Apache Tomcat HTML Manager Multiple XSS
12732| [71075] Apache Archiva User Management Page XSS
12733| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12734| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12735| [70924] Apache Continuum Multiple Admin Function CSRF
12736| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12737| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12738| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12739| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12740| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12741| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12742| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12743| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12744| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12745| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12746| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12747| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12748| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12749| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12750| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12751| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12752| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12753| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12754| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12755| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12756| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12757| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12758| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12759| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12760| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12761| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12762| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12763| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12764| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12765| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12766| [65054] Apache ActiveMQ Jetty Error Handler XSS
12767| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12768| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12769| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12770| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12771| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12772| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12773| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12774| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12775| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12776| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12777| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12778| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12779| [63895] Apache HTTP Server mod_headers Unspecified Issue
12780| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12781| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12782| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12783| [63140] Apache Thrift Service Malformed Data Remote DoS
12784| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12785| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12786| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12787| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12788| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12789| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12790| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12791| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12792| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12793| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12794| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12795| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12796| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12797| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12798| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12799| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12800| [60678] Apache Roller Comment Email Notification Manipulation DoS
12801| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12802| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12803| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12804| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12805| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12806| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12807| [60232] PHP on Apache php.exe Direct Request Remote DoS
12808| [60176] Apache Tomcat Windows Installer Admin Default Password
12809| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12810| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12811| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12812| [59944] Apache Hadoop jobhistory.jsp XSS
12813| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12814| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12815| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12816| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12817| [59019] Apache mod_python Cookie Salting Weakness
12818| [59018] Apache Harmony Error Message Handling Overflow
12819| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12820| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12821| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12822| [59010] Apache Solr get-file.jsp XSS
12823| [59009] Apache Solr action.jsp XSS
12824| [59008] Apache Solr analysis.jsp XSS
12825| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12826| [59006] Apache Beehive select / checkbox Tag XSS
12827| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12828| [59004] Apache Beehive Error Message XSS
12829| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12830| [59002] Apache Jetspeed default-page.psml URI XSS
12831| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12832| [59000] Apache CXF Unsigned Message Policy Bypass
12833| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12834| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12835| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12836| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12837| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12838| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12839| [58993] Apache Hadoop browseBlock.jsp XSS
12840| [58991] Apache Hadoop browseDirectory.jsp XSS
12841| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12842| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12843| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12844| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12845| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12846| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12847| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12848| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12849| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12850| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12851| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12852| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12853| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12854| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12855| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12856| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12857| [58974] Apache Sling /apps Script User Session Management Access Weakness
12858| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12859| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12860| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12861| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12862| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12863| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12864| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12865| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12866| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12867| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12868| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12869| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12870| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12871| [58805] Apache Derby Unauthenticated Database / Admin Access
12872| [58804] Apache Wicket Header Contribution Unspecified Issue
12873| [58803] Apache Wicket Session Fixation
12874| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12875| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12876| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12877| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12878| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12879| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12880| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12881| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12882| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12883| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12884| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12885| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12886| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12887| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12888| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12889| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12890| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12891| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12892| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12893| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12894| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12895| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12896| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12897| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12898| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12899| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12900| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12901| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12902| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12903| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12904| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12905| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12906| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12907| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12908| [58755] Apache Harmony DRLVM Non-public Class Member Access
12909| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12910| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12911| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12912| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12913| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12914| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12915| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12916| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12917| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12918| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12919| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12920| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12921| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12922| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12923| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12924| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12925| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12926| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12927| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12928| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12929| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12930| [58724] Apache Roller Logout Functionality Failure Session Persistence
12931| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12932| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12933| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12934| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12935| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12936| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12937| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12938| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12939| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12940| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12941| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12942| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12943| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12944| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12945| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12946| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12947| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12948| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12949| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12950| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12951| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12952| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12953| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12954| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12955| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12956| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12957| [58687] Apache Axis Invalid wsdl Request XSS
12958| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12959| [58685] Apache Velocity Template Designer Privileged Code Execution
12960| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12961| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12962| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12963| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12964| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12965| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12966| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12967| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12968| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12969| [58667] Apache Roller Database Cleartext Passwords Disclosure
12970| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12971| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12972| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12973| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12974| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12975| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12976| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12977| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12978| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12979| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12980| [56984] Apache Xerces2 Java Malformed XML Input DoS
12981| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12982| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12983| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12984| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12985| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12986| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12987| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12988| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12989| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12990| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12991| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12992| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12993| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12994| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12995| [55056] Apache Tomcat Cross-application TLD File Manipulation
12996| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12997| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12998| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12999| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13000| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13001| [54589] Apache Jserv Nonexistent JSP Request XSS
13002| [54122] Apache Struts s:a / s:url Tag href Element XSS
13003| [54093] Apache ActiveMQ Web Console JMS Message XSS
13004| [53932] Apache Geronimo Multiple Admin Function CSRF
13005| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13006| [53930] Apache Geronimo /console/portal/ URI XSS
13007| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13008| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13009| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13010| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13011| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13012| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13013| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13014| [53380] Apache Struts Unspecified XSS
13015| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13016| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13017| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13018| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13019| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13020| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13021| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13022| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13023| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13024| [51151] Apache Roller Search Function q Parameter XSS
13025| [50482] PHP with Apache php_value Order Unspecified Issue
13026| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13027| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13028| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13029| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13030| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13031| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13032| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13033| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13034| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13035| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13036| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13037| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13038| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13039| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13040| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13041| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13042| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13043| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13044| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13045| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13046| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13047| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13048| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13049| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13050| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13051| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13052| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13053| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13054| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13055| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13056| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13057| [43452] Apache Tomcat HTTP Request Smuggling
13058| [43309] Apache Geronimo LoginModule Login Method Bypass
13059| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13060| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13061| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13062| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13063| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13064| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13065| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13066| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13067| [42091] Apache Maven Site Plugin Installation Permission Weakness
13068| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13069| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13070| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13071| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13072| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13073| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13074| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13075| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13076| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13077| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13078| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13079| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13080| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13081| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13082| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13083| [40262] Apache HTTP Server mod_status refresh XSS
13084| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13085| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13086| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13087| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13088| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13089| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13090| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13091| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13092| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13093| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13094| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13095| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13096| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13097| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13098| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13099| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13100| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13101| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13102| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13103| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13104| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13105| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13106| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13107| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13108| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13109| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13110| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13111| [36079] Apache Tomcat Manager Uploaded Filename XSS
13112| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13113| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13114| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13115| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13116| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13117| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13118| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13119| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13120| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13121| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13122| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13123| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13124| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13125| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13126| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13127| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13128| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13129| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13130| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13131| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13132| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13133| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13134| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13135| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13136| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13137| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13138| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13139| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13140| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13141| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13142| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13143| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13144| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13145| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13146| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13147| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13148| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13149| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13150| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13151| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13152| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13153| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13154| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13155| [24365] Apache Struts Multiple Function Error Message XSS
13156| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13157| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13158| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13159| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13160| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13161| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13162| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13163| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13164| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13165| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13166| [22459] Apache Geronimo Error Page XSS
13167| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13168| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13169| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13170| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13171| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13172| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13173| [21021] Apache Struts Error Message XSS
13174| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13175| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13176| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13177| [20439] Apache Tomcat Directory Listing Saturation DoS
13178| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13179| [20285] Apache HTTP Server Log File Control Character Injection
13180| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13181| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13182| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13183| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13184| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13185| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13186| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13187| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13188| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13189| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13190| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13191| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13192| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13193| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13194| [18233] Apache HTTP Server htdigest user Variable Overfow
13195| [17738] Apache HTTP Server HTTP Request Smuggling
13196| [16586] Apache HTTP Server Win32 GET Overflow DoS
13197| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13198| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13199| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13200| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13201| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13202| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13203| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13204| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13205| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13206| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13207| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13208| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13209| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13210| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13211| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13212| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13213| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13214| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13215| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13216| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13217| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13218| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13219| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13220| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13221| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13222| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13223| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13224| [13304] Apache Tomcat realPath.jsp Path Disclosure
13225| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13226| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13227| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13228| [12848] Apache HTTP Server htdigest realm Variable Overflow
13229| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13230| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13231| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13232| [12557] Apache HTTP Server prefork MPM accept Error DoS
13233| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13234| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13235| [12231] Apache Tomcat web.xml Arbitrary File Access
13236| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13237| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13238| [12178] Apache Jakarta Lucene results.jsp XSS
13239| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13240| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13241| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13242| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13243| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13244| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13245| [10471] Apache Xerces-C++ XML Parser DoS
13246| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13247| [10068] Apache HTTP Server htpasswd Local Overflow
13248| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13249| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13250| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13251| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13252| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13253| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13254| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13255| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13256| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13257| [9714] Apache Authentication Module Threaded MPM DoS
13258| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13259| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13260| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13261| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13262| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13263| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13264| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13265| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13266| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13267| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13268| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13269| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13270| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13271| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13272| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13273| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13274| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13275| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13276| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13277| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13278| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13279| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13280| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13281| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13282| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13283| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13284| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13285| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13286| [9208] Apache Tomcat .jsp Encoded Newline XSS
13287| [9204] Apache Tomcat ROOT Application XSS
13288| [9203] Apache Tomcat examples Application XSS
13289| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13290| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13291| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13292| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13293| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13294| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13295| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13296| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13297| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13298| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13299| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13300| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13301| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13302| [7611] Apache HTTP Server mod_alias Local Overflow
13303| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13304| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13305| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13306| [6882] Apache mod_python Malformed Query String Variant DoS
13307| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13308| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13309| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13310| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13311| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13312| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13313| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13314| [5278] Apache Tomcat web.xml Restriction Bypass
13315| [5051] Apache Tomcat Null Character DoS
13316| [4973] Apache Tomcat servlet Mapping XSS
13317| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13318| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13319| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13320| [4568] mod_survey For Apache ENV Tags SQL Injection
13321| [4553] Apache HTTP Server ApacheBench Overflow DoS
13322| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13323| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13324| [4383] Apache HTTP Server Socket Race Condition DoS
13325| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13326| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13327| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13328| [4231] Apache Cocoon Error Page Server Path Disclosure
13329| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13330| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13331| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13332| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13333| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13334| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13335| [3322] mod_php for Apache HTTP Server Process Hijack
13336| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13337| [2885] Apache mod_python Malformed Query String DoS
13338| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13339| [2733] Apache HTTP Server mod_rewrite Local Overflow
13340| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13341| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13342| [2149] Apache::Gallery Privilege Escalation
13343| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13344| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13345| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13346| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13347| [872] Apache Tomcat Multiple Default Accounts
13348| [862] Apache HTTP Server SSI Error Page XSS
13349| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13350| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13351| [845] Apache Tomcat MSDOS Device XSS
13352| [844] Apache Tomcat Java Servlet Error Page XSS
13353| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13354| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13355| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13356| [775] Apache mod_python Module Importing Privilege Function Execution
13357| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13358| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13359| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13360| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13361| [637] Apache HTTP Server UserDir Directive Username Enumeration
13362| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13363| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13364| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13365| [561] Apache Web Servers mod_status /server-status Information Disclosure
13366| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13367| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13368| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13369| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13370| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13371| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13372| [376] Apache Tomcat contextAdmin Arbitrary File Access
13373| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13374| [222] Apache HTTP Server test-cgi Arbitrary File Access
13375| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13376| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13377|_
13378110/tcp open pop3 Courier pop3d
13379| vulscan: VulDB - https://vuldb.com:
13380| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
13381| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
13382| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
13383| [50725] e-Courier CMS cross site scripting
13384| [46287] Pre Courier and Cargo Business unknown vulnerability
13385| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
13386| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
13387|
13388| MITRE CVE - https://cve.mitre.org:
13389| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
13390| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
13391| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
13392| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
13393| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
13394| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
13395| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
13396| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
13397| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
13398| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
13399| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
13400| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
13401| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
13402| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
13403| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
13404| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
13405| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
13406| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
13407| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
13408| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
13409| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
13410| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
13411| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
13412| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
13413| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
13414| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
13415| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
13416|
13417| SecurityFocus - https://www.securityfocus.com/bid/:
13418| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
13419| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
13420| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
13421| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
13422| [39838] tpop3d Remote Denial of Service Vulnerability
13423| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
13424| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
13425| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
13426| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
13427| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
13428| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
13429| [15771] Courier Mail Server Unauthorized Access Vulnerability
13430| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
13431| [10976] Courier-IMAP Remote Format String Vulnerability
13432| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
13433| [8495] akpop3d User Name SQL Injection Vulnerability
13434| [8473] Vpop3d Remote Denial Of Service Vulnerability
13435| [6738] Courier-IMAP Username SQL Injection Vulnerability
13436| [6189] Courier SqWebMail File Disclosure Vulnerability
13437| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
13438| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
13439| [3990] ZPop3D Bad Login Logging Failure Vulnerability
13440| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
13441|
13442| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13443| [54180] e-Courier CMS multiple scripts cross-site scripting
13444| [54143] e-Courier CMS index.asp cross-site scripting
13445| [47494] Courier Authentication Library Postgres SQL injection
13446| [47436] PRE COURIER &
13447| [43628] Novell OpenSUSE courier-authlib SQL injection
13448| [42950] Courier authentication library username SQL injection
13449| [33805] Gentoo Courier-IMAP command execution
13450| [26998] Courier Mail Server libs/comverp.c usernames denial of service
13451| [26578] Cyrus IMAP pop3d buffer overflow
13452| [23532] Courier Mail Server authentication daemon allows deactivated account access
13453| [21565] Courier Mail Server rfc1035/spf.c denial of service
13454| [17034] Courier-IMAP auth_debug format string attack
13455| [15434] Courier Japanese codeset converter buffer overflow
13456| [13018] akpop3d authentication code SQL injection
13457| [11213] Courier-IMAP authpgsqllib username SQL injection
13458| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
13459| [9228] Courier MTA long year denial of service
13460| [7345] Slackware Linux imapd and ipop3d core dump
13461| [6269] imap, ipop2d and ipop3d buffer overflows
13462| [5923] Linuxconf vpop3d symbolic link
13463| [4918] IPOP3D, Buffer overflow attack
13464| [1560] IPOP3D, user login successful
13465| [1559] IPOP3D user login to remote host successful
13466| [1525] IPOP3D, user logout
13467| [1524] IPOP3D, user auto-logout
13468| [1523] IPOP3D, user login failure
13469| [1522] IPOP3D, brute force attack
13470| [1521] IPOP3D, user kiss of death logout
13471| [418] pop3d mktemp creates insecure temporary files
13472|
13473| Exploit-DB - https://www.exploit-db.com:
13474| [23053] Vpop3d Remote Denial of Service Vulnerability
13475| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
13476| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
13477| [11893] tPop3d 1.5.3 DoS
13478| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
13479| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
13480| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
13481| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
13482|
13483| OpenVAS (Nessus) - http://www.openvas.org:
13484| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
13485| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
13486| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
13487| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
13488| [61192] FreeBSD Ports: courier-authlib
13489| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
13490| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
13491| [57001] Debian Security Advisory DSA 1101-1 (courier)
13492| [55972] Debian Security Advisory DSA 917-1 (courier)
13493| [55421] Debian Security Advisory DSA 820-1 (courier)
13494| [55204] Debian Security Advisory DSA 793-1 (courier)
13495| [55165] Debian Security Advisory DSA 784-1 (courier)
13496| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
13497| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
13498| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
13499| [53589] Debian Security Advisory DSA 247-1 (courier)
13500| [53441] Debian Security Advisory DSA 197-1 (courier)
13501| [53222] Debian Security Advisory DSA 533-1 (courier)
13502| [52431] FreeBSD Ports: courier
13503| [52418] FreeBSD Ports: courier-imap
13504|
13505| SecurityTracker - https://www.securitytracker.com:
13506| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
13507| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
13508| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
13509| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
13510| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
13511| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
13512| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
13513|
13514| OSVDB - http://www.osvdb.org:
13515| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
13516| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
13517| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
13518| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
13519| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
13520| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
13521| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
13522| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
13523| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
13524| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
13525| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
13526| [47516] openSUSE courier-authlib Unspecified SQL Injection
13527| [46049] Courier Authentication Library Username SQL Injection
13528| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
13529| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
13530| [26232] Courier Mail Server Crafted Username Encoding DoS
13531| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
13532| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
13533| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
13534| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
13535| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
13536| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
13537| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
13538| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
13539| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
13540| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
13541| [5857] Linux pop3d Arbitrary Mail File Access
13542| [5052] Double Precision Courier MTA Invalid Year DoS
13543| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
13544| [2471] akpop3d username SQL Injection
13545|_
13546113/tcp closed ident
13547139/tcp closed netbios-ssn
13548143/tcp open imap Courier Imapd (released 2017)
13549| vulscan: VulDB - https://vuldb.com:
13550| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
13551| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
13552| [59792] Cyrus IMAPd 2.4.11 weak authentication
13553| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
13554| [50725] e-Courier CMS cross site scripting
13555| [46287] Pre Courier and Cargo Business unknown vulnerability
13556| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
13557| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
13558| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
13559| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
13560|
13561| MITRE CVE - https://cve.mitre.org:
13562| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
13563| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
13564| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
13565| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
13566| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
13567| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
13568| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
13569| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
13570| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
13571| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
13572| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
13573| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
13574| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
13575| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
13576| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
13577| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
13578| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
13579| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
13580| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
13581| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
13582| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
13583| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
13584| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
13585| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
13586| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
13587| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
13588| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
13589| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
13590| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
13591| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
13592| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
13593| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
13594| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
13595| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
13596| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
13597| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
13598| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
13599| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
13600| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
13601| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
13602| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
13603| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
13604| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
13605| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
13606| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
13607| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
13608| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
13609| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
13610| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
13611| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
13612|
13613| SecurityFocus - https://www.securityfocus.com/bid/:
13614| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
13615| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
13616| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
13617| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
13618| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
13619| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
13620| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
13621| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
13622| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
13623| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
13624| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
13625| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
13626| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
13627| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
13628| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
13629| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
13630| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
13631| [15771] Courier Mail Server Unauthorized Access Vulnerability
13632| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
13633| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
13634| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
13635| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
13636| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
13637| [10976] Courier-IMAP Remote Format String Vulnerability
13638| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
13639| [6738] Courier-IMAP Username SQL Injection Vulnerability
13640| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
13641| [6189] Courier SqWebMail File Disclosure Vulnerability
13642| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
13643| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
13644| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
13645| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
13646| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
13647| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
13648| [130] imapd Buffer Overflow Vulnerability
13649|
13650| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13651| [70325] Cyrus IMAPd NNTP security bypass
13652| [54180] e-Courier CMS multiple scripts cross-site scripting
13653| [54143] e-Courier CMS index.asp cross-site scripting
13654| [47526] UW-imapd rfc822_output_char() denial of service
13655| [47494] Courier Authentication Library Postgres SQL injection
13656| [47436] PRE COURIER &
13657| [43628] Novell OpenSUSE courier-authlib SQL injection
13658| [42950] Courier authentication library username SQL injection
13659| [33805] Gentoo Courier-IMAP command execution
13660| [26998] Courier Mail Server libs/comverp.c usernames denial of service
13661| [23532] Courier Mail Server authentication daemon allows deactivated account access
13662| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
13663| [21565] Courier Mail Server rfc1035/spf.c denial of service
13664| [19460] Cyrus IMAP imapd buffer overflow
13665| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
13666| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
13667| [17034] Courier-IMAP auth_debug format string attack
13668| [15434] Courier Japanese codeset converter buffer overflow
13669| [11213] Courier-IMAP authpgsqllib username SQL injection
13670| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
13671| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
13672| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
13673| [9228] Courier MTA long year denial of service
13674| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
13675| [7345] Slackware Linux imapd and ipop3d core dump
13676| [573] Imapd denial of service
13677|
13678| Exploit-DB - https://www.exploit-db.com:
13679| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
13680| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
13681| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
13682| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
13683| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
13684| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
13685| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
13686| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
13687| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
13688| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
13689| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
13690| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
13691| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
13692| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
13693| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
13694| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
13695| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
13696| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
13697| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
13698| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
13699| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
13700| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
13701| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
13702| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
13703| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
13704| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
13705| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
13706| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
13707| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
13708| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
13709| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
13710| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
13711| [340] Linux imapd Remote Overflow File Retrieve Exploit
13712|
13713| OpenVAS (Nessus) - http://www.openvas.org:
13714| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
13715| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
13716| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
13717| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
13718| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
13719| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
13720| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
13721| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
13722| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
13723| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
13724| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
13725| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
13726| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
13727| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
13728| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
13729| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
13730| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
13731| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
13732| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
13733| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
13734| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
13735| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
13736| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
13737| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
13738| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
13739| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
13740| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
13741| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
13742| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
13743| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
13744| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
13745| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
13746| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
13747| [66233] SLES10: Security update for Cyrus IMAPD
13748| [66226] SLES11: Security update for Cyrus IMAPD
13749| [66222] SLES9: Security update for Cyrus IMAPD
13750| [65938] SLES10: Security update for Cyrus IMAPD
13751| [65723] SLES11: Security update for Cyrus IMAPD
13752| [65523] SLES9: Security update for Cyrus IMAPD
13753| [65479] SLES9: Security update for cyrus-imapd
13754| [65094] SLES9: Security update for cyrus-imapd
13755| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
13756| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
13757| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
13758| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
13759| [64898] FreeBSD Ports: cyrus-imapd
13760| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
13761| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
13762| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
13763| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
13764| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
13765| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
13766| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
13767| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
13768| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
13769| [61192] FreeBSD Ports: courier-authlib
13770| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
13771| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
13772| [57001] Debian Security Advisory DSA 1101-1 (courier)
13773| [55972] Debian Security Advisory DSA 917-1 (courier)
13774| [55807] Slackware Advisory SSA:2005-310-06 imapd
13775| [55421] Debian Security Advisory DSA 820-1 (courier)
13776| [55204] Debian Security Advisory DSA 793-1 (courier)
13777| [55165] Debian Security Advisory DSA 784-1 (courier)
13778| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
13779| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
13780| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
13781| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
13782| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
13783| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
13784| [53589] Debian Security Advisory DSA 247-1 (courier)
13785| [53441] Debian Security Advisory DSA 197-1 (courier)
13786| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
13787| [53222] Debian Security Advisory DSA 533-1 (courier)
13788| [52431] FreeBSD Ports: courier
13789| [52418] FreeBSD Ports: courier-imap
13790| [52297] FreeBSD Ports: cyrus-imapd
13791| [52296] FreeBSD Ports: cyrus-imapd
13792| [52295] FreeBSD Ports: cyrus-imapd
13793| [52294] FreeBSD Ports: cyrus-imapd
13794| [52172] FreeBSD Ports: cyrus-imapd
13795|
13796| SecurityTracker - https://www.securitytracker.com:
13797| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
13798| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
13799| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
13800| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
13801| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
13802| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
13803| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
13804| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
13805|
13806| OSVDB - http://www.osvdb.org:
13807| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
13808| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
13809| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
13810| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
13811| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
13812| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
13813| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
13814| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
13815| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
13816| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
13817| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
13818| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
13819| [52906] UW-imapd c-client Initial Request Remote Format String
13820| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
13821| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
13822| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
13823| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
13824| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
13825| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
13826| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
13827| [47516] openSUSE courier-authlib Unspecified SQL Injection
13828| [46049] Courier Authentication Library Username SQL Injection
13829| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
13830| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
13831| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
13832| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
13833| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
13834| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
13835| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
13836| [26232] Courier Mail Server Crafted Username Encoding DoS
13837| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
13838| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
13839| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
13840| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
13841| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
13842| [13242] UW-imapd CRAM-MD5 Authentication Bypass
13843| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
13844| [12042] UoW imapd Multiple Unspecified Overflows
13845| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
13846| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
13847| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
13848| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
13849| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
13850| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
13851| [5052] Double Precision Courier MTA Invalid Year DoS
13852| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
13853| [911] UoW imapd AUTHENTICATE Command Remote Overflow
13854| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
13855| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
13856|_
13857443/tcp open ssl/http Apache httpd (PleskLin)
13858|_http-server-header: Apache
13859| vulscan: VulDB - https://vuldb.com:
13860| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
13861| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
13862| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
13863| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
13864| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
13865| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
13866| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
13867| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
13868| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
13869| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
13870| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
13871| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
13872| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
13873| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
13874| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
13875| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
13876| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
13877| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
13878| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
13879| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
13880| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
13881| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
13882| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
13883| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
13884| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
13885| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
13886| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
13887| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
13888| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
13889| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
13890| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
13891| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
13892| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13893| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13894| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
13895| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13896| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
13897| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
13898| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
13899| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
13900| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13901| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13902| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
13903| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
13904| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
13905| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13906| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13907| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
13908| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
13909| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13910| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13911| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
13912| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
13913| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
13914| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
13915| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
13916| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
13917| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
13918| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
13919| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
13920| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
13921| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13922| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13923| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
13924| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
13925| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13926| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
13927| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
13928| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
13929| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
13930| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
13931| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
13932| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
13933| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
13934| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
13935| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
13936| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
13937| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
13938| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
13939| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
13940| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
13941| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
13942| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
13943| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
13944| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
13945| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
13946| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
13947| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
13948| [136370] Apache Fineract up to 1.2.x sql injection
13949| [136369] Apache Fineract up to 1.2.x sql injection
13950| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
13951| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
13952| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
13953| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
13954| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
13955| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
13956| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
13957| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
13958| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
13959| [134416] Apache Sanselan 0.97-incubator Loop denial of service
13960| [134415] Apache Sanselan 0.97-incubator Hang denial of service
13961| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
13962| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
13963| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13964| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13965| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
13966| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
13967| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
13968| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
13969| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
13970| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
13971| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
13972| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
13973| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
13974| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
13975| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
13976| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
13977| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
13978| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
13979| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
13980| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
13981| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
13982| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
13983| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
13984| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
13985| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
13986| [131859] Apache Hadoop up to 2.9.1 privilege escalation
13987| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
13988| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
13989| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
13990| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
13991| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
13992| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
13993| [130629] Apache Guacamole Cookie Flag weak encryption
13994| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
13995| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
13996| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
13997| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
13998| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
13999| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
14000| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
14001| [130123] Apache Airflow up to 1.8.2 information disclosure
14002| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
14003| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
14004| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
14005| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
14006| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14007| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14008| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14009| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
14010| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
14011| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
14012| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
14013| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
14014| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
14015| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
14016| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
14017| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
14018| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
14019| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
14020| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14021| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
14022| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14023| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
14024| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
14025| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
14026| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
14027| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
14028| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
14029| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
14030| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
14031| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
14032| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
14033| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
14034| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
14035| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
14036| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
14037| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
14038| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
14039| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
14040| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
14041| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
14042| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
14043| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
14044| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
14045| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
14046| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
14047| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
14048| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
14049| [127007] Apache Spark Request Code Execution
14050| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
14051| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
14052| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
14053| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
14054| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
14055| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
14056| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
14057| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
14058| [126346] Apache Tomcat Path privilege escalation
14059| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
14060| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
14061| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
14062| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
14063| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
14064| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
14065| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
14066| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
14067| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
14068| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
14069| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
14070| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
14071| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
14072| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
14073| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
14074| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
14075| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
14076| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
14077| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
14078| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
14079| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
14080| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
14081| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
14082| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
14083| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
14084| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
14085| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
14086| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
14087| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
14088| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
14089| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
14090| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
14091| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
14092| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
14093| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
14094| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
14095| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
14096| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
14097| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
14098| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
14099| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
14100| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
14101| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
14102| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
14103| [123197] Apache Sentry up to 2.0.0 privilege escalation
14104| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
14105| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
14106| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
14107| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
14108| [122800] Apache Spark 1.3.0 REST API weak authentication
14109| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
14110| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
14111| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
14112| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
14113| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
14114| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
14115| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
14116| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
14117| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
14118| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
14119| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
14120| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
14121| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
14122| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
14123| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
14124| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
14125| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
14126| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
14127| [121354] Apache CouchDB HTTP API Code Execution
14128| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
14129| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
14130| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
14131| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
14132| [120168] Apache CXF weak authentication
14133| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
14134| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
14135| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
14136| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
14137| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
14138| [119306] Apache MXNet Network Interface privilege escalation
14139| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
14140| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
14141| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
14142| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
14143| [118143] Apache NiFi activemq-client Library Deserialization denial of service
14144| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
14145| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
14146| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
14147| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
14148| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
14149| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
14150| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
14151| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
14152| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
14153| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
14154| [117115] Apache Tika up to 1.17 tika-server command injection
14155| [116929] Apache Fineract getReportType Parameter privilege escalation
14156| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
14157| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
14158| [116926] Apache Fineract REST Parameter privilege escalation
14159| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
14160| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
14161| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
14162| [115883] Apache Hive up to 2.3.2 privilege escalation
14163| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
14164| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
14165| [115518] Apache Ignite 2.3 Deserialization privilege escalation
14166| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
14167| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
14168| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
14169| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
14170| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
14171| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
14172| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
14173| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
14174| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
14175| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
14176| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
14177| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
14178| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
14179| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
14180| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
14181| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
14182| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
14183| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
14184| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
14185| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
14186| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
14187| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
14188| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
14189| [113895] Apache Geode up to 1.3.x Code Execution
14190| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
14191| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
14192| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
14193| [113747] Apache Tomcat Servlets privilege escalation
14194| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
14195| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
14196| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
14197| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
14198| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
14199| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
14200| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
14201| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
14202| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
14203| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
14204| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
14205| [112885] Apache Allura up to 1.8.0 File information disclosure
14206| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
14207| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
14208| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
14209| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
14210| [112625] Apache POI up to 3.16 Loop denial of service
14211| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
14212| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
14213| [112339] Apache NiFi 1.5.0 Header privilege escalation
14214| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
14215| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
14216| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
14217| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
14218| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
14219| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
14220| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
14221| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
14222| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
14223| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
14224| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
14225| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
14226| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
14227| [112114] Oracle 9.1 Apache Log4j privilege escalation
14228| [112113] Oracle 9.1 Apache Log4j privilege escalation
14229| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
14230| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
14231| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
14232| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
14233| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
14234| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
14235| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
14236| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
14237| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
14238| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
14239| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
14240| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
14241| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
14242| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
14243| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
14244| [110701] Apache Fineract Query Parameter sql injection
14245| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
14246| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
14247| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
14248| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
14249| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
14250| [110106] Apache CXF Fediz Spring cross site request forgery
14251| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
14252| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
14253| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
14254| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
14255| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
14256| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
14257| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
14258| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
14259| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
14260| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
14261| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
14262| [108938] Apple macOS up to 10.13.1 apache denial of service
14263| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
14264| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
14265| [108935] Apple macOS up to 10.13.1 apache denial of service
14266| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
14267| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
14268| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
14269| [108931] Apple macOS up to 10.13.1 apache denial of service
14270| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
14271| [108929] Apple macOS up to 10.13.1 apache denial of service
14272| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
14273| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
14274| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
14275| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
14276| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
14277| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
14278| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
14279| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
14280| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
14281| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
14282| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
14283| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
14284| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
14285| [108782] Apache Xerces2 XML Service denial of service
14286| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
14287| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
14288| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
14289| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
14290| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
14291| [108629] Apache OFBiz up to 10.04.01 privilege escalation
14292| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
14293| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
14294| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
14295| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
14296| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
14297| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
14298| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
14299| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
14300| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
14301| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
14302| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
14303| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
14304| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
14305| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
14306| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
14307| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
14308| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
14309| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
14310| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
14311| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
14312| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
14313| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
14314| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
14315| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
14316| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
14317| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
14318| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
14319| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
14320| [107639] Apache NiFi 1.4.0 XML External Entity
14321| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
14322| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
14323| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
14324| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
14325| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
14326| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
14327| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
14328| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
14329| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
14330| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
14331| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
14332| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
14333| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
14334| [107197] Apache Xerces Jelly Parser XML File XML External Entity
14335| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
14336| [107084] Apache Struts up to 2.3.19 cross site scripting
14337| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
14338| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
14339| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
14340| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
14341| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
14342| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
14343| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
14344| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
14345| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
14346| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
14347| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
14348| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
14349| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
14350| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
14351| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
14352| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
14353| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
14354| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
14355| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
14356| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
14357| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
14358| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
14359| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
14360| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
14361| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
14362| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
14363| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
14364| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
14365| [105878] Apache Struts up to 2.3.24.0 privilege escalation
14366| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
14367| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
14368| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
14369| [105643] Apache Pony Mail up to 0.8b weak authentication
14370| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
14371| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
14372| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
14373| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
14374| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
14375| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
14376| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
14377| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
14378| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
14379| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
14380| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
14381| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
14382| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
14383| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
14384| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
14385| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
14386| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
14387| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
14388| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
14389| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
14390| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
14391| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
14392| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
14393| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
14394| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
14395| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
14396| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
14397| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
14398| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
14399| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
14400| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
14401| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
14402| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
14403| [103690] Apache OpenMeetings 1.0.0 sql injection
14404| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
14405| [103688] Apache OpenMeetings 1.0.0 weak encryption
14406| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
14407| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
14408| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
14409| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
14410| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
14411| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
14412| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
14413| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
14414| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
14415| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
14416| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
14417| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
14418| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
14419| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
14420| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
14421| [103352] Apache Solr Node weak authentication
14422| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
14423| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
14424| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
14425| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
14426| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
14427| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
14428| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
14429| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
14430| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
14431| [102536] Apache Ranger up to 0.6 Stored cross site scripting
14432| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
14433| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
14434| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
14435| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
14436| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
14437| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
14438| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
14439| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
14440| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
14441| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
14442| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
14443| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
14444| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
14445| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
14446| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
14447| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
14448| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
14449| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
14450| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
14451| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
14452| [99937] Apache Batik up to 1.8 privilege escalation
14453| [99936] Apache FOP up to 2.1 privilege escalation
14454| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
14455| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
14456| [99930] Apache Traffic Server up to 6.2.0 denial of service
14457| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
14458| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
14459| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
14460| [117569] Apache Hadoop up to 2.7.3 privilege escalation
14461| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
14462| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
14463| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
14464| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
14465| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
14466| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
14467| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
14468| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
14469| [99014] Apache Camel Jackson/JacksonXML privilege escalation
14470| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14471| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
14472| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14473| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
14474| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
14475| [98605] Apple macOS up to 10.12.3 Apache denial of service
14476| [98604] Apple macOS up to 10.12.3 Apache denial of service
14477| [98603] Apple macOS up to 10.12.3 Apache denial of service
14478| [98602] Apple macOS up to 10.12.3 Apache denial of service
14479| [98601] Apple macOS up to 10.12.3 Apache denial of service
14480| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
14481| [98405] Apache Hadoop up to 0.23.10 privilege escalation
14482| [98199] Apache Camel Validation XML External Entity
14483| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
14484| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
14485| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
14486| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
14487| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
14488| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
14489| [97081] Apache Tomcat HTTPS Request denial of service
14490| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
14491| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
14492| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
14493| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
14494| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
14495| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
14496| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
14497| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
14498| [95311] Apache Storm UI Daemon privilege escalation
14499| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
14500| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
14501| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
14502| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
14503| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
14504| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
14505| [94540] Apache Tika 1.9 tika-server File information disclosure
14506| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
14507| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
14508| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
14509| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
14510| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
14511| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
14512| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14513| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14514| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
14515| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
14516| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
14517| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
14518| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
14519| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
14520| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14521| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14522| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
14523| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
14524| [93532] Apache Commons Collections Library Java privilege escalation
14525| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
14526| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
14527| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
14528| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
14529| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
14530| [93098] Apache Commons FileUpload privilege escalation
14531| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
14532| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
14533| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
14534| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
14535| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
14536| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
14537| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
14538| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
14539| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
14540| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
14541| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
14542| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
14543| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
14544| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
14545| [92549] Apache Tomcat on Red Hat privilege escalation
14546| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
14547| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
14548| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
14549| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
14550| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
14551| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
14552| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
14553| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
14554| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
14555| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
14556| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
14557| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
14558| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
14559| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
14560| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
14561| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
14562| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
14563| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
14564| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
14565| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
14566| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
14567| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
14568| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
14569| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
14570| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
14571| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
14572| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
14573| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
14574| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
14575| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
14576| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
14577| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
14578| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
14579| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
14580| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
14581| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
14582| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
14583| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
14584| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
14585| [90263] Apache Archiva Header denial of service
14586| [90262] Apache Archiva Deserialize privilege escalation
14587| [90261] Apache Archiva XML DTD Connection privilege escalation
14588| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
14589| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
14590| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
14591| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
14592| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14593| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14594| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
14595| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
14596| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
14597| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
14598| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
14599| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
14600| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
14601| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
14602| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
14603| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
14604| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
14605| [87765] Apache James Server 2.3.2 Command privilege escalation
14606| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
14607| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
14608| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
14609| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
14610| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
14611| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
14612| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
14613| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
14614| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
14615| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14616| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14617| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
14618| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
14619| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
14620| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14621| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14622| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
14623| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
14624| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
14625| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
14626| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
14627| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
14628| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
14629| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
14630| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
14631| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
14632| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
14633| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
14634| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
14635| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
14636| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
14637| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
14638| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
14639| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
14640| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
14641| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
14642| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
14643| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
14644| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
14645| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
14646| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
14647| [82076] Apache Ranger up to 0.5.1 privilege escalation
14648| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
14649| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
14650| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
14651| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
14652| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
14653| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
14654| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
14655| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
14656| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
14657| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
14658| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
14659| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
14660| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14661| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14662| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
14663| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
14664| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
14665| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
14666| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
14667| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
14668| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
14669| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
14670| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
14671| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
14672| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
14673| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
14674| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
14675| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
14676| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
14677| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
14678| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
14679| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
14680| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
14681| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
14682| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
14683| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
14684| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
14685| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
14686| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
14687| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
14688| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
14689| [79791] Cisco Products Apache Commons Collections Library privilege escalation
14690| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14691| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14692| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
14693| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
14694| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
14695| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
14696| [78989] Apache Ambari up to 2.1.1 Open Redirect
14697| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
14698| [78987] Apache Ambari up to 2.0.x cross site scripting
14699| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
14700| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14701| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14702| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14703| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14704| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14705| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14706| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14707| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
14708| [77406] Apache Flex BlazeDS AMF Message XML External Entity
14709| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
14710| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
14711| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
14712| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
14713| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
14714| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
14715| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
14716| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
14717| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
14718| [76567] Apache Struts 2.3.20 unknown vulnerability
14719| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
14720| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
14721| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
14722| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
14723| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
14724| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
14725| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
14726| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
14727| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
14728| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
14729| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
14730| [74793] Apache Tomcat File Upload denial of service
14731| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
14732| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
14733| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
14734| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
14735| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
14736| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
14737| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
14738| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
14739| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
14740| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
14741| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
14742| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
14743| [74468] Apache Batik up to 1.6 denial of service
14744| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
14745| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
14746| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
14747| [74174] Apache WSS4J up to 2.0.0 privilege escalation
14748| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
14749| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
14750| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
14751| [73731] Apache XML Security unknown vulnerability
14752| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
14753| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
14754| [73593] Apache Traffic Server up to 5.1.0 denial of service
14755| [73511] Apache POI up to 3.10 Deadlock denial of service
14756| [73510] Apache Solr up to 4.3.0 cross site scripting
14757| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
14758| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
14759| [73173] Apache CloudStack Stack-Based unknown vulnerability
14760| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
14761| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
14762| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
14763| [72890] Apache Qpid 0.30 unknown vulnerability
14764| [72887] Apache Hive 0.13.0 File Permission privilege escalation
14765| [72878] Apache Cordova 3.5.0 cross site request forgery
14766| [72877] Apache Cordova 3.5.0 cross site request forgery
14767| [72876] Apache Cordova 3.5.0 cross site request forgery
14768| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
14769| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
14770| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
14771| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
14772| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14773| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14774| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
14775| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
14776| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
14777| [71629] Apache Axis2/C spoofing
14778| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
14779| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
14780| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
14781| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
14782| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
14783| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
14784| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
14785| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
14786| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
14787| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
14788| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
14789| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
14790| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
14791| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
14792| [70809] Apache POI up to 3.11 Crash denial of service
14793| [70808] Apache POI up to 3.10 unknown vulnerability
14794| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
14795| [70749] Apache Axis up to 1.4 getCN spoofing
14796| [70701] Apache Traffic Server up to 3.3.5 denial of service
14797| [70700] Apache OFBiz up to 12.04.03 cross site scripting
14798| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
14799| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
14800| [70661] Apache Subversion up to 1.6.17 denial of service
14801| [70660] Apache Subversion up to 1.6.17 spoofing
14802| [70659] Apache Subversion up to 1.6.17 spoofing
14803| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
14804| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
14805| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
14806| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
14807| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
14808| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
14809| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
14810| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
14811| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
14812| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
14813| [69846] Apache HBase up to 0.94.8 information disclosure
14814| [69783] Apache CouchDB up to 1.2.0 memory corruption
14815| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
14816| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
14817| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
14818| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
14819| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
14820| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
14821| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
14822| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
14823| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
14824| [69431] Apache Archiva up to 1.3.6 cross site scripting
14825| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
14826| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
14827| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
14828| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
14829| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
14830| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
14831| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
14832| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
14833| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
14834| [66739] Apache Camel up to 2.12.2 unknown vulnerability
14835| [66738] Apache Camel up to 2.12.2 unknown vulnerability
14836| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
14837| [66695] Apache CouchDB up to 1.2.0 cross site scripting
14838| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
14839| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
14840| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
14841| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
14842| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
14843| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
14844| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
14845| [66356] Apache Wicket up to 6.8.0 information disclosure
14846| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
14847| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
14848| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
14849| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
14850| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
14851| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
14852| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
14853| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
14854| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
14855| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
14856| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
14857| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
14858| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
14859| [65668] Apache Solr 4.0.0 Updater denial of service
14860| [65665] Apache Solr up to 4.3.0 denial of service
14861| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
14862| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
14863| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
14864| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
14865| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
14866| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
14867| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
14868| [65410] Apache Struts 2.3.15.3 cross site scripting
14869| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
14870| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
14871| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
14872| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
14873| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
14874| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
14875| [65340] Apache Shindig 2.5.0 information disclosure
14876| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
14877| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
14878| [10826] Apache Struts 2 File privilege escalation
14879| [65204] Apache Camel up to 2.10.1 unknown vulnerability
14880| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
14881| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
14882| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
14883| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
14884| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
14885| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
14886| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
14887| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
14888| [64722] Apache XML Security for C++ Heap-based memory corruption
14889| [64719] Apache XML Security for C++ Heap-based memory corruption
14890| [64718] Apache XML Security for C++ verify denial of service
14891| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
14892| [64716] Apache XML Security for C++ spoofing
14893| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
14894| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
14895| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
14896| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
14897| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
14898| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
14899| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
14900| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
14901| [64485] Apache Struts up to 2.2.3.0 privilege escalation
14902| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
14903| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
14904| [64467] Apache Geronimo 3.0 memory corruption
14905| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
14906| [64457] Apache Struts up to 2.2.3.0 cross site scripting
14907| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
14908| [9184] Apache Qpid up to 0.20 SSL misconfiguration
14909| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
14910| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
14911| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
14912| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
14913| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
14914| [8873] Apache Struts 2.3.14 privilege escalation
14915| [8872] Apache Struts 2.3.14 privilege escalation
14916| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
14917| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
14918| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
14919| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
14920| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
14921| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14922| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14923| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
14924| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
14925| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
14926| [64006] Apache ActiveMQ up to 5.7.0 denial of service
14927| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
14928| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
14929| [8427] Apache Tomcat Session Transaction weak authentication
14930| [63960] Apache Maven 3.0.4 Default Configuration spoofing
14931| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
14932| [63750] Apache qpid up to 0.20 checkAvailable denial of service
14933| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
14934| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
14935| [63747] Apache Rave up to 0.20 User Account information disclosure
14936| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
14937| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
14938| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
14939| [7687] Apache CXF up to 2.7.2 Token weak authentication
14940| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14941| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14942| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
14943| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
14944| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
14945| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
14946| [63090] Apache Tomcat up to 4.1.24 denial of service
14947| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
14948| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
14949| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
14950| [62833] Apache CXF -/2.6.0 spoofing
14951| [62832] Apache Axis2 up to 1.6.2 spoofing
14952| [62831] Apache Axis up to 1.4 Java Message Service spoofing
14953| [62830] Apache Commons-httpclient 3.0 Payments spoofing
14954| [62826] Apache Libcloud up to 0.11.0 spoofing
14955| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
14956| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
14957| [62661] Apache Axis2 unknown vulnerability
14958| [62658] Apache Axis2 unknown vulnerability
14959| [62467] Apache Qpid up to 0.17 denial of service
14960| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
14961| [6301] Apache HTTP Server mod_pagespeed cross site scripting
14962| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
14963| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
14964| [62035] Apache Struts up to 2.3.4 denial of service
14965| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
14966| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
14967| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
14968| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
14969| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
14970| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
14971| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
14972| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
14973| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
14974| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
14975| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
14976| [61229] Apache Sling up to 2.1.1 denial of service
14977| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
14978| [61094] Apache Roller up to 5.0 cross site scripting
14979| [61093] Apache Roller up to 5.0 cross site request forgery
14980| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
14981| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
14982| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
14983| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
14984| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
14985| [60708] Apache Qpid 0.12 unknown vulnerability
14986| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
14987| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
14988| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
14989| [4882] Apache Wicket up to 1.5.4 directory traversal
14990| [4881] Apache Wicket up to 1.4.19 cross site scripting
14991| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
14992| [60352] Apache Struts up to 2.2.3 memory corruption
14993| [60153] Apache Portable Runtime up to 1.4.3 denial of service
14994| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
14995| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
14996| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
14997| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
14998| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
14999| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
15000| [4571] Apache Struts up to 2.3.1.2 privilege escalation
15001| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
15002| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
15003| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
15004| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
15005| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
15006| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
15007| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
15008| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
15009| [59888] Apache Tomcat up to 6.0.6 denial of service
15010| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
15011| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
15012| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
15013| [59850] Apache Geronimo up to 2.2.1 denial of service
15014| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
15015| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
15016| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
15017| [58413] Apache Tomcat up to 6.0.10 spoofing
15018| [58381] Apache Wicket up to 1.4.17 cross site scripting
15019| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
15020| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
15021| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
15022| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
15023| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
15024| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
15025| [57568] Apache Archiva up to 1.3.4 cross site scripting
15026| [57567] Apache Archiva up to 1.3.4 cross site request forgery
15027| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
15028| [4355] Apache HTTP Server APR apr_fnmatch denial of service
15029| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
15030| [57425] Apache Struts up to 2.2.1.1 cross site scripting
15031| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
15032| [57025] Apache Tomcat up to 7.0.11 information disclosure
15033| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
15034| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
15035| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
15036| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
15037| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
15038| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
15039| [56512] Apache Continuum up to 1.4.0 cross site scripting
15040| [4285] Apache Tomcat 5.x JVM getLocale denial of service
15041| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
15042| [4283] Apache Tomcat 5.x ServletContect privilege escalation
15043| [56441] Apache Tomcat up to 7.0.6 denial of service
15044| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
15045| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
15046| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
15047| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
15048| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
15049| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
15050| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
15051| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
15052| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
15053| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
15054| [54693] Apache Traffic Server DNS Cache unknown vulnerability
15055| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
15056| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
15057| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
15058| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
15059| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
15060| [54012] Apache Tomcat up to 6.0.10 denial of service
15061| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
15062| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
15063| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
15064| [52894] Apache Tomcat up to 6.0.7 information disclosure
15065| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
15066| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
15067| [52786] Apache Open For Business Project up to 09.04 cross site scripting
15068| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
15069| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
15070| [52584] Apache CouchDB up to 0.10.1 information disclosure
15071| [51757] Apache HTTP Server 2.0.44 cross site scripting
15072| [51756] Apache HTTP Server 2.0.44 spoofing
15073| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
15074| [51690] Apache Tomcat up to 6.0 directory traversal
15075| [51689] Apache Tomcat up to 6.0 information disclosure
15076| [51688] Apache Tomcat up to 6.0 directory traversal
15077| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
15078| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
15079| [50626] Apache Solr 1.0.0 cross site scripting
15080| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
15081| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
15082| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
15083| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
15084| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
15085| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
15086| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
15087| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
15088| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
15089| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
15090| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
15091| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
15092| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
15093| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
15094| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
15095| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
15096| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
15097| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
15098| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
15099| [47214] Apachefriends xampp 1.6.8 spoofing
15100| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
15101| [47162] Apachefriends XAMPP 1.4.4 weak authentication
15102| [47065] Apache Tomcat 4.1.23 cross site scripting
15103| [46834] Apache Tomcat up to 5.5.20 cross site scripting
15104| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
15105| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
15106| [86625] Apache Struts directory traversal
15107| [44461] Apache Tomcat up to 5.5.0 information disclosure
15108| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
15109| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
15110| [43663] Apache Tomcat up to 6.0.16 directory traversal
15111| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
15112| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
15113| [43516] Apache Tomcat up to 4.1.20 directory traversal
15114| [43509] Apache Tomcat up to 6.0.13 cross site scripting
15115| [42637] Apache Tomcat up to 6.0.16 cross site scripting
15116| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
15117| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
15118| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
15119| [40924] Apache Tomcat up to 6.0.15 information disclosure
15120| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
15121| [40922] Apache Tomcat up to 6.0 information disclosure
15122| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
15123| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
15124| [40656] Apache Tomcat 5.5.20 information disclosure
15125| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
15126| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
15127| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
15128| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
15129| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
15130| [40234] Apache Tomcat up to 6.0.15 directory traversal
15131| [40221] Apache HTTP Server 2.2.6 information disclosure
15132| [40027] David Castro Apache Authcas 0.4 sql injection
15133| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
15134| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
15135| [3414] Apache Tomcat WebDAV Stored privilege escalation
15136| [39489] Apache Jakarta Slide up to 2.1 directory traversal
15137| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
15138| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
15139| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
15140| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
15141| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
15142| [38524] Apache Geronimo 2.0 unknown vulnerability
15143| [3256] Apache Tomcat up to 6.0.13 cross site scripting
15144| [38331] Apache Tomcat 4.1.24 information disclosure
15145| [38330] Apache Tomcat 4.1.24 information disclosure
15146| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
15147| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
15148| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
15149| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
15150| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
15151| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
15152| [37292] Apache Tomcat up to 5.5.1 cross site scripting
15153| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
15154| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
15155| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
15156| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
15157| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
15158| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
15159| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
15160| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
15161| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
15162| [36225] XAMPP Apache Distribution 1.6.0a sql injection
15163| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
15164| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
15165| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
15166| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
15167| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
15168| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
15169| [34252] Apache HTTP Server denial of service
15170| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
15171| [33877] Apache Opentaps 0.9.3 cross site scripting
15172| [33876] Apache Open For Business Project unknown vulnerability
15173| [33875] Apache Open For Business Project cross site scripting
15174| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
15175| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
15176|
15177| MITRE CVE - https://cve.mitre.org:
15178| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
15179| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
15180| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
15181| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
15182| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
15183| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
15184| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
15185| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
15186| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
15187| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
15188| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
15189| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
15190| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
15191| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
15192| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
15193| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
15194| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
15195| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
15196| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
15197| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
15198| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
15199| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
15200| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
15201| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
15202| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
15203| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
15204| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
15205| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
15206| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
15207| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
15208| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15209| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
15210| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
15211| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
15212| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
15213| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
15214| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
15215| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
15216| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
15217| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
15218| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
15219| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15220| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15221| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15222| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15223| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
15224| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
15225| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
15226| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
15227| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
15228| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
15229| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
15230| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
15231| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
15232| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
15233| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
15234| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
15235| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
15236| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
15237| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
15238| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
15239| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
15240| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
15241| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
15242| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15243| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
15244| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
15245| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
15246| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
15247| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
15248| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
15249| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
15250| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
15251| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
15252| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
15253| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
15254| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
15255| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
15256| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
15257| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
15258| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
15259| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
15260| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
15261| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
15262| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
15263| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
15264| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
15265| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
15266| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
15267| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
15268| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
15269| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
15270| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
15271| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
15272| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
15273| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
15274| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
15275| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
15276| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
15277| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
15278| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
15279| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
15280| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
15281| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
15282| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
15283| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
15284| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
15285| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
15286| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
15287| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
15288| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
15289| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
15290| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
15291| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
15292| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
15293| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
15294| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
15295| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
15296| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
15297| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
15298| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
15299| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
15300| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
15301| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
15302| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
15303| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
15304| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
15305| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
15306| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
15307| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
15308| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
15309| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
15310| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
15311| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
15312| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
15313| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
15314| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
15315| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
15316| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
15317| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
15318| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
15319| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
15320| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
15321| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
15322| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
15323| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
15324| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
15325| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
15326| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
15327| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
15328| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
15329| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
15330| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
15331| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
15332| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
15333| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
15334| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
15335| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
15336| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
15337| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
15338| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
15339| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
15340| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
15341| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15342| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
15343| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
15344| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
15345| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
15346| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
15347| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
15348| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
15349| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
15350| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
15351| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
15352| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
15353| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
15354| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
15355| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
15356| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
15357| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15358| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
15359| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
15360| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
15361| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
15362| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
15363| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
15364| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
15365| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
15366| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
15367| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
15368| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
15369| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
15370| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
15371| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
15372| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
15373| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
15374| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
15375| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
15376| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
15377| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
15378| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
15379| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
15380| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
15381| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
15382| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
15383| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
15384| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
15385| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
15386| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
15387| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
15388| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
15389| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
15390| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
15391| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
15392| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
15393| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
15394| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
15395| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
15396| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
15397| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
15398| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15399| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
15400| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
15401| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
15402| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
15403| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
15404| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
15405| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
15406| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
15407| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
15408| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
15409| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
15410| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
15411| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
15412| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
15413| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
15414| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
15415| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
15416| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
15417| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
15418| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
15419| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
15420| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
15421| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
15422| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
15423| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
15424| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
15425| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
15426| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
15427| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
15428| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
15429| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
15430| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
15431| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
15432| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
15433| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
15434| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
15435| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
15436| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
15437| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
15438| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
15439| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
15440| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
15441| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
15442| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
15443| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
15444| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
15445| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
15446| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
15447| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
15448| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
15449| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
15450| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
15451| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
15452| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
15453| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
15454| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
15455| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
15456| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
15457| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
15458| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
15459| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
15460| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
15461| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
15462| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
15463| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
15464| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
15465| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
15466| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
15467| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
15468| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
15469| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
15470| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
15471| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15472| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15473| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
15474| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
15475| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
15476| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
15477| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
15478| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
15479| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
15480| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
15481| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
15482| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
15483| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15484| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15485| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
15486| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
15487| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
15488| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15489| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
15490| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
15491| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
15492| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
15493| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
15494| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
15495| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
15496| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
15497| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15498| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
15499| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
15500| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
15501| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
15502| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
15503| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
15504| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
15505| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
15506| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
15507| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
15508| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
15509| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
15510| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
15511| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
15512| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
15513| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
15514| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
15515| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
15516| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
15517| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
15518| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
15519| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
15520| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
15521| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
15522| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
15523| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
15524| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
15525| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15526| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15527| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
15528| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
15529| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
15530| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15531| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
15532| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
15533| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
15534| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
15535| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
15536| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
15537| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
15538| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
15539| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
15540| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
15541| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
15542| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
15543| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
15544| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15545| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15546| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
15547| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
15548| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
15549| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
15550| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
15551| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
15552| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
15553| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15554| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
15555| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15556| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
15557| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
15558| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
15559| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15560| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
15561| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15562| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
15563| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
15564| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15565| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
15566| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
15567| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
15568| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
15569| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
15570| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
15571| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
15572| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
15573| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15574| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
15575| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
15576| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
15577| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
15578| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
15579| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
15580| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
15581| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
15582| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
15583| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
15584| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
15585| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
15586| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
15587| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
15588| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
15589| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
15590| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
15591| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
15592| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
15593| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
15594| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
15595| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15596| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15597| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
15598| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
15599| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
15600| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
15601| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
15602| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
15603| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
15604| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
15605| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
15606| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
15607| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
15608| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
15609| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
15610| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
15611| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
15612| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
15613| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
15614| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
15615| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
15616| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
15617| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
15618| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
15619| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
15620| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15621| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15622| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15623| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
15624| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
15625| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
15626| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
15627| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
15628| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
15629| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
15630| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
15631| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
15632| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
15633| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
15634| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
15635| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
15636| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
15637| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
15638| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15639| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15640| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
15641| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
15642| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
15643| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
15644| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
15645| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
15646| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
15647| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
15648| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
15649| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
15650| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
15651| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
15652| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
15653| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
15654| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
15655| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
15656| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
15657| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
15658| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
15659| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
15660| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
15661| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
15662| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
15663| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
15664| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
15665| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15666| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15667| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
15668| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
15669| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
15670| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
15671| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
15672| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
15673| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
15674| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
15675| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
15676| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
15677| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
15678| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
15679| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
15680| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
15681| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
15682| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
15683| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
15684| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
15685| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
15686| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
15687| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
15688| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
15689| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
15690| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
15691| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
15692| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
15693| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
15694| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15695| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
15696| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
15697| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
15698| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
15699| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
15700| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
15701| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
15702| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
15703| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
15704| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
15705| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
15706| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
15707| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
15708| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
15709| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
15710| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
15711| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
15712| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15713| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
15714| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
15715| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
15716| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
15717| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
15718| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
15719| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
15720| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
15721| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
15722| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
15723| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
15724| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
15725| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
15726| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
15727| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
15728| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
15729| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
15730| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
15731| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
15732| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
15733| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
15734| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
15735| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
15736| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
15737| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
15738| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
15739| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
15740| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
15741| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
15742| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
15743| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
15744| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
15745| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
15746| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
15747| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
15748| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
15749| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
15750| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
15751| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
15752| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
15753| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
15754| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
15755| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
15756| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
15757| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
15758| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
15759| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
15760| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
15761| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
15762| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
15763| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
15764| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
15765| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
15766| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
15767| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
15768| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
15769| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
15770| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
15771| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
15772| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
15773| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
15774| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
15775| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
15776| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
15777| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
15778| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
15779| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
15780| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
15781| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
15782| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
15783| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
15784| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
15785| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
15786| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
15787|
15788| SecurityFocus - https://www.securityfocus.com/bid/:
15789| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
15790| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
15791| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
15792| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
15793| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
15794| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
15795| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
15796| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
15797| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
15798| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
15799| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
15800| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
15801| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
15802| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
15803| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
15804| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
15805| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
15806| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
15807| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
15808| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
15809| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
15810| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
15811| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
15812| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
15813| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
15814| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
15815| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
15816| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
15817| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
15818| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
15819| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
15820| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
15821| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
15822| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
15823| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
15824| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
15825| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
15826| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
15827| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
15828| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
15829| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
15830| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
15831| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
15832| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
15833| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
15834| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
15835| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
15836| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
15837| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
15838| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
15839| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
15840| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
15841| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
15842| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
15843| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
15844| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
15845| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
15846| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
15847| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
15848| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
15849| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
15850| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
15851| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
15852| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
15853| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
15854| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
15855| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
15856| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
15857| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
15858| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
15859| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
15860| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
15861| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
15862| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
15863| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
15864| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
15865| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
15866| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
15867| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
15868| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
15869| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
15870| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
15871| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
15872| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
15873| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
15874| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
15875| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
15876| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
15877| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
15878| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
15879| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
15880| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
15881| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
15882| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
15883| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
15884| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
15885| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
15886| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
15887| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
15888| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
15889| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
15890| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
15891| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
15892| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
15893| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
15894| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
15895| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
15896| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
15897| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
15898| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
15899| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
15900| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
15901| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
15902| [100447] Apache2Triad Multiple Security Vulnerabilities
15903| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
15904| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
15905| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
15906| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
15907| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
15908| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
15909| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
15910| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
15911| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
15912| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
15913| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
15914| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
15915| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
15916| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
15917| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
15918| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
15919| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
15920| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
15921| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
15922| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
15923| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
15924| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
15925| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
15926| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
15927| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
15928| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
15929| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
15930| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
15931| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
15932| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
15933| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
15934| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
15935| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
15936| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
15937| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
15938| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
15939| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
15940| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
15941| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
15942| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
15943| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
15944| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
15945| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
15946| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
15947| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
15948| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
15949| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
15950| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
15951| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
15952| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
15953| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
15954| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
15955| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
15956| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
15957| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
15958| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
15959| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
15960| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
15961| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
15962| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
15963| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
15964| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
15965| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
15966| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
15967| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
15968| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
15969| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
15970| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
15971| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
15972| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
15973| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
15974| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
15975| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
15976| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
15977| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
15978| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
15979| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
15980| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
15981| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
15982| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
15983| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
15984| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
15985| [95675] Apache Struts Remote Code Execution Vulnerability
15986| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
15987| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
15988| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
15989| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
15990| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
15991| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
15992| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
15993| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
15994| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
15995| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
15996| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
15997| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
15998| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
15999| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
16000| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
16001| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
16002| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
16003| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
16004| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
16005| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
16006| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
16007| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
16008| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
16009| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
16010| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
16011| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
16012| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
16013| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
16014| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
16015| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
16016| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
16017| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
16018| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
16019| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
16020| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
16021| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
16022| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
16023| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
16024| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
16025| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
16026| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
16027| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
16028| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
16029| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
16030| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
16031| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
16032| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
16033| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
16034| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
16035| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
16036| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
16037| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
16038| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
16039| [91736] Apache XML-RPC Multiple Security Vulnerabilities
16040| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
16041| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
16042| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
16043| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
16044| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
16045| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
16046| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
16047| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
16048| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
16049| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
16050| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
16051| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
16052| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
16053| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
16054| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
16055| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
16056| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
16057| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
16058| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
16059| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
16060| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
16061| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
16062| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
16063| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
16064| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
16065| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
16066| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
16067| [90482] Apache CVE-2004-1387 Local Security Vulnerability
16068| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
16069| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
16070| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
16071| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
16072| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
16073| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
16074| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
16075| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
16076| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
16077| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
16078| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
16079| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
16080| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
16081| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
16082| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
16083| [86399] Apache CVE-2007-1743 Local Security Vulnerability
16084| [86397] Apache CVE-2007-1742 Local Security Vulnerability
16085| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
16086| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
16087| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
16088| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
16089| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
16090| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
16091| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
16092| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
16093| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
16094| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
16095| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
16096| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
16097| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
16098| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
16099| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
16100| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
16101| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
16102| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
16103| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
16104| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
16105| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
16106| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
16107| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
16108| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
16109| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
16110| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
16111| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
16112| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
16113| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
16114| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
16115| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
16116| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
16117| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
16118| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
16119| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
16120| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
16121| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
16122| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
16123| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
16124| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
16125| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
16126| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
16127| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
16128| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
16129| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
16130| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
16131| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
16132| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
16133| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
16134| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
16135| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
16136| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
16137| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
16138| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
16139| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
16140| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
16141| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
16142| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
16143| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
16144| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
16145| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
16146| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
16147| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
16148| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
16149| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
16150| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
16151| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
16152| [76933] Apache James Server Unspecified Command Execution Vulnerability
16153| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
16154| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
16155| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
16156| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
16157| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
16158| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
16159| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
16160| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
16161| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
16162| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
16163| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
16164| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
16165| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
16166| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
16167| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
16168| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
16169| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
16170| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
16171| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
16172| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
16173| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
16174| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
16175| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
16176| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
16177| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
16178| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
16179| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
16180| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
16181| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
16182| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
16183| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
16184| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
16185| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
16186| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
16187| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
16188| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
16189| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
16190| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
16191| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
16192| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
16193| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
16194| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
16195| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
16196| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
16197| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
16198| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
16199| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
16200| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
16201| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
16202| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
16203| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
16204| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
16205| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
16206| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
16207| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
16208| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
16209| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
16210| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
16211| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
16212| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
16213| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
16214| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
16215| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
16216| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
16217| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
16218| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
16219| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
16220| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
16221| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
16222| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
16223| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
16224| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
16225| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
16226| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
16227| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
16228| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
16229| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
16230| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
16231| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
16232| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
16233| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
16234| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
16235| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
16236| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
16237| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
16238| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
16239| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
16240| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
16241| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
16242| [68229] Apache Harmony PRNG Entropy Weakness
16243| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
16244| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
16245| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
16246| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
16247| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
16248| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
16249| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
16250| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
16251| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
16252| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
16253| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
16254| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
16255| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
16256| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
16257| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
16258| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
16259| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
16260| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
16261| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
16262| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
16263| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
16264| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
16265| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
16266| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
16267| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
16268| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
16269| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
16270| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
16271| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
16272| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
16273| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
16274| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
16275| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
16276| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
16277| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
16278| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
16279| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
16280| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
16281| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
16282| [64780] Apache CloudStack Unauthorized Access Vulnerability
16283| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
16284| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
16285| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
16286| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
16287| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
16288| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
16289| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
16290| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
16291| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
16292| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
16293| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
16294| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16295| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
16296| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
16297| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
16298| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
16299| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
16300| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
16301| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
16302| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
16303| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
16304| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
16305| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
16306| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
16307| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
16308| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
16309| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
16310| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
16311| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
16312| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
16313| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
16314| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
16315| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
16316| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
16317| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
16318| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
16319| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
16320| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
16321| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
16322| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
16323| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
16324| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
16325| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
16326| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
16327| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
16328| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
16329| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
16330| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
16331| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
16332| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
16333| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
16334| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
16335| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
16336| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
16337| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
16338| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
16339| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
16340| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
16341| [59670] Apache VCL Multiple Input Validation Vulnerabilities
16342| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
16343| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
16344| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
16345| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
16346| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
16347| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
16348| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
16349| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
16350| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
16351| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
16352| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
16353| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
16354| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
16355| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
16356| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
16357| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
16358| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
16359| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
16360| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
16361| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
16362| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
16363| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
16364| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
16365| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
16366| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
16367| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
16368| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
16369| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
16370| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
16371| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
16372| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
16373| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
16374| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
16375| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
16376| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
16377| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
16378| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
16379| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
16380| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
16381| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
16382| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
16383| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
16384| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
16385| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
16386| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
16387| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
16388| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
16389| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
16390| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
16391| [54798] Apache Libcloud Man In The Middle Vulnerability
16392| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
16393| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
16394| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
16395| [54189] Apache Roller Cross Site Request Forgery Vulnerability
16396| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
16397| [53880] Apache CXF Child Policies Security Bypass Vulnerability
16398| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
16399| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
16400| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
16401| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
16402| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
16403| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
16404| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
16405| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16406| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
16407| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
16408| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
16409| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
16410| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
16411| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
16412| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
16413| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
16414| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
16415| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
16416| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
16417| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
16418| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16419| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16420| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
16421| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
16422| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
16423| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
16424| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
16425| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
16426| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
16427| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16428| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
16429| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
16430| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
16431| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
16432| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16433| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16434| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
16435| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
16436| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16437| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
16438| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
16439| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
16440| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
16441| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
16442| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
16443| [49290] Apache Wicket Cross Site Scripting Vulnerability
16444| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
16445| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
16446| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
16447| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
16448| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
16449| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
16450| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
16451| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16452| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
16453| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
16454| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
16455| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
16456| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
16457| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
16458| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
16459| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
16460| [46953] Apache MPM-ITK Module Security Weakness
16461| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
16462| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
16463| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
16464| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
16465| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
16466| [46166] Apache Tomcat JVM Denial of Service Vulnerability
16467| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
16468| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16469| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
16470| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
16471| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
16472| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
16473| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
16474| [44616] Apache Shiro Directory Traversal Vulnerability
16475| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
16476| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
16477| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
16478| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
16479| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
16480| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16481| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
16482| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
16483| [42492] Apache CXF XML DTD Processing Security Vulnerability
16484| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
16485| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16486| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16487| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
16488| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
16489| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16490| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
16491| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
16492| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
16493| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16494| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16495| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
16496| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
16497| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16498| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
16499| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
16500| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
16501| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
16502| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
16503| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
16504| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
16505| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
16506| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
16507| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
16508| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
16509| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
16510| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
16511| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
16512| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
16513| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
16514| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16515| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
16516| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
16517| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
16518| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
16519| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16520| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
16521| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
16522| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
16523| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
16524| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
16525| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16526| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16527| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
16528| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
16529| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
16530| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
16531| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
16532| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
16533| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16534| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
16535| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
16536| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16537| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
16538| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
16539| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
16540| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
16541| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
16542| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
16543| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
16544| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16545| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
16546| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
16547| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
16548| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
16549| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
16550| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
16551| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
16552| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
16553| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
16554| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16555| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
16556| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16557| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
16558| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
16559| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
16560| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
16561| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
16562| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16563| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
16564| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
16565| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
16566| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
16567| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
16568| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
16569| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
16570| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
16571| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
16572| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
16573| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
16574| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
16575| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
16576| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
16577| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
16578| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
16579| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
16580| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
16581| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
16582| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
16583| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
16584| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
16585| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
16586| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16587| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
16588| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
16589| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
16590| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
16591| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
16592| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
16593| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
16594| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
16595| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
16596| [20527] Apache Mod_TCL Remote Format String Vulnerability
16597| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
16598| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
16599| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
16600| [19106] Apache Tomcat Information Disclosure Vulnerability
16601| [18138] Apache James SMTP Denial Of Service Vulnerability
16602| [17342] Apache Struts Multiple Remote Vulnerabilities
16603| [17095] Apache Log4Net Denial Of Service Vulnerability
16604| [16916] Apache mod_python FileSession Code Execution Vulnerability
16605| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
16606| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
16607| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
16608| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
16609| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
16610| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
16611| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
16612| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
16613| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
16614| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
16615| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
16616| [15177] PHP Apache 2 Local Denial of Service Vulnerability
16617| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
16618| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
16619| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
16620| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
16621| [14106] Apache HTTP Request Smuggling Vulnerability
16622| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
16623| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
16624| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
16625| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
16626| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
16627| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
16628| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
16629| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
16630| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
16631| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
16632| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
16633| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
16634| [11471] Apache mod_include Local Buffer Overflow Vulnerability
16635| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
16636| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
16637| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
16638| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
16639| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16640| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
16641| [11094] Apache mod_ssl Denial Of Service Vulnerability
16642| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
16643| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
16644| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
16645| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
16646| [10478] ClueCentral Apache Suexec Patch Security Weakness
16647| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
16648| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
16649| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
16650| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
16651| [9921] Apache Connection Blocking Denial Of Service Vulnerability
16652| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
16653| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
16654| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
16655| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
16656| [9733] Apache Cygwin Directory Traversal Vulnerability
16657| [9599] Apache mod_php Global Variables Information Disclosure Weakness
16658| [9590] Apache-SSL Client Certificate Forging Vulnerability
16659| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
16660| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
16661| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
16662| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
16663| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
16664| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
16665| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
16666| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
16667| [8898] Red Hat Apache Directory Index Default Configuration Error
16668| [8883] Apache Cocoon Directory Traversal Vulnerability
16669| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
16670| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
16671| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
16672| [8707] Apache htpasswd Password Entropy Weakness
16673| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
16674| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
16675| [8226] Apache HTTP Server Multiple Vulnerabilities
16676| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
16677| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
16678| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
16679| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
16680| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
16681| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
16682| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
16683| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
16684| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
16685| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
16686| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
16687| [7255] Apache Web Server File Descriptor Leakage Vulnerability
16688| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16689| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
16690| [6939] Apache Web Server ETag Header Information Disclosure Weakness
16691| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
16692| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
16693| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
16694| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
16695| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
16696| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
16697| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
16698| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
16699| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
16700| [6117] Apache mod_php File Descriptor Leakage Vulnerability
16701| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
16702| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
16703| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
16704| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
16705| [5992] Apache HTDigest Insecure Temporary File Vulnerability
16706| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
16707| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
16708| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
16709| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
16710| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
16711| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16712| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
16713| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
16714| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
16715| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
16716| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16717| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
16718| [5485] Apache 2.0 Path Disclosure Vulnerability
16719| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16720| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
16721| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
16722| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
16723| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
16724| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
16725| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
16726| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
16727| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
16728| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
16729| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
16730| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
16731| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
16732| [4437] Apache Error Message Cross-Site Scripting Vulnerability
16733| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
16734| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
16735| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
16736| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
16737| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
16738| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
16739| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
16740| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
16741| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
16742| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
16743| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
16744| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
16745| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
16746| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
16747| [3596] Apache Split-Logfile File Append Vulnerability
16748| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
16749| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
16750| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
16751| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
16752| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
16753| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
16754| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
16755| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
16756| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
16757| [3169] Apache Server Address Disclosure Vulnerability
16758| [3009] Apache Possible Directory Index Disclosure Vulnerability
16759| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
16760| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
16761| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
16762| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
16763| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
16764| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
16765| [2216] Apache Web Server DoS Vulnerability
16766| [2182] Apache /tmp File Race Vulnerability
16767| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
16768| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
16769| [1821] Apache mod_cookies Buffer Overflow Vulnerability
16770| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
16771| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
16772| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
16773| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
16774| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
16775| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
16776| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
16777| [1457] Apache::ASP source.asp Example Script Vulnerability
16778| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
16779| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
16780|
16781| IBM X-Force - https://exchange.xforce.ibmcloud.com:
16782| [86258] Apache CloudStack text fields cross-site scripting
16783| [85983] Apache Subversion mod_dav_svn module denial of service
16784| [85875] Apache OFBiz UEL code execution
16785| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
16786| [85871] Apache HTTP Server mod_session_dbd unspecified
16787| [85756] Apache Struts OGNL expression command execution
16788| [85755] Apache Struts DefaultActionMapper class open redirect
16789| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
16790| [85574] Apache HTTP Server mod_dav denial of service
16791| [85573] Apache Struts Showcase App OGNL code execution
16792| [85496] Apache CXF denial of service
16793| [85423] Apache Geronimo RMI classloader code execution
16794| [85326] Apache Santuario XML Security for C++ buffer overflow
16795| [85323] Apache Santuario XML Security for Java spoofing
16796| [85319] Apache Qpid Python client SSL spoofing
16797| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
16798| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
16799| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
16800| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
16801| [84952] Apache Tomcat CVE-2012-3544 denial of service
16802| [84763] Apache Struts CVE-2013-2135 security bypass
16803| [84762] Apache Struts CVE-2013-2134 security bypass
16804| [84719] Apache Subversion CVE-2013-2088 command execution
16805| [84718] Apache Subversion CVE-2013-2112 denial of service
16806| [84717] Apache Subversion CVE-2013-1968 denial of service
16807| [84577] Apache Tomcat security bypass
16808| [84576] Apache Tomcat symlink
16809| [84543] Apache Struts CVE-2013-2115 security bypass
16810| [84542] Apache Struts CVE-2013-1966 security bypass
16811| [84154] Apache Tomcat session hijacking
16812| [84144] Apache Tomcat denial of service
16813| [84143] Apache Tomcat information disclosure
16814| [84111] Apache HTTP Server command execution
16815| [84043] Apache Virtual Computing Lab cross-site scripting
16816| [84042] Apache Virtual Computing Lab cross-site scripting
16817| [83782] Apache CloudStack information disclosure
16818| [83781] Apache CloudStack security bypass
16819| [83720] Apache ActiveMQ cross-site scripting
16820| [83719] Apache ActiveMQ denial of service
16821| [83718] Apache ActiveMQ denial of service
16822| [83263] Apache Subversion denial of service
16823| [83262] Apache Subversion denial of service
16824| [83261] Apache Subversion denial of service
16825| [83259] Apache Subversion denial of service
16826| [83035] Apache mod_ruid2 security bypass
16827| [82852] Apache Qpid federation_tag security bypass
16828| [82851] Apache Qpid qpid::framing::Buffer denial of service
16829| [82758] Apache Rave User RPC API information disclosure
16830| [82663] Apache Subversion svn_fs_file_length() denial of service
16831| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
16832| [82641] Apache Qpid AMQP denial of service
16833| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
16834| [82618] Apache Commons FileUpload symlink
16835| [82360] Apache HTTP Server manager interface cross-site scripting
16836| [82359] Apache HTTP Server hostnames cross-site scripting
16837| [82338] Apache Tomcat log/logdir information disclosure
16838| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
16839| [82268] Apache OpenJPA deserialization command execution
16840| [81981] Apache CXF UsernameTokens security bypass
16841| [81980] Apache CXF WS-Security security bypass
16842| [81398] Apache OFBiz cross-site scripting
16843| [81240] Apache CouchDB directory traversal
16844| [81226] Apache CouchDB JSONP code execution
16845| [81225] Apache CouchDB Futon user interface cross-site scripting
16846| [81211] Apache Axis2/C SSL spoofing
16847| [81167] Apache CloudStack DeployVM information disclosure
16848| [81166] Apache CloudStack AddHost API information disclosure
16849| [81165] Apache CloudStack createSSHKeyPair API information disclosure
16850| [80518] Apache Tomcat cross-site request forgery security bypass
16851| [80517] Apache Tomcat FormAuthenticator security bypass
16852| [80516] Apache Tomcat NIO denial of service
16853| [80408] Apache Tomcat replay-countermeasure security bypass
16854| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
16855| [80317] Apache Tomcat slowloris denial of service
16856| [79984] Apache Commons HttpClient SSL spoofing
16857| [79983] Apache CXF SSL spoofing
16858| [79830] Apache Axis2/Java SSL spoofing
16859| [79829] Apache Axis SSL spoofing
16860| [79809] Apache Tomcat DIGEST security bypass
16861| [79806] Apache Tomcat parseHeaders() denial of service
16862| [79540] Apache OFBiz unspecified
16863| [79487] Apache Axis2 SAML security bypass
16864| [79212] Apache Cloudstack code execution
16865| [78734] Apache CXF SOAP Action security bypass
16866| [78730] Apache Qpid broker denial of service
16867| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
16868| [78563] Apache mod_pagespeed module unspecified cross-site scripting
16869| [78562] Apache mod_pagespeed module security bypass
16870| [78454] Apache Axis2 security bypass
16871| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
16872| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
16873| [78321] Apache Wicket unspecified cross-site scripting
16874| [78183] Apache Struts parameters denial of service
16875| [78182] Apache Struts cross-site request forgery
16876| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
16877| [77987] mod_rpaf module for Apache denial of service
16878| [77958] Apache Struts skill name code execution
16879| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
16880| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
16881| [77568] Apache Qpid broker security bypass
16882| [77421] Apache Libcloud spoofing
16883| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
16884| [77046] Oracle Solaris Apache HTTP Server information disclosure
16885| [76837] Apache Hadoop information disclosure
16886| [76802] Apache Sling CopyFrom denial of service
16887| [76692] Apache Hadoop symlink
16888| [76535] Apache Roller console cross-site request forgery
16889| [76534] Apache Roller weblog cross-site scripting
16890| [76152] Apache CXF elements security bypass
16891| [76151] Apache CXF child policies security bypass
16892| [75983] MapServer for Windows Apache file include
16893| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
16894| [75558] Apache POI denial of service
16895| [75545] PHP apache_request_headers() buffer overflow
16896| [75302] Apache Qpid SASL security bypass
16897| [75211] Debian GNU/Linux apache 2 cross-site scripting
16898| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
16899| [74871] Apache OFBiz FlexibleStringExpander code execution
16900| [74870] Apache OFBiz multiple cross-site scripting
16901| [74750] Apache Hadoop unspecified spoofing
16902| [74319] Apache Struts XSLTResult.java file upload
16903| [74313] Apache Traffic Server header buffer overflow
16904| [74276] Apache Wicket directory traversal
16905| [74273] Apache Wicket unspecified cross-site scripting
16906| [74181] Apache HTTP Server mod_fcgid module denial of service
16907| [73690] Apache Struts OGNL code execution
16908| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
16909| [73100] Apache MyFaces in directory traversal
16910| [73096] Apache APR hash denial of service
16911| [73052] Apache Struts name cross-site scripting
16912| [73030] Apache CXF UsernameToken security bypass
16913| [72888] Apache Struts lastName cross-site scripting
16914| [72758] Apache HTTP Server httpOnly information disclosure
16915| [72757] Apache HTTP Server MPM denial of service
16916| [72585] Apache Struts ParameterInterceptor security bypass
16917| [72438] Apache Tomcat Digest security bypass
16918| [72437] Apache Tomcat Digest security bypass
16919| [72436] Apache Tomcat DIGEST security bypass
16920| [72425] Apache Tomcat parameter denial of service
16921| [72422] Apache Tomcat request object information disclosure
16922| [72377] Apache HTTP Server scoreboard security bypass
16923| [72345] Apache HTTP Server HTTP request denial of service
16924| [72229] Apache Struts ExceptionDelegator command execution
16925| [72089] Apache Struts ParameterInterceptor directory traversal
16926| [72088] Apache Struts CookieInterceptor command execution
16927| [72047] Apache Geronimo hash denial of service
16928| [72016] Apache Tomcat hash denial of service
16929| [71711] Apache Struts OGNL expression code execution
16930| [71654] Apache Struts interfaces security bypass
16931| [71620] Apache ActiveMQ failover denial of service
16932| [71617] Apache HTTP Server mod_proxy module information disclosure
16933| [71508] Apache MyFaces EL security bypass
16934| [71445] Apache HTTP Server mod_proxy security bypass
16935| [71203] Apache Tomcat servlets privilege escalation
16936| [71181] Apache HTTP Server ap_pregsub() denial of service
16937| [71093] Apache HTTP Server ap_pregsub() buffer overflow
16938| [70336] Apache HTTP Server mod_proxy information disclosure
16939| [69804] Apache HTTP Server mod_proxy_ajp denial of service
16940| [69472] Apache Tomcat AJP security bypass
16941| [69396] Apache HTTP Server ByteRange filter denial of service
16942| [69394] Apache Wicket multi window support cross-site scripting
16943| [69176] Apache Tomcat XML information disclosure
16944| [69161] Apache Tomcat jsvc information disclosure
16945| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
16946| [68541] Apache Tomcat sendfile information disclosure
16947| [68420] Apache XML Security denial of service
16948| [68238] Apache Tomcat JMX information disclosure
16949| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
16950| [67804] Apache Subversion control rules information disclosure
16951| [67803] Apache Subversion control rules denial of service
16952| [67802] Apache Subversion baselined denial of service
16953| [67672] Apache Archiva multiple cross-site scripting
16954| [67671] Apache Archiva multiple cross-site request forgery
16955| [67564] Apache APR apr_fnmatch() denial of service
16956| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
16957| [67515] Apache Tomcat annotations security bypass
16958| [67480] Apache Struts s:submit information disclosure
16959| [67414] Apache APR apr_fnmatch() denial of service
16960| [67356] Apache Struts javatemplates cross-site scripting
16961| [67354] Apache Struts Xwork cross-site scripting
16962| [66676] Apache Tomcat HTTP BIO information disclosure
16963| [66675] Apache Tomcat web.xml security bypass
16964| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
16965| [66241] Apache HttpComponents information disclosure
16966| [66154] Apache Tomcat ServletSecurity security bypass
16967| [65971] Apache Tomcat ServletSecurity security bypass
16968| [65876] Apache Subversion mod_dav_svn denial of service
16969| [65343] Apache Continuum unspecified cross-site scripting
16970| [65162] Apache Tomcat NIO connector denial of service
16971| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
16972| [65160] Apache Tomcat HTML Manager interface cross-site scripting
16973| [65159] Apache Tomcat ServletContect security bypass
16974| [65050] Apache CouchDB web-based administration UI cross-site scripting
16975| [64773] Oracle HTTP Server Apache Plugin unauthorized access
16976| [64473] Apache Subversion blame -g denial of service
16977| [64472] Apache Subversion walk() denial of service
16978| [64407] Apache Axis2 CVE-2010-0219 code execution
16979| [63926] Apache Archiva password privilege escalation
16980| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
16981| [63493] Apache Archiva credentials cross-site request forgery
16982| [63477] Apache Tomcat HttpOnly session hijacking
16983| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
16984| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
16985| [62959] Apache Shiro filters security bypass
16986| [62790] Apache Perl cgi module denial of service
16987| [62576] Apache Qpid exchange denial of service
16988| [62575] Apache Qpid AMQP denial of service
16989| [62354] Apache Qpid SSL denial of service
16990| [62235] Apache APR-util apr_brigade_split_line() denial of service
16991| [62181] Apache XML-RPC SAX Parser information disclosure
16992| [61721] Apache Traffic Server cache poisoning
16993| [61202] Apache Derby BUILTIN authentication functionality information disclosure
16994| [61186] Apache CouchDB Futon cross-site request forgery
16995| [61169] Apache CXF DTD denial of service
16996| [61070] Apache Jackrabbit search.jsp SQL injection
16997| [61006] Apache SLMS Quoting cross-site request forgery
16998| [60962] Apache Tomcat time cross-site scripting
16999| [60883] Apache mod_proxy_http information disclosure
17000| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
17001| [60264] Apache Tomcat Transfer-Encoding denial of service
17002| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
17003| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
17004| [59413] Apache mod_proxy_http timeout information disclosure
17005| [59058] Apache MyFaces unencrypted view state cross-site scripting
17006| [58827] Apache Axis2 xsd file include
17007| [58790] Apache Axis2 modules cross-site scripting
17008| [58299] Apache ActiveMQ queueBrowse cross-site scripting
17009| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
17010| [58056] Apache ActiveMQ .jsp source code disclosure
17011| [58055] Apache Tomcat realm name information disclosure
17012| [58046] Apache HTTP Server mod_auth_shadow security bypass
17013| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
17014| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
17015| [57429] Apache CouchDB algorithms information disclosure
17016| [57398] Apache ActiveMQ Web console cross-site request forgery
17017| [57397] Apache ActiveMQ createDestination.action cross-site scripting
17018| [56653] Apache HTTP Server DNS spoofing
17019| [56652] Apache HTTP Server DNS cross-site scripting
17020| [56625] Apache HTTP Server request header information disclosure
17021| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
17022| [56623] Apache HTTP Server mod_proxy_ajp denial of service
17023| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
17024| [55857] Apache Tomcat WAR files directory traversal
17025| [55856] Apache Tomcat autoDeploy attribute security bypass
17026| [55855] Apache Tomcat WAR directory traversal
17027| [55210] Intuit component for Joomla! Apache information disclosure
17028| [54533] Apache Tomcat 404 error page cross-site scripting
17029| [54182] Apache Tomcat admin default password
17030| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
17031| [53666] Apache HTTP Server Solaris pollset support denial of service
17032| [53650] Apache HTTP Server HTTP basic-auth module security bypass
17033| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
17034| [53041] mod_proxy_ftp module for Apache denial of service
17035| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
17036| [51953] Apache Tomcat Path Disclosure
17037| [51952] Apache Tomcat Path Traversal
17038| [51951] Apache stronghold-status Information Disclosure
17039| [51950] Apache stronghold-info Information Disclosure
17040| [51949] Apache PHP Source Code Disclosure
17041| [51948] Apache Multiviews Attack
17042| [51946] Apache JServ Environment Status Information Disclosure
17043| [51945] Apache error_log Information Disclosure
17044| [51944] Apache Default Installation Page Pattern Found
17045| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
17046| [51942] Apache AXIS XML External Entity File Retrieval
17047| [51941] Apache AXIS Sample Servlet Information Leak
17048| [51940] Apache access_log Information Disclosure
17049| [51626] Apache mod_deflate denial of service
17050| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
17051| [51365] Apache Tomcat RequestDispatcher security bypass
17052| [51273] Apache HTTP Server Incomplete Request denial of service
17053| [51195] Apache Tomcat XML information disclosure
17054| [50994] Apache APR-util xml/apr_xml.c denial of service
17055| [50993] Apache APR-util apr_brigade_vprintf denial of service
17056| [50964] Apache APR-util apr_strmatch_precompile() denial of service
17057| [50930] Apache Tomcat j_security_check information disclosure
17058| [50928] Apache Tomcat AJP denial of service
17059| [50884] Apache HTTP Server XML ENTITY denial of service
17060| [50808] Apache HTTP Server AllowOverride privilege escalation
17061| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
17062| [50059] Apache mod_proxy_ajp information disclosure
17063| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
17064| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
17065| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
17066| [49921] Apache ActiveMQ Web interface cross-site scripting
17067| [49898] Apache Geronimo Services/Repository directory traversal
17068| [49725] Apache Tomcat mod_jk module information disclosure
17069| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
17070| [49712] Apache Struts unspecified cross-site scripting
17071| [49213] Apache Tomcat cal2.jsp cross-site scripting
17072| [48934] Apache Tomcat POST doRead method information disclosure
17073| [48211] Apache Tomcat header HTTP request smuggling
17074| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
17075| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
17076| [47709] Apache Roller "
17077| [47104] Novell Netware ApacheAdmin console security bypass
17078| [47086] Apache HTTP Server OS fingerprinting unspecified
17079| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
17080| [45791] Apache Tomcat RemoteFilterValve security bypass
17081| [44435] Oracle WebLogic Apache Connector buffer overflow
17082| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
17083| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
17084| [44156] Apache Tomcat RequestDispatcher directory traversal
17085| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
17086| [43885] Oracle WebLogic Server Apache Connector buffer overflow
17087| [42987] Apache HTTP Server mod_proxy module denial of service
17088| [42915] Apache Tomcat JSP files path disclosure
17089| [42914] Apache Tomcat MS-DOS path disclosure
17090| [42892] Apache Tomcat unspecified unauthorized access
17091| [42816] Apache Tomcat Host Manager cross-site scripting
17092| [42303] Apache 403 error cross-site scripting
17093| [41618] Apache-SSL ExpandCert() authentication bypass
17094| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
17095| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
17096| [40614] Apache mod_jk2 HTTP Host header buffer overflow
17097| [40562] Apache Geronimo init information disclosure
17098| [40478] Novell Web Manager webadmin-apache.conf security bypass
17099| [40411] Apache Tomcat exception handling information disclosure
17100| [40409] Apache Tomcat native (APR based) connector weak security
17101| [40403] Apache Tomcat quotes and %5C cookie information disclosure
17102| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
17103| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
17104| [39867] Apache HTTP Server mod_negotiation cross-site scripting
17105| [39804] Apache Tomcat SingleSignOn information disclosure
17106| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
17107| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
17108| [39608] Apache HTTP Server balancer manager cross-site request forgery
17109| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
17110| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
17111| [39472] Apache HTTP Server mod_status cross-site scripting
17112| [39201] Apache Tomcat JULI logging weak security
17113| [39158] Apache HTTP Server Windows SMB shares information disclosure
17114| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
17115| [38951] Apache::AuthCAS Perl module cookie SQL injection
17116| [38800] Apache HTTP Server 413 error page cross-site scripting
17117| [38211] Apache Geronimo SQLLoginModule authentication bypass
17118| [37243] Apache Tomcat WebDAV directory traversal
17119| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
17120| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
17121| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
17122| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
17123| [36782] Apache Geronimo MEJB unauthorized access
17124| [36586] Apache HTTP Server UTF-7 cross-site scripting
17125| [36468] Apache Geronimo LoginModule security bypass
17126| [36467] Apache Tomcat functions.jsp cross-site scripting
17127| [36402] Apache Tomcat calendar cross-site request forgery
17128| [36354] Apache HTTP Server mod_proxy module denial of service
17129| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
17130| [36336] Apache Derby lock table privilege escalation
17131| [36335] Apache Derby schema privilege escalation
17132| [36006] Apache Tomcat "
17133| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
17134| [35999] Apache Tomcat \"
17135| [35795] Apache Tomcat CookieExample cross-site scripting
17136| [35536] Apache Tomcat SendMailServlet example cross-site scripting
17137| [35384] Apache HTTP Server mod_cache module denial of service
17138| [35097] Apache HTTP Server mod_status module cross-site scripting
17139| [35095] Apache HTTP Server Prefork MPM module denial of service
17140| [34984] Apache HTTP Server recall_headers information disclosure
17141| [34966] Apache HTTP Server MPM content spoofing
17142| [34965] Apache HTTP Server MPM information disclosure
17143| [34963] Apache HTTP Server MPM multiple denial of service
17144| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
17145| [34869] Apache Tomcat JSP example Web application cross-site scripting
17146| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
17147| [34496] Apache Tomcat JK Connector security bypass
17148| [34377] Apache Tomcat hello.jsp cross-site scripting
17149| [34212] Apache Tomcat SSL configuration security bypass
17150| [34210] Apache Tomcat Accept-Language cross-site scripting
17151| [34209] Apache Tomcat calendar application cross-site scripting
17152| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
17153| [34167] Apache Axis WSDL file path disclosure
17154| [34068] Apache Tomcat AJP connector information disclosure
17155| [33584] Apache HTTP Server suEXEC privilege escalation
17156| [32988] Apache Tomcat proxy module directory traversal
17157| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
17158| [32708] Debian Apache tty privilege escalation
17159| [32441] ApacheStats extract() PHP call unspecified
17160| [32128] Apache Tomcat default account
17161| [31680] Apache Tomcat RequestParamExample cross-site scripting
17162| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
17163| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
17164| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
17165| [30456] Apache mod_auth_kerb off-by-one buffer overflow
17166| [29550] Apache mod_tcl set_var() format string
17167| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
17168| [28357] Apache HTTP Server mod_alias script source information disclosure
17169| [28063] Apache mod_rewrite off-by-one buffer overflow
17170| [27902] Apache Tomcat URL information disclosure
17171| [26786] Apache James SMTP server denial of service
17172| [25680] libapache2 /tmp/svn file upload
17173| [25614] Apache Struts lookupMap cross-site scripting
17174| [25613] Apache Struts ActionForm denial of service
17175| [25612] Apache Struts isCancelled() security bypass
17176| [24965] Apache mod_python FileSession command execution
17177| [24716] Apache James spooler memory leak denial of service
17178| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
17179| [24158] Apache Geronimo jsp-examples cross-site scripting
17180| [24030] Apache auth_ldap module multiple format strings
17181| [24008] Apache mod_ssl custom error message denial of service
17182| [24003] Apache mod_auth_pgsql module multiple syslog format strings
17183| [23612] Apache mod_imap referer field cross-site scripting
17184| [23173] Apache Struts error message cross-site scripting
17185| [22942] Apache Tomcat directory listing denial of service
17186| [22858] Apache Multi-Processing Module code allows denial of service
17187| [22602] RHSA-2005:582 updates for Apache httpd not installed
17188| [22520] Apache mod-auth-shadow "
17189| [22466] ApacheTop symlink
17190| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
17191| [22006] Apache HTTP Server byte-range filter denial of service
17192| [21567] Apache mod_ssl off-by-one buffer overflow
17193| [21195] Apache HTTP Server header HTTP request smuggling
17194| [20383] Apache HTTP Server htdigest buffer overflow
17195| [19681] Apache Tomcat AJP12 request denial of service
17196| [18993] Apache HTTP server check_forensic symlink attack
17197| [18790] Apache Tomcat Manager cross-site scripting
17198| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
17199| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
17200| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
17201| [17961] Apache Web server ServerTokens has not been set
17202| [17930] Apache HTTP Server HTTP GET request denial of service
17203| [17785] Apache mod_include module buffer overflow
17204| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
17205| [17473] Apache HTTP Server Satisfy directive allows access to resources
17206| [17413] Apache htpasswd buffer overflow
17207| [17384] Apache HTTP Server environment variable configuration file buffer overflow
17208| [17382] Apache HTTP Server IPv6 apr_util denial of service
17209| [17366] Apache HTTP Server mod_dav module LOCK denial of service
17210| [17273] Apache HTTP Server speculative mode denial of service
17211| [17200] Apache HTTP Server mod_ssl denial of service
17212| [16890] Apache HTTP Server server-info request has been detected
17213| [16889] Apache HTTP Server server-status request has been detected
17214| [16705] Apache mod_ssl format string attack
17215| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
17216| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
17217| [16230] Apache HTTP Server PHP denial of service
17218| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
17219| [15958] Apache HTTP Server authentication modules memory corruption
17220| [15547] Apache HTTP Server mod_disk_cache local information disclosure
17221| [15540] Apache HTTP Server socket starvation denial of service
17222| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
17223| [15422] Apache HTTP Server mod_access information disclosure
17224| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
17225| [15293] Apache for Cygwin "
17226| [15065] Apache-SSL has a default password
17227| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
17228| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
17229| [14751] Apache Mod_python output filter information disclosure
17230| [14125] Apache HTTP Server mod_userdir module information disclosure
17231| [14075] Apache HTTP Server mod_php file descriptor leak
17232| [13703] Apache HTTP Server account
17233| [13689] Apache HTTP Server configuration allows symlinks
17234| [13688] Apache HTTP Server configuration allows SSI
17235| [13687] Apache HTTP Server Server: header value
17236| [13685] Apache HTTP Server ServerTokens value
17237| [13684] Apache HTTP Server ServerSignature value
17238| [13672] Apache HTTP Server config allows directory autoindexing
17239| [13671] Apache HTTP Server default content
17240| [13670] Apache HTTP Server config file directive references outside content root
17241| [13668] Apache HTTP Server httpd not running in chroot environment
17242| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
17243| [13664] Apache HTTP Server config file contains ScriptAlias entry
17244| [13663] Apache HTTP Server CGI support modules loaded
17245| [13661] Apache HTTP Server config file contains AddHandler entry
17246| [13660] Apache HTTP Server 500 error page not CGI script
17247| [13659] Apache HTTP Server 413 error page not CGI script
17248| [13658] Apache HTTP Server 403 error page not CGI script
17249| [13657] Apache HTTP Server 401 error page not CGI script
17250| [13552] Apache HTTP Server mod_cgid module information disclosure
17251| [13550] Apache GET request directory traversal
17252| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
17253| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
17254| [13429] Apache Tomcat non-HTTP request denial of service
17255| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
17256| [13295] Apache weak password encryption
17257| [13254] Apache Tomcat .jsp cross-site scripting
17258| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
17259| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
17260| [12681] Apache HTTP Server mod_proxy could allow mail relaying
17261| [12662] Apache HTTP Server rotatelogs denial of service
17262| [12554] Apache Tomcat stores password in plain text
17263| [12553] Apache HTTP Server redirects and subrequests denial of service
17264| [12552] Apache HTTP Server FTP proxy server denial of service
17265| [12551] Apache HTTP Server prefork MPM denial of service
17266| [12550] Apache HTTP Server weaker than expected encryption
17267| [12549] Apache HTTP Server type-map file denial of service
17268| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
17269| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
17270| [12091] Apache HTTP Server apr_password_validate denial of service
17271| [12090] Apache HTTP Server apr_psprintf code execution
17272| [11804] Apache HTTP Server mod_access_referer denial of service
17273| [11750] Apache HTTP Server could leak sensitive file descriptors
17274| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
17275| [11703] Apache long slash path allows directory listing
17276| [11695] Apache HTTP Server LF (Line Feed) denial of service
17277| [11694] Apache HTTP Server filestat.c denial of service
17278| [11438] Apache HTTP Server MIME message boundaries information disclosure
17279| [11412] Apache HTTP Server error log terminal escape sequence injection
17280| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
17281| [11195] Apache Tomcat web.xml could be used to read files
17282| [11194] Apache Tomcat URL appended with a null character could list directories
17283| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
17284| [11126] Apache HTTP Server illegal character file disclosure
17285| [11125] Apache HTTP Server DOS device name HTTP POST code execution
17286| [11124] Apache HTTP Server DOS device name denial of service
17287| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
17288| [10938] Apache HTTP Server printenv test CGI cross-site scripting
17289| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
17290| [10575] Apache mod_php module could allow an attacker to take over the httpd process
17291| [10499] Apache HTTP Server WebDAV HTTP POST view source
17292| [10457] Apache HTTP Server mod_ssl "
17293| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
17294| [10414] Apache HTTP Server htdigest multiple buffer overflows
17295| [10413] Apache HTTP Server htdigest temporary file race condition
17296| [10412] Apache HTTP Server htpasswd temporary file race condition
17297| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
17298| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
17299| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
17300| [10280] Apache HTTP Server shared memory scorecard overwrite
17301| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
17302| [10241] Apache HTTP Server Host: header cross-site scripting
17303| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
17304| [10208] Apache HTTP Server mod_dav denial of service
17305| [10206] HP VVOS Apache mod_ssl denial of service
17306| [10200] Apache HTTP Server stderr denial of service
17307| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
17308| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
17309| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
17310| [10098] Slapper worm targets OpenSSL/Apache systems
17311| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
17312| [9875] Apache HTTP Server .var file request could disclose installation path
17313| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
17314| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
17315| [9623] Apache HTTP Server ap_log_rerror() path disclosure
17316| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
17317| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
17318| [9396] Apache Tomcat null character to threads denial of service
17319| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
17320| [9249] Apache HTTP Server chunked encoding heap buffer overflow
17321| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
17322| [8932] Apache Tomcat example class information disclosure
17323| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
17324| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
17325| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
17326| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
17327| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
17328| [8400] Apache HTTP Server mod_frontpage buffer overflows
17329| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
17330| [8308] Apache "
17331| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
17332| [8119] Apache and PHP OPTIONS request reveals "
17333| [8054] Apache is running on the system
17334| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
17335| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
17336| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
17337| [7836] Apache HTTP Server log directory denial of service
17338| [7815] Apache for Windows "
17339| [7810] Apache HTTP request could result in unexpected behavior
17340| [7599] Apache Tomcat reveals installation path
17341| [7494] Apache "
17342| [7419] Apache Web Server could allow remote attackers to overwrite .log files
17343| [7363] Apache Web Server hidden HTTP requests
17344| [7249] Apache mod_proxy denial of service
17345| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
17346| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
17347| [7059] Apache "
17348| [7057] Apache "
17349| [7056] Apache "
17350| [7055] Apache "
17351| [7054] Apache "
17352| [6997] Apache Jakarta Tomcat error message may reveal information
17353| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
17354| [6970] Apache crafted HTTP request could reveal the internal IP address
17355| [6921] Apache long slash path allows directory listing
17356| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
17357| [6527] Apache Web Server for Windows and OS2 denial of service
17358| [6316] Apache Jakarta Tomcat may reveal JSP source code
17359| [6305] Apache Jakarta Tomcat directory traversal
17360| [5926] Linux Apache symbolic link
17361| [5659] Apache Web server discloses files when used with php script
17362| [5310] Apache mod_rewrite allows attacker to view arbitrary files
17363| [5204] Apache WebDAV directory listings
17364| [5197] Apache Web server reveals CGI script source code
17365| [5160] Apache Jakarta Tomcat default installation
17366| [5099] Trustix Secure Linux installs Apache with world writable access
17367| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
17368| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
17369| [4931] Apache source.asp example file allows users to write to files
17370| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
17371| [4205] Apache Jakarta Tomcat delivers file contents
17372| [2084] Apache on Debian by default serves the /usr/doc directory
17373| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
17374| [697] Apache HTTP server beck exploit
17375| [331] Apache cookies buffer overflow
17376|
17377| Exploit-DB - https://www.exploit-db.com:
17378| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
17379| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
17380| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
17381| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
17382| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
17383| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
17384| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
17385| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
17386| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
17387| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
17388| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
17389| [29859] Apache Roller OGNL Injection
17390| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
17391| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
17392| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
17393| [29290] Apache / PHP 5.x Remote Code Execution Exploit
17394| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
17395| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
17396| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
17397| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
17398| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
17399| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
17400| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
17401| [27096] Apache Geronimo 1.0 Error Page XSS
17402| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
17403| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
17404| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
17405| [25986] Plesk Apache Zeroday Remote Exploit
17406| [25980] Apache Struts includeParams Remote Code Execution
17407| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
17408| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
17409| [24874] Apache Struts ParametersInterceptor Remote Code Execution
17410| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
17411| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
17412| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
17413| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
17414| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
17415| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
17416| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
17417| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
17418| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
17419| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
17420| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
17421| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
17422| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
17423| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
17424| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
17425| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
17426| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
17427| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
17428| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
17429| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
17430| [21719] Apache 2.0 Path Disclosure Vulnerability
17431| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
17432| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
17433| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
17434| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
17435| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
17436| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
17437| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
17438| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
17439| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
17440| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
17441| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
17442| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
17443| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
17444| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
17445| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
17446| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
17447| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
17448| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
17449| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
17450| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
17451| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
17452| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
17453| [20558] Apache 1.2 Web Server DoS Vulnerability
17454| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
17455| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
17456| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
17457| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
17458| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
17459| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
17460| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
17461| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
17462| [19231] PHP apache_request_headers Function Buffer Overflow
17463| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
17464| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
17465| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
17466| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
17467| [18442] Apache httpOnly Cookie Disclosure
17468| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
17469| [18221] Apache HTTP Server Denial of Service
17470| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17471| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
17472| [17691] Apache Struts < 2.2.0 - Remote Command Execution
17473| [16798] Apache mod_jk 1.2.20 Buffer Overflow
17474| [16782] Apache Win32 Chunked Encoding
17475| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
17476| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
17477| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
17478| [15319] Apache 2.2 (Windows) Local Denial of Service
17479| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
17480| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17481| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
17482| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
17483| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
17484| [12330] Apache OFBiz - Multiple XSS
17485| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
17486| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
17487| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
17488| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
17489| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
17490| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
17491| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
17492| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
17493| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17494| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
17495| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
17496| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
17497| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17498| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
17499| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
17500| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
17501| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
17502| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
17503| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
17504| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
17505| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
17506| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
17507| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
17508| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
17509| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
17510| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
17511| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
17512| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
17513| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
17514| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
17515| [466] htpasswd Apache 1.3.31 - Local Exploit
17516| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
17517| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
17518| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
17519| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
17520| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
17521| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
17522| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
17523| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
17524| [9] Apache HTTP Server 2.x Memory Leak Exploit
17525|
17526| OpenVAS (Nessus) - http://www.openvas.org:
17527| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
17528| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
17529| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
17530| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
17531| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
17532| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
17533| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
17534| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
17535| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
17536| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
17537| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
17538| [900571] Apache APR-Utils Version Detection
17539| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
17540| [900496] Apache Tiles Multiple XSS Vulnerability
17541| [900493] Apache Tiles Version Detection
17542| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
17543| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
17544| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
17545| [870175] RedHat Update for apache RHSA-2008:0004-01
17546| [864591] Fedora Update for apache-poi FEDORA-2012-10835
17547| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
17548| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
17549| [864250] Fedora Update for apache-poi FEDORA-2012-7683
17550| [864249] Fedora Update for apache-poi FEDORA-2012-7686
17551| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
17552| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
17553| [855821] Solaris Update for Apache 1.3 122912-19
17554| [855812] Solaris Update for Apache 1.3 122911-19
17555| [855737] Solaris Update for Apache 1.3 122911-17
17556| [855731] Solaris Update for Apache 1.3 122912-17
17557| [855695] Solaris Update for Apache 1.3 122911-16
17558| [855645] Solaris Update for Apache 1.3 122912-16
17559| [855587] Solaris Update for kernel update and Apache 108529-29
17560| [855566] Solaris Update for Apache 116973-07
17561| [855531] Solaris Update for Apache 116974-07
17562| [855524] Solaris Update for Apache 2 120544-14
17563| [855494] Solaris Update for Apache 1.3 122911-15
17564| [855478] Solaris Update for Apache Security 114145-11
17565| [855472] Solaris Update for Apache Security 113146-12
17566| [855179] Solaris Update for Apache 1.3 122912-15
17567| [855147] Solaris Update for kernel update and Apache 108528-29
17568| [855077] Solaris Update for Apache 2 120543-14
17569| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
17570| [850088] SuSE Update for apache2 SUSE-SA:2007:061
17571| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
17572| [841209] Ubuntu Update for apache2 USN-1627-1
17573| [840900] Ubuntu Update for apache2 USN-1368-1
17574| [840798] Ubuntu Update for apache2 USN-1259-1
17575| [840734] Ubuntu Update for apache2 USN-1199-1
17576| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
17577| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
17578| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
17579| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
17580| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
17581| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
17582| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
17583| [835253] HP-UX Update for Apache Web Server HPSBUX02645
17584| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
17585| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
17586| [835236] HP-UX Update for Apache with PHP HPSBUX02543
17587| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
17588| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
17589| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
17590| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
17591| [835188] HP-UX Update for Apache HPSBUX02308
17592| [835181] HP-UX Update for Apache With PHP HPSBUX02332
17593| [835180] HP-UX Update for Apache with PHP HPSBUX02342
17594| [835172] HP-UX Update for Apache HPSBUX02365
17595| [835168] HP-UX Update for Apache HPSBUX02313
17596| [835148] HP-UX Update for Apache HPSBUX01064
17597| [835139] HP-UX Update for Apache with PHP HPSBUX01090
17598| [835131] HP-UX Update for Apache HPSBUX00256
17599| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
17600| [835104] HP-UX Update for Apache HPSBUX00224
17601| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
17602| [835101] HP-UX Update for Apache HPSBUX01232
17603| [835080] HP-UX Update for Apache HPSBUX02273
17604| [835078] HP-UX Update for ApacheStrong HPSBUX00255
17605| [835044] HP-UX Update for Apache HPSBUX01019
17606| [835040] HP-UX Update for Apache PHP HPSBUX00207
17607| [835025] HP-UX Update for Apache HPSBUX00197
17608| [835023] HP-UX Update for Apache HPSBUX01022
17609| [835022] HP-UX Update for Apache HPSBUX02292
17610| [835005] HP-UX Update for Apache HPSBUX02262
17611| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
17612| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
17613| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
17614| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
17615| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
17616| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
17617| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
17618| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
17619| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
17620| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
17621| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
17622| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
17623| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
17624| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
17625| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
17626| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
17627| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
17628| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
17629| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
17630| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
17631| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
17632| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
17633| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
17634| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
17635| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
17636| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
17637| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
17638| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
17639| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
17640| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
17641| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
17642| [801942] Apache Archiva Multiple Vulnerabilities
17643| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
17644| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
17645| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
17646| [801284] Apache Derby Information Disclosure Vulnerability
17647| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
17648| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
17649| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
17650| [800680] Apache APR Version Detection
17651| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
17652| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
17653| [800677] Apache Roller Version Detection
17654| [800279] Apache mod_jk Module Version Detection
17655| [800278] Apache Struts Cross Site Scripting Vulnerability
17656| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
17657| [800276] Apache Struts Version Detection
17658| [800271] Apache Struts Directory Traversal Vulnerability
17659| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
17660| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
17661| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
17662| [103122] Apache Web Server ETag Header Information Disclosure Weakness
17663| [103074] Apache Continuum Cross Site Scripting Vulnerability
17664| [103073] Apache Continuum Detection
17665| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
17666| [101023] Apache Open For Business Weak Password security check
17667| [101020] Apache Open For Business HTML injection vulnerability
17668| [101019] Apache Open For Business service detection
17669| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
17670| [100923] Apache Archiva Detection
17671| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
17672| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
17673| [100813] Apache Axis2 Detection
17674| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
17675| [100795] Apache Derby Detection
17676| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
17677| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
17678| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
17679| [100514] Apache Multiple Security Vulnerabilities
17680| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
17681| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
17682| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
17683| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17684| [72626] Debian Security Advisory DSA 2579-1 (apache2)
17685| [72612] FreeBSD Ports: apache22
17686| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
17687| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
17688| [71512] FreeBSD Ports: apache
17689| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
17690| [71256] Debian Security Advisory DSA 2452-1 (apache2)
17691| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
17692| [70737] FreeBSD Ports: apache
17693| [70724] Debian Security Advisory DSA 2405-1 (apache2)
17694| [70600] FreeBSD Ports: apache
17695| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
17696| [70235] Debian Security Advisory DSA 2298-2 (apache2)
17697| [70233] Debian Security Advisory DSA 2298-1 (apache2)
17698| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
17699| [69338] Debian Security Advisory DSA 2202-1 (apache2)
17700| [67868] FreeBSD Ports: apache
17701| [66816] FreeBSD Ports: apache
17702| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
17703| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
17704| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
17705| [66081] SLES11: Security update for Apache 2
17706| [66074] SLES10: Security update for Apache 2
17707| [66070] SLES9: Security update for Apache 2
17708| [65998] SLES10: Security update for apache2-mod_python
17709| [65893] SLES10: Security update for Apache 2
17710| [65888] SLES10: Security update for Apache 2
17711| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
17712| [65510] SLES9: Security update for Apache 2
17713| [65472] SLES9: Security update for Apache
17714| [65467] SLES9: Security update for Apache
17715| [65450] SLES9: Security update for apache2
17716| [65390] SLES9: Security update for Apache2
17717| [65363] SLES9: Security update for Apache2
17718| [65309] SLES9: Security update for Apache and mod_ssl
17719| [65296] SLES9: Security update for webdav apache module
17720| [65283] SLES9: Security update for Apache2
17721| [65249] SLES9: Security update for Apache 2
17722| [65230] SLES9: Security update for Apache 2
17723| [65228] SLES9: Security update for Apache 2
17724| [65212] SLES9: Security update for apache2-mod_python
17725| [65209] SLES9: Security update for apache2-worker
17726| [65207] SLES9: Security update for Apache 2
17727| [65168] SLES9: Security update for apache2-mod_python
17728| [65142] SLES9: Security update for Apache2
17729| [65136] SLES9: Security update for Apache 2
17730| [65132] SLES9: Security update for apache
17731| [65131] SLES9: Security update for Apache 2 oes/CORE
17732| [65113] SLES9: Security update for apache2
17733| [65072] SLES9: Security update for apache and mod_ssl
17734| [65017] SLES9: Security update for Apache 2
17735| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
17736| [64783] FreeBSD Ports: apache
17737| [64774] Ubuntu USN-802-2 (apache2)
17738| [64653] Ubuntu USN-813-2 (apache2)
17739| [64559] Debian Security Advisory DSA 1834-2 (apache2)
17740| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
17741| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
17742| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
17743| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
17744| [64443] Ubuntu USN-802-1 (apache2)
17745| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
17746| [64423] Debian Security Advisory DSA 1834-1 (apache2)
17747| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
17748| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
17749| [64251] Debian Security Advisory DSA 1816-1 (apache2)
17750| [64201] Ubuntu USN-787-1 (apache2)
17751| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
17752| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
17753| [63565] FreeBSD Ports: apache
17754| [63562] Ubuntu USN-731-1 (apache2)
17755| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
17756| [61185] FreeBSD Ports: apache
17757| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
17758| [60387] Slackware Advisory SSA:2008-045-02 apache
17759| [58826] FreeBSD Ports: apache-tomcat
17760| [58825] FreeBSD Ports: apache-tomcat
17761| [58804] FreeBSD Ports: apache
17762| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
17763| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
17764| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
17765| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
17766| [57335] Debian Security Advisory DSA 1167-1 (apache)
17767| [57201] Debian Security Advisory DSA 1131-1 (apache)
17768| [57200] Debian Security Advisory DSA 1132-1 (apache2)
17769| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
17770| [57145] FreeBSD Ports: apache
17771| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
17772| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
17773| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
17774| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
17775| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
17776| [56067] FreeBSD Ports: apache
17777| [55803] Slackware Advisory SSA:2005-310-04 apache
17778| [55519] Debian Security Advisory DSA 839-1 (apachetop)
17779| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
17780| [55355] FreeBSD Ports: apache
17781| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
17782| [55261] Debian Security Advisory DSA 805-1 (apache2)
17783| [55259] Debian Security Advisory DSA 803-1 (apache)
17784| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
17785| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
17786| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
17787| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
17788| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
17789| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
17790| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
17791| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
17792| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
17793| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
17794| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
17795| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
17796| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
17797| [54439] FreeBSD Ports: apache
17798| [53931] Slackware Advisory SSA:2004-133-01 apache
17799| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
17800| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
17801| [53878] Slackware Advisory SSA:2003-308-01 apache security update
17802| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
17803| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
17804| [53848] Debian Security Advisory DSA 131-1 (apache)
17805| [53784] Debian Security Advisory DSA 021-1 (apache)
17806| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
17807| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
17808| [53735] Debian Security Advisory DSA 187-1 (apache)
17809| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
17810| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
17811| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
17812| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
17813| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
17814| [53282] Debian Security Advisory DSA 594-1 (apache)
17815| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
17816| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
17817| [53215] Debian Security Advisory DSA 525-1 (apache)
17818| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
17819| [52529] FreeBSD Ports: apache+ssl
17820| [52501] FreeBSD Ports: apache
17821| [52461] FreeBSD Ports: apache
17822| [52390] FreeBSD Ports: apache
17823| [52389] FreeBSD Ports: apache
17824| [52388] FreeBSD Ports: apache
17825| [52383] FreeBSD Ports: apache
17826| [52339] FreeBSD Ports: apache+mod_ssl
17827| [52331] FreeBSD Ports: apache
17828| [52329] FreeBSD Ports: ru-apache+mod_ssl
17829| [52314] FreeBSD Ports: apache
17830| [52310] FreeBSD Ports: apache
17831| [15588] Detect Apache HTTPS
17832| [15555] Apache mod_proxy content-length buffer overflow
17833| [15554] Apache mod_include priviledge escalation
17834| [14771] Apache <= 1.3.33 htpasswd local overflow
17835| [14177] Apache mod_access rule bypass
17836| [13644] Apache mod_rootme Backdoor
17837| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
17838| [12280] Apache Connection Blocking Denial of Service
17839| [12239] Apache Error Log Escape Sequence Injection
17840| [12123] Apache Tomcat source.jsp malformed request information disclosure
17841| [12085] Apache Tomcat servlet/JSP container default files
17842| [11438] Apache Tomcat Directory Listing and File disclosure
17843| [11204] Apache Tomcat Default Accounts
17844| [11092] Apache 2.0.39 Win32 directory traversal
17845| [11046] Apache Tomcat TroubleShooter Servlet Installed
17846| [11042] Apache Tomcat DOS Device Name XSS
17847| [11041] Apache Tomcat /servlet Cross Site Scripting
17848| [10938] Apache Remote Command Execution via .bat files
17849| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
17850| [10773] MacOS X Finder reveals contents of Apache Web files
17851| [10766] Apache UserDir Sensitive Information Disclosure
17852| [10756] MacOS X Finder reveals contents of Apache Web directories
17853| [10752] Apache Auth Module SQL Insertion Attack
17854| [10704] Apache Directory Listing
17855| [10678] Apache /server-info accessible
17856| [10677] Apache /server-status accessible
17857| [10440] Check for Apache Multiple / vulnerability
17858|
17859| SecurityTracker - https://www.securitytracker.com:
17860| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
17861| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
17862| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
17863| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
17864| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17865| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17866| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
17867| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
17868| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
17869| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
17870| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
17871| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
17872| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
17873| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
17874| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
17875| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
17876| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
17877| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
17878| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
17879| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
17880| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
17881| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
17882| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
17883| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17884| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
17885| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17886| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17887| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
17888| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
17889| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
17890| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
17891| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
17892| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
17893| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
17894| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
17895| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
17896| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
17897| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
17898| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
17899| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
17900| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
17901| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
17902| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
17903| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
17904| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
17905| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
17906| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17907| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
17908| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
17909| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
17910| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
17911| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
17912| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
17913| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
17914| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
17915| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
17916| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
17917| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
17918| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
17919| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
17920| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
17921| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
17922| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
17923| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
17924| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
17925| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
17926| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
17927| [1024096] Apache mod_proxy_http May Return Results for a Different Request
17928| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
17929| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
17930| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
17931| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
17932| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
17933| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
17934| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
17935| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
17936| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
17937| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
17938| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
17939| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
17940| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
17941| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17942| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
17943| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
17944| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
17945| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
17946| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
17947| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17948| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
17949| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
17950| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
17951| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
17952| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
17953| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
17954| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
17955| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
17956| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
17957| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
17958| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
17959| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
17960| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
17961| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
17962| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
17963| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
17964| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
17965| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
17966| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
17967| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
17968| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
17969| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
17970| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
17971| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
17972| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
17973| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
17974| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
17975| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
17976| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
17977| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
17978| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
17979| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
17980| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
17981| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
17982| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
17983| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
17984| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
17985| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
17986| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
17987| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
17988| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
17989| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
17990| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
17991| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
17992| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
17993| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
17994| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
17995| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
17996| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
17997| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
17998| [1008920] Apache mod_digest May Validate Replayed Client Responses
17999| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
18000| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
18001| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
18002| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
18003| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
18004| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
18005| [1008030] Apache mod_rewrite Contains a Buffer Overflow
18006| [1008029] Apache mod_alias Contains a Buffer Overflow
18007| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
18008| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
18009| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
18010| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
18011| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
18012| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
18013| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
18014| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
18015| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
18016| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
18017| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
18018| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
18019| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
18020| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
18021| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
18022| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
18023| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
18024| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
18025| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
18026| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
18027| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
18028| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
18029| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
18030| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
18031| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
18032| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
18033| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
18034| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
18035| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
18036| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
18037| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
18038| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
18039| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
18040| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
18041| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
18042| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
18043| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
18044| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
18045| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
18046| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
18047| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
18048| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
18049| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
18050| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
18051| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
18052| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
18053| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
18054| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
18055| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
18056| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
18057| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
18058| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
18059| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
18060| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
18061| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
18062| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
18063|
18064| OSVDB - http://www.osvdb.org:
18065| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
18066| [96077] Apache CloudStack Global Settings Multiple Field XSS
18067| [96076] Apache CloudStack Instances Menu Display Name Field XSS
18068| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
18069| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
18070| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
18071| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
18072| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
18073| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
18074| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
18075| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
18076| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
18077| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
18078| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
18079| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
18080| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
18081| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
18082| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
18083| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
18084| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
18085| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
18086| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
18087| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
18088| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
18089| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
18090| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
18091| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
18092| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
18093| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
18094| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
18095| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
18096| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
18097| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
18098| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
18099| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
18100| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
18101| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
18102| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
18103| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
18104| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
18105| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
18106| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
18107| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
18108| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
18109| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
18110| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
18111| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
18112| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
18113| [94279] Apache Qpid CA Certificate Validation Bypass
18114| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
18115| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
18116| [94042] Apache Axis JAX-WS Java Unspecified Exposure
18117| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
18118| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
18119| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
18120| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
18121| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
18122| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
18123| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
18124| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
18125| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
18126| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
18127| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
18128| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
18129| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
18130| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
18131| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
18132| [93541] Apache Solr json.wrf Callback XSS
18133| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
18134| [93521] Apache jUDDI Security API Token Session Persistence Weakness
18135| [93520] Apache CloudStack Default SSL Key Weakness
18136| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
18137| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
18138| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
18139| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
18140| [93515] Apache HBase table.jsp name Parameter XSS
18141| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
18142| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
18143| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
18144| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
18145| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
18146| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
18147| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
18148| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
18149| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
18150| [93252] Apache Tomcat FORM Authenticator Session Fixation
18151| [93172] Apache Camel camel/endpoints/ Endpoint XSS
18152| [93171] Apache Sling HtmlResponse Error Message XSS
18153| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
18154| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
18155| [93168] Apache Click ErrorReport.java id Parameter XSS
18156| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
18157| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
18158| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
18159| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
18160| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
18161| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
18162| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
18163| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
18164| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
18165| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
18166| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
18167| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
18168| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
18169| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
18170| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
18171| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
18172| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
18173| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
18174| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
18175| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
18176| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
18177| [93144] Apache Solr Admin Command Execution CSRF
18178| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
18179| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
18180| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
18181| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
18182| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
18183| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
18184| [92748] Apache CloudStack VM Console Access Restriction Bypass
18185| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
18186| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
18187| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
18188| [92706] Apache ActiveMQ Debug Log Rendering XSS
18189| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
18190| [92270] Apache Tomcat Unspecified CSRF
18191| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
18192| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
18193| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
18194| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
18195| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
18196| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
18197| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
18198| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
18199| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
18200| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
18201| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
18202| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
18203| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
18204| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
18205| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
18206| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
18207| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
18208| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
18209| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
18210| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
18211| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
18212| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
18213| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
18214| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
18215| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
18216| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
18217| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
18218| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
18219| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
18220| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
18221| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
18222| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
18223| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
18224| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
18225| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
18226| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
18227| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
18228| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
18229| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
18230| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
18231| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
18232| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
18233| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
18234| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
18235| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
18236| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
18237| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
18238| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
18239| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
18240| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
18241| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
18242| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
18243| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
18244| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
18245| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
18246| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
18247| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
18248| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
18249| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
18250| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
18251| [86901] Apache Tomcat Error Message Path Disclosure
18252| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
18253| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
18254| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
18255| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
18256| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
18257| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
18258| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
18259| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
18260| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
18261| [85430] Apache mod_pagespeed Module Unspecified XSS
18262| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
18263| [85249] Apache Wicket Unspecified XSS
18264| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
18265| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
18266| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
18267| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
18268| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
18269| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
18270| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
18271| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
18272| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
18273| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
18274| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
18275| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
18276| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
18277| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
18278| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
18279| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
18280| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
18281| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
18282| [83339] Apache Roller Blogger Roll Unspecified XSS
18283| [83270] Apache Roller Unspecified Admin Action CSRF
18284| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
18285| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
18286| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
18287| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
18288| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
18289| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
18290| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
18291| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
18292| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
18293| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
18294| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
18295| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
18296| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
18297| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
18298| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
18299| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
18300| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
18301| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
18302| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
18303| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
18304| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
18305| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
18306| [80300] Apache Wicket wicket:pageMapName Parameter XSS
18307| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
18308| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
18309| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
18310| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
18311| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
18312| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
18313| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
18314| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
18315| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
18316| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
18317| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
18318| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
18319| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
18320| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
18321| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
18322| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
18323| [78331] Apache Tomcat Request Object Recycling Information Disclosure
18324| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
18325| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
18326| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
18327| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
18328| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
18329| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
18330| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
18331| [77593] Apache Struts Conversion Error OGNL Expression Injection
18332| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
18333| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
18334| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
18335| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
18336| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
18337| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
18338| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
18339| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
18340| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
18341| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
18342| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
18343| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
18344| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
18345| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
18346| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
18347| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
18348| [74725] Apache Wicket Multi Window Support Unspecified XSS
18349| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
18350| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
18351| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
18352| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
18353| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
18354| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
18355| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
18356| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
18357| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
18358| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
18359| [73644] Apache XML Security Signature Key Parsing Overflow DoS
18360| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
18361| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
18362| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
18363| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
18364| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
18365| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
18366| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
18367| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
18368| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
18369| [73154] Apache Archiva Multiple Unspecified CSRF
18370| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
18371| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
18372| [72238] Apache Struts Action / Method Names <
18373| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
18374| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
18375| [71557] Apache Tomcat HTML Manager Multiple XSS
18376| [71075] Apache Archiva User Management Page XSS
18377| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
18378| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
18379| [70924] Apache Continuum Multiple Admin Function CSRF
18380| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
18381| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
18382| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
18383| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
18384| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
18385| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
18386| [69520] Apache Archiva Administrator Credential Manipulation CSRF
18387| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
18388| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
18389| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
18390| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
18391| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
18392| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
18393| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
18394| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
18395| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
18396| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
18397| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
18398| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
18399| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
18400| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
18401| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
18402| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
18403| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
18404| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
18405| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
18406| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
18407| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
18408| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
18409| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
18410| [65054] Apache ActiveMQ Jetty Error Handler XSS
18411| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
18412| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
18413| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
18414| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
18415| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
18416| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
18417| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
18418| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
18419| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
18420| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
18421| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
18422| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
18423| [63895] Apache HTTP Server mod_headers Unspecified Issue
18424| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
18425| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
18426| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
18427| [63140] Apache Thrift Service Malformed Data Remote DoS
18428| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
18429| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
18430| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
18431| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
18432| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
18433| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
18434| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
18435| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
18436| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
18437| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
18438| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
18439| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
18440| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
18441| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
18442| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
18443| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
18444| [60678] Apache Roller Comment Email Notification Manipulation DoS
18445| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
18446| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
18447| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
18448| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
18449| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
18450| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
18451| [60232] PHP on Apache php.exe Direct Request Remote DoS
18452| [60176] Apache Tomcat Windows Installer Admin Default Password
18453| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
18454| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
18455| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
18456| [59944] Apache Hadoop jobhistory.jsp XSS
18457| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
18458| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
18459| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
18460| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
18461| [59019] Apache mod_python Cookie Salting Weakness
18462| [59018] Apache Harmony Error Message Handling Overflow
18463| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
18464| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
18465| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
18466| [59010] Apache Solr get-file.jsp XSS
18467| [59009] Apache Solr action.jsp XSS
18468| [59008] Apache Solr analysis.jsp XSS
18469| [59007] Apache Solr schema.jsp Multiple Parameter XSS
18470| [59006] Apache Beehive select / checkbox Tag XSS
18471| [59005] Apache Beehive jpfScopeID Global Parameter XSS
18472| [59004] Apache Beehive Error Message XSS
18473| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
18474| [59002] Apache Jetspeed default-page.psml URI XSS
18475| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
18476| [59000] Apache CXF Unsigned Message Policy Bypass
18477| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
18478| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
18479| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
18480| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
18481| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
18482| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
18483| [58993] Apache Hadoop browseBlock.jsp XSS
18484| [58991] Apache Hadoop browseDirectory.jsp XSS
18485| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
18486| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
18487| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
18488| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
18489| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
18490| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
18491| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
18492| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
18493| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
18494| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
18495| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
18496| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
18497| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
18498| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
18499| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
18500| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
18501| [58974] Apache Sling /apps Script User Session Management Access Weakness
18502| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
18503| [58931] Apache Geronimo Cookie Parameters Validation Weakness
18504| [58930] Apache Xalan-C++ XPath Handling Remote DoS
18505| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
18506| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
18507| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
18508| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
18509| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
18510| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
18511| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
18512| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
18513| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
18514| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
18515| [58805] Apache Derby Unauthenticated Database / Admin Access
18516| [58804] Apache Wicket Header Contribution Unspecified Issue
18517| [58803] Apache Wicket Session Fixation
18518| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
18519| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
18520| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
18521| [58799] Apache Tapestry Logging Cleartext Password Disclosure
18522| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
18523| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
18524| [58796] Apache Jetspeed Unsalted Password Storage Weakness
18525| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
18526| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
18527| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
18528| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
18529| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
18530| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
18531| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
18532| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
18533| [58775] Apache JSPWiki preview.jsp action Parameter XSS
18534| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18535| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
18536| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
18537| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
18538| [58770] Apache JSPWiki Group.jsp group Parameter XSS
18539| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
18540| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
18541| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
18542| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
18543| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18544| [58763] Apache JSPWiki Include Tag Multiple Script XSS
18545| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
18546| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
18547| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
18548| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
18549| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
18550| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
18551| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
18552| [58755] Apache Harmony DRLVM Non-public Class Member Access
18553| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
18554| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
18555| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
18556| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
18557| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
18558| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
18559| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
18560| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
18561| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
18562| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
18563| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
18564| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
18565| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
18566| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
18567| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
18568| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
18569| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
18570| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
18571| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
18572| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
18573| [58725] Apache Tapestry Basic String ACL Bypass Weakness
18574| [58724] Apache Roller Logout Functionality Failure Session Persistence
18575| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
18576| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
18577| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
18578| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
18579| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
18580| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
18581| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
18582| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
18583| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
18584| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
18585| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
18586| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
18587| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
18588| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
18589| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
18590| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
18591| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
18592| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
18593| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
18594| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
18595| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
18596| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
18597| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
18598| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
18599| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
18600| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
18601| [58687] Apache Axis Invalid wsdl Request XSS
18602| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
18603| [58685] Apache Velocity Template Designer Privileged Code Execution
18604| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
18605| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
18606| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
18607| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
18608| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
18609| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
18610| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
18611| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
18612| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
18613| [58667] Apache Roller Database Cleartext Passwords Disclosure
18614| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
18615| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
18616| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
18617| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
18618| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
18619| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
18620| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
18621| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
18622| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
18623| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
18624| [56984] Apache Xerces2 Java Malformed XML Input DoS
18625| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
18626| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
18627| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
18628| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
18629| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
18630| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
18631| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
18632| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
18633| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
18634| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
18635| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
18636| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
18637| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
18638| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
18639| [55056] Apache Tomcat Cross-application TLD File Manipulation
18640| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
18641| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
18642| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
18643| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
18644| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
18645| [54589] Apache Jserv Nonexistent JSP Request XSS
18646| [54122] Apache Struts s:a / s:url Tag href Element XSS
18647| [54093] Apache ActiveMQ Web Console JMS Message XSS
18648| [53932] Apache Geronimo Multiple Admin Function CSRF
18649| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
18650| [53930] Apache Geronimo /console/portal/ URI XSS
18651| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
18652| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
18653| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
18654| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
18655| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
18656| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
18657| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
18658| [53380] Apache Struts Unspecified XSS
18659| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
18660| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
18661| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
18662| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
18663| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
18664| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
18665| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
18666| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
18667| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
18668| [51151] Apache Roller Search Function q Parameter XSS
18669| [50482] PHP with Apache php_value Order Unspecified Issue
18670| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
18671| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
18672| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
18673| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
18674| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
18675| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
18676| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
18677| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
18678| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
18679| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
18680| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
18681| [47096] Oracle Weblogic Apache Connector POST Request Overflow
18682| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
18683| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
18684| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
18685| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
18686| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
18687| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
18688| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
18689| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
18690| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
18691| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
18692| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
18693| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
18694| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
18695| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
18696| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
18697| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
18698| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
18699| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
18700| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
18701| [43452] Apache Tomcat HTTP Request Smuggling
18702| [43309] Apache Geronimo LoginModule Login Method Bypass
18703| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
18704| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
18705| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
18706| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
18707| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
18708| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
18709| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
18710| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
18711| [42091] Apache Maven Site Plugin Installation Permission Weakness
18712| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
18713| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
18714| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
18715| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
18716| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
18717| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
18718| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
18719| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
18720| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
18721| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
18722| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
18723| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
18724| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
18725| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
18726| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
18727| [40262] Apache HTTP Server mod_status refresh XSS
18728| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
18729| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
18730| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
18731| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
18732| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
18733| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
18734| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
18735| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
18736| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
18737| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
18738| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
18739| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
18740| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
18741| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
18742| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
18743| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
18744| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
18745| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
18746| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
18747| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
18748| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
18749| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
18750| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
18751| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
18752| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
18753| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
18754| [36080] Apache Tomcat JSP Examples Crafted URI XSS
18755| [36079] Apache Tomcat Manager Uploaded Filename XSS
18756| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
18757| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
18758| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
18759| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
18760| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
18761| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
18762| [34881] Apache Tomcat Malformed Accept-Language Header XSS
18763| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
18764| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
18765| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
18766| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
18767| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
18768| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
18769| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
18770| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
18771| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
18772| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
18773| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
18774| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
18775| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
18776| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
18777| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
18778| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
18779| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
18780| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
18781| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
18782| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
18783| [32724] Apache mod_python _filter_read Freed Memory Disclosure
18784| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
18785| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
18786| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
18787| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
18788| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
18789| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
18790| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
18791| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
18792| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
18793| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
18794| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
18795| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
18796| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
18797| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
18798| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
18799| [24365] Apache Struts Multiple Function Error Message XSS
18800| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
18801| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
18802| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
18803| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
18804| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
18805| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
18806| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
18807| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
18808| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
18809| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
18810| [22459] Apache Geronimo Error Page XSS
18811| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
18812| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
18813| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
18814| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
18815| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
18816| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
18817| [21021] Apache Struts Error Message XSS
18818| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
18819| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
18820| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
18821| [20439] Apache Tomcat Directory Listing Saturation DoS
18822| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
18823| [20285] Apache HTTP Server Log File Control Character Injection
18824| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
18825| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
18826| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
18827| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
18828| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
18829| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
18830| [19821] Apache Tomcat Malformed Post Request Information Disclosure
18831| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
18832| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
18833| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
18834| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
18835| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
18836| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
18837| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
18838| [18233] Apache HTTP Server htdigest user Variable Overfow
18839| [17738] Apache HTTP Server HTTP Request Smuggling
18840| [16586] Apache HTTP Server Win32 GET Overflow DoS
18841| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
18842| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
18843| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
18844| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
18845| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
18846| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
18847| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
18848| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
18849| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
18850| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
18851| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
18852| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
18853| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
18854| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
18855| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
18856| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
18857| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
18858| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
18859| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
18860| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
18861| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
18862| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
18863| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
18864| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
18865| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
18866| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
18867| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
18868| [13304] Apache Tomcat realPath.jsp Path Disclosure
18869| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
18870| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
18871| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
18872| [12848] Apache HTTP Server htdigest realm Variable Overflow
18873| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
18874| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
18875| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
18876| [12557] Apache HTTP Server prefork MPM accept Error DoS
18877| [12233] Apache Tomcat MS-DOS Device Name Request DoS
18878| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
18879| [12231] Apache Tomcat web.xml Arbitrary File Access
18880| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
18881| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
18882| [12178] Apache Jakarta Lucene results.jsp XSS
18883| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
18884| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
18885| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
18886| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
18887| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
18888| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
18889| [10471] Apache Xerces-C++ XML Parser DoS
18890| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
18891| [10068] Apache HTTP Server htpasswd Local Overflow
18892| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
18893| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
18894| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
18895| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
18896| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
18897| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
18898| [9717] Apache HTTP Server mod_cookies Cookie Overflow
18899| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
18900| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
18901| [9714] Apache Authentication Module Threaded MPM DoS
18902| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
18903| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
18904| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
18905| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
18906| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
18907| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
18908| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
18909| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
18910| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
18911| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
18912| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
18913| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
18914| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
18915| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
18916| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
18917| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
18918| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
18919| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
18920| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
18921| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
18922| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
18923| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
18924| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
18925| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
18926| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
18927| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
18928| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
18929| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
18930| [9208] Apache Tomcat .jsp Encoded Newline XSS
18931| [9204] Apache Tomcat ROOT Application XSS
18932| [9203] Apache Tomcat examples Application XSS
18933| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
18934| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
18935| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
18936| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
18937| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
18938| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
18939| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
18940| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
18941| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
18942| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
18943| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
18944| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
18945| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
18946| [7611] Apache HTTP Server mod_alias Local Overflow
18947| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
18948| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
18949| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
18950| [6882] Apache mod_python Malformed Query String Variant DoS
18951| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
18952| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
18953| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
18954| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
18955| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
18956| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
18957| [5526] Apache Tomcat Long .JSP URI Path Disclosure
18958| [5278] Apache Tomcat web.xml Restriction Bypass
18959| [5051] Apache Tomcat Null Character DoS
18960| [4973] Apache Tomcat servlet Mapping XSS
18961| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
18962| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
18963| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
18964| [4568] mod_survey For Apache ENV Tags SQL Injection
18965| [4553] Apache HTTP Server ApacheBench Overflow DoS
18966| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
18967| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
18968| [4383] Apache HTTP Server Socket Race Condition DoS
18969| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
18970| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
18971| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
18972| [4231] Apache Cocoon Error Page Server Path Disclosure
18973| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
18974| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
18975| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
18976| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
18977| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
18978| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
18979| [3322] mod_php for Apache HTTP Server Process Hijack
18980| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
18981| [2885] Apache mod_python Malformed Query String DoS
18982| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
18983| [2733] Apache HTTP Server mod_rewrite Local Overflow
18984| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
18985| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
18986| [2149] Apache::Gallery Privilege Escalation
18987| [2107] Apache HTTP Server mod_ssl Host: Header XSS
18988| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
18989| [1833] Apache HTTP Server Multiple Slash GET Request DoS
18990| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
18991| [872] Apache Tomcat Multiple Default Accounts
18992| [862] Apache HTTP Server SSI Error Page XSS
18993| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
18994| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
18995| [845] Apache Tomcat MSDOS Device XSS
18996| [844] Apache Tomcat Java Servlet Error Page XSS
18997| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
18998| [838] Apache HTTP Server Chunked Encoding Remote Overflow
18999| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
19000| [775] Apache mod_python Module Importing Privilege Function Execution
19001| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
19002| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
19003| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
19004| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
19005| [637] Apache HTTP Server UserDir Directive Username Enumeration
19006| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
19007| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
19008| [562] Apache HTTP Server mod_info /server-info Information Disclosure
19009| [561] Apache Web Servers mod_status /server-status Information Disclosure
19010| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
19011| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
19012| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
19013| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
19014| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
19015| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
19016| [376] Apache Tomcat contextAdmin Arbitrary File Access
19017| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
19018| [222] Apache HTTP Server test-cgi Arbitrary File Access
19019| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
19020| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
19021|_
19022445/tcp closed microsoft-ds
19023587/tcp open smtp qmail smtpd
19024| vulscan: VulDB - https://vuldb.com:
19025| [56854] Frederik Vermeulen netqmail 1.06 qmail-smtpd.c Cleartext unknown vulnerability
19026| [45500] Gazatem Technologies QMail Mailing List Manager 1.2 information disclosure
19027|
19028| MITRE CVE - https://cve.mitre.org:
19029| [CVE-2012-2103] The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
19030| [CVE-2011-1431] The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
19031| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
19032| [CVE-2008-5606] Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
19033| [CVE-2006-1141] Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
19034| [CVE-2005-2663] masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.
19035| [CVE-2005-2662] masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message.
19036| [CVE-2005-1515] Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
19037| [CVE-2005-1514] commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.
19038| [CVE-2005-1513] Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
19039| [CVE-2004-2571] Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c
19040| [CVE-2004-2429] Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.
19041| [CVE-2004-2088] Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
19042| [CVE-2003-0654] Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
19043| [CVE-2002-1414] Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
19044| [CVE-2002-1279] Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).
19045| [CVE-2001-1173] Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
19046| [CVE-1999-0250] Denial of service in Qmail through long SMTP commands.
19047| [CVE-1999-0144] Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
19048|
19049| SecurityFocus - https://www.securityfocus.com/bid/:
19050| [90000] Qmail CVE-2005-1515 Denial-Of-Service Vulnerability
19051| [89993] Qmail CVE-2005-1514 Denial-Of-Service Vulnerability
19052| [89980] Qmail CVE-2005-1513 Denial-Of-Service Vulnerability
19053| [87001] MasqMail CVE-2001-1173 Local Security Vulnerability
19054| [84651] Qmail Mailing List Manager CVE-2008-5606 Information Disclosure Vulnerability
19055| [82079] Qmail CVE-1999-0250 Denial-Of-Service Vulnerability
19056| [49181] MasqMail Multiple Local Privilege Escalation Vulnerabilities
19057| [16994] Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
19058| [14890] MasqMail Local Privilege Escalation Vulnerabilities
19059| [13536] QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
19060| [13535] QMail Commands() Function Remote Integer Overflow Vulnerability
19061| [13528] QMail Alloc() Remote Integer Overflow Vulnerability
19062| [9797] QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
19063| [9432] QMail-SMTPD Long SMTP Session Integer Overflow Denial of Service Vulnerability
19064| [8196] QMail-SMTPD-Auth True Program Remote E-Mail Vulnerability
19065| [6164] MasqMail Buffer Overflow Vulnerability
19066| [5404] qmailadmin Local Buffer Overflow Vulnerability
19067| [2237] QMail RCPT Denial of Service Vulnerability
19068| [1809] cmd5checkpw Qmail Remote Password Retrieval Vulnerability
19069|
19070| IBM X-Force - https://exchange.xforce.ibmcloud.com:
19071| [69253] Masqmail seteuid function privilege escalation
19072| [47152] QMail Mailing List Manager qmail.mdb information disclosure
19073| [25065] QmailAdmin qmailadmin.c PATH_INFO buffer overflow
19074| [22347] MasqMail log file symlink
19075| [22346] MasqMail email addresses allow elevated privileges
19076| [20497] qmail RCPT TO qmail_put/substdio_put denial of service
19077| [20492] qmail commands.c denial of service
19078| [20489] qmail stralloc_readyplus function denial of service
19079| [15385] qmail RELAYCLIENT buffer overflow
19080| [14870] qmail long SMTP buffer overflow
19081| [14866] qmail long SMTP denial of service
19082| [12737] QmailAdmin forward rule execute commands
19083| [12616] qmail qmail-smtpd-auth patch allows open relay
19084| [10605] MasqMail multiple buffer overflows
19085| [9786] QmailAdmin QMAILADMIN_TEMPLATEDIR buffer overflow
19086| [8717] MasqMail could allow an attacker to gain elevated privileges
19087| [5382] cmd5checkpw plug-in allows attacker to bypass Qmail authentication
19088| [208] Qmail email RCPT denial of service
19089| [207] Qmail long SMTP command denial of service
19090|
19091| Exploit-DB - https://www.exploit-db.com:
19092| [21683] qmailadmin 1.0.x Local Buffer Overflow Vulnerability
19093| [20562] Dan Bernstein QMail 1.0 3 RCPT Denial of Service Vulnerability (2)
19094| [20561] Dan Bernstein QMail 1.0 3 RCPT Denial of Service Vulnerability (1)
19095| [7376] QMail Mailing List Manager 1.2 Database Disclosure Vulnerability
19096|
19097| OpenVAS (Nessus) - http://www.openvas.org:
19098| [57928] Gentoo Security Advisory GLSA 200611-15 (qmailadmin)
19099| [55561] Debian Security Advisory DSA 848-1 (masqmail)
19100| [53440] Debian Security Advisory DSA 194-1 (masqmail)
19101|
19102| SecurityTracker - https://www.securitytracker.com:
19103| [1013911] qmail Integer Errors Let Remote Users Deny Service
19104| [1009306] Qmail-qmtpd Buffer Overflow in RELAYCLIENT May Let Local Users Gain Elevated Privileges
19105| [1008733] qmail Buffer Overflow Lets Remote Users Overwrite Memory
19106| [1007305] QmailAdmin Forwarding Rule Lets Remote Users Execute Arbitrary Commands on the System
19107| [1005616] MasqMail Server Buffer Overflows Let Local Users Grab Root Privileges
19108| [1004978] QmailAdmin Buffer Overflow Lets Local Users Obtain Elevated Privileges on the System
19109| [1002108] MasqMail Piped Alias Processing Allows Certain Local Users to Escalate Privileges to Root
19110|
19111| OSVDB - http://www.osvdb.org:
19112| [81354] Munin qmailscan Plugin Temporary File Symlink Arbitrary File Overwrite
19113| [75803] qmailadmin User Quota Multiple Function Overflow
19114| [75256] netqmail qmail-smtpd qmail-smtpd.c STARTTLS I/O Buffering MiTM Plaintext Command Injection
19115| [74626] MasqMail Return Value Verification Weakness Local Privilege Escalation
19116| [74625] MasqMail ID Change Logic Error Local Privilege Escalation
19117| [56527] qmail Long SMTP Command Saturation Remote DoS
19118| [50546] QMail Mailing List Manager database/qmail.mdb Direct Request Database Disclosure
19119| [45184] Sophos Anti-Virus qmail Generated Delivery Status Notification (DSN) Scanning Bypass
19120| [23948] qmailadmin Arbitrary Program Mail Forward Privilege Escalation
19121| [23705] qmailadmin qmailadmin.c PATH_INFO Environment Variable Local Overflow
19122| [19584] MasqMail Log File Symlink Arbitrary File Overwrite
19123| [19583] MasqMail Crafted E-mail Address Arbitrary Command Execution
19124| [16345] qmail substdio_put Function Signedness Issue
19125| [16344] qmail commands.c Signed Index Issue
19126| [16343] qmail stralloc_readyplus Function Remote Overflow
19127| [14562] MasqMail Local Address Resolve Failure DoS
19128| [14561] MasqMail -C Option Unspecified Privilege Escalation
19129| [14533] qmailadmin QMAILADMIN_TEMPLATEDIR Environment Variable Local Overflow
19130| [14519] MasqMail -C Parameter Multiple Local Overflows
19131| [14176] MasqMail Piped Aliases Privilege Escalation
19132| [5850] qmail RCPT TO Command Remote Overflow DoS
19133| [3538] qmail Long SMTP Session DoS
19134| [2440] qmailadmin autorespond Multiple Variable Remote Overflow
19135| [1615] cmd5checkpw Qmail Remote Password Disclosure
19136|_
191371 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
19138SF-Port53-TCP:V=7.80%I=7%D=12/5%Time=5DE9CE82%P=x86_64-pc-linux-gnu%r(DNSV
19139SF:ersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x
19140SF:04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\
19141SF:0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
19142Device type: general purpose
19143Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
19144OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4
19145Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 3.10 - 3.12 (86%), Linux 4.4 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 4.0 (85%)
19146No exact OS matches for host (test conditions non-ideal).
19147Uptime guess: 37.175 days (since Tue Oct 29 19:32:49 2019)
19148Network Distance: 2 hops
19149TCP Sequence Prediction: Difficulty=262 (Good luck!)
19150IP ID Sequence Generation: All zeros
19151Service Info: Hosts: 94.138.199.135, localhost.localdomain; OS: Unix
19152
19153TRACEROUTE (using port 139/tcp)
19154HOP RTT ADDRESS
191551 331.05 ms 10.249.204.1
191562 331.03 ms ns1.ihsdnsx45.com (94.138.199.135)
19157
19158NSE: Script Post-scanning.
19159Initiating NSE at 22:45
19160Completed NSE at 22:45, 0.00s elapsed
19161Initiating NSE at 22:45
19162Completed NSE at 22:45, 0.00s elapsed
19163#######################################################################################################################################
19164 Anonymous JTSEC #OpTurkey Full Recon #15