· 5 years ago · Mar 19, 2020, 04:26 PM
1##################################################################################################################################
2===================================================================================================================================
3Hostname www.fightwhitegenocide.com ISP GoDaddy.com, LLC
4Continent North America Flag
5US
6Country United States Country Code US
7Region Arizona Local time 19 Mar 2020 07:45 MST
8City Scottsdale Postal Code 85260
9IP Address 23.229.234.138 Latitude 33.601
10 Longitude -111.887
11==================================================================================================================================
12##################################################################################################################################
13> www.fightwhitegenocide.com
14Server: 10.101.0.243
15Address: 10.101.0.243#53
16
17Non-authoritative answer:
18www.fightwhitegenocide.com canonical name = fightwhitegenocide.com.
19Name: fightwhitegenocide.com
20Address: 23.229.234.138
21>
22##################################################################################################################################
23 Domain Name: FIGHTWHITEGENOCIDE.COM
24 Registry Domain ID: 1852534367_DOMAIN_COM-VRSN
25 Registrar WHOIS Server: whois.godaddy.com
26 Registrar URL: http://www.godaddy.com
27 Updated Date: 2019-04-03T14:59:22Z
28 Creation Date: 2014-03-29T18:37:39Z
29 Registry Expiry Date: 2021-03-29T18:37:39Z
30 Registrar: GoDaddy.com, LLC
31 Registrar IANA ID: 146
32 Registrar Abuse Contact Email: abuse@godaddy.com
33 Registrar Abuse Contact Phone: 480-624-2505
34 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
35 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
36 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
37 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
38 Name Server: NS65.DOMAINCONTROL.COM
39 Name Server: NS66.DOMAINCONTROL.COM
40 DNSSEC: unsigned
41##################################################################################################################################
42Domain Name: FIGHTWHITEGENOCIDE.COM
43Registry Domain ID: 1852534367_DOMAIN_COM-VRSN
44Registrar WHOIS Server: whois.godaddy.com
45Registrar URL: http://www.godaddy.com
46Updated Date: 2019-04-03T14:59:20Z
47Creation Date: 2014-03-29T18:37:39Z
48Registrar Registration Expiration Date: 2021-03-29T18:37:39Z
49Registrar: GoDaddy.com, LLC
50Registrar IANA ID: 146
51Registrar Abuse Contact Email: abuse@godaddy.com
52Registrar Abuse Contact Phone: +1.4806242505
53Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
54Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
55Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
56Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
57Registry Registrant ID: Not Available From Registry
58Registrant Name: Registration Private
59Registrant Organization: Domains By Proxy, LLC
60Registrant Street: DomainsByProxy.com
61Registrant Street: 14455 N. Hayden Road
62Registrant City: Scottsdale
63Registrant State/Province: Arizona
64Registrant Postal Code: 85260
65Registrant Country: US
66Registrant Phone: +1.4806242599
67Registrant Phone Ext:
68Registrant Fax: +1.4806242598
69Registrant Fax Ext:
70Registrant Email: FIGHTWHITEGENOCIDE.COM@domainsbyproxy.com
71Registry Admin ID: Not Available From Registry
72Admin Name: Registration Private
73Admin Organization: Domains By Proxy, LLC
74Admin Street: DomainsByProxy.com
75Admin Street: 14455 N. Hayden Road
76Admin City: Scottsdale
77Admin State/Province: Arizona
78Admin Postal Code: 85260
79Admin Country: US
80Admin Phone: +1.4806242599
81Admin Phone Ext:
82Admin Fax: +1.4806242598
83Admin Fax Ext:
84Admin Email: FIGHTWHITEGENOCIDE.COM@domainsbyproxy.com
85Registry Tech ID: Not Available From Registry
86Tech Name: Registration Private
87Tech Organization: Domains By Proxy, LLC
88Tech Street: DomainsByProxy.com
89Tech Street: 14455 N. Hayden Road
90Tech City: Scottsdale
91Tech State/Province: Arizona
92Tech Postal Code: 85260
93Tech Country: US
94Tech Phone: +1.4806242599
95Tech Phone Ext:
96Tech Fax: +1.4806242598
97Tech Fax Ext:
98Tech Email: FIGHTWHITEGENOCIDE.COM@domainsbyproxy.com
99Name Server: NS65.DOMAINCONTROL.COM
100Name Server: NS66.DOMAINCONTROL.COM
101DNSSEC: unsigned
102#################################################################################################################################
103[+] Target : www.fightwhitegenocide.com
104
105[+] IP Address : 23.229.234.138
106
107[+] Headers :
108
109[+] Date : Thu, 19 Mar 2020 15:00:24 GMT
110[+] Server : Apache
111[+] X-Powered-By : PHP/5.6.40
112[+] Link : <https://www.fightwhitegenocide.com/wp-json/>; rel="https://api.w.org/", <https://www.fightwhitegenocide.com/>; rel=shortlink
113[+] Upgrade : h2,h2c
114[+] Connection : Upgrade, Keep-Alive
115[+] Vary : Accept-Encoding,User-Agent
116[+] Content-Encoding : gzip
117[+] Content-Length : 25068
118[+] Keep-Alive : timeout=5
119[+] Content-Type : text/html; charset=UTF-8
120
121[+] SSL Certificate Information :
122
123[+] organizationalUnitName : Domain Control Validated
124[+] commonName : fightwhitegenocide.com
125[+] countryName : US
126[+] stateOrProvinceName : Arizona
127[+] localityName : Scottsdale
128[+] organizationName : GoDaddy.com, Inc.
129[+] organizationalUnitName : http://certs.godaddy.com/repository/
130[+] commonName : Go Daddy Secure Certificate Authority - G2
131[+] Version : 3
132[+] Serial Number : 838DF8A9A588AFD4
133[+] Not Before : Apr 3 16:04:24 2019 GMT
134[+] Not After : Apr 3 16:04:24 2021 GMT
135[+] OCSP : ('http://ocsp.godaddy.com/',)
136[+] subject Alt Name : (('DNS', 'fightwhitegenocide.com'), ('DNS', 'www.fightwhitegenocide.com'))
137[+] CA Issuers : ('http://certificates.godaddy.com/repository/gdig2.crt',)
138[+] CRL Distribution Points : ('http://crl.godaddy.com/gdig2s1-1030.crl',)
139
140[+] Whois Lookup :
141
142[+] NIR : None
143[+] ASN Registry : arin
144[+] ASN : 26496
145[+] ASN CIDR : 23.229.224.0/19
146[+] ASN Country Code : US
147[+] ASN Date : 2013-09-17
148[+] ASN Description : AS-26496-GO-DADDY-COM-LLC, US
149[+] cidr : 23.229.128.0/17
150[+] name : GO-DADDY-COM-LLC
151[+] handle : NET-23-229-128-0-1
152[+] range : 23.229.128.0 - 23.229.255.255
153[+] description : GoDaddy.com, LLC
154[+] country : US
155[+] state : AZ
156[+] city : Scottsdale
157[+] address : 14455 N Hayden Road
158Suite 226
159[+] postal_code : 85260
160[+] emails : ['abuse@godaddy.com', 'noc@godaddy.com']
161[+] created : 2013-09-17
162[+] updated : 2014-02-25
163
164[+] Crawling Target...
165
166[+] Looking for robots.txt........[ Found ]
167[+] Extracting robots Links.......[ 2 ]
168[+] Looking for sitemap.xml.......[ Not Found ]
169[+] Extracting CSS Links..........[ 24 ]
170[+] Extracting Javascript Links...[ 33 ]
171[+] Extracting Internal Links.....[ 47 ]
172[+] Extracting External Links.....[ 3 ]
173[+] Extracting Images.............[ 49 ]
174
175[+] Total Links Extracted : 158
176
177[+] Dumping Links in /opt/FinalRecon/dumps/www.fightwhitegenocide.com.dump
178[+] Completed!
179################################################################################################################################
180[i] Scanning Site: https://www.fightwhitegenocide.com
181
182
183
184B A S I C I N F O
185====================
186
187
188[+] Site Title: Fight White Genocide
189[+] IP address: 23.229.234.138
190[+] Web Server: Apache
191[+] CMS: WordPress
192[+] Cloudflare: Not Detected
193[+] Robots File: Found
194
195-------------[ contents ]----------------
196User-agent: *
197Disallow: /wp-admin/
198Allow: /wp-admin/admin-ajax.php
199
200-----------[end of contents]-------------
201
202
203
204W H O I S L O O K U P
205========================
206
207 Domain Name: FIGHTWHITEGENOCIDE.COM
208 Registry Domain ID: 1852534367_DOMAIN_COM-VRSN
209 Registrar WHOIS Server: whois.godaddy.com
210 Registrar URL: http://www.godaddy.com
211 Updated Date: 2019-04-03T14:59:22Z
212 Creation Date: 2014-03-29T18:37:39Z
213 Registry Expiry Date: 2021-03-29T18:37:39Z
214 Registrar: GoDaddy.com, LLC
215 Registrar IANA ID: 146
216 Registrar Abuse Contact Email: abuse@godaddy.com
217 Registrar Abuse Contact Phone: 480-624-2505
218 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
219 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
220 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
221 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
222 Name Server: NS65.DOMAINCONTROL.COM
223 Name Server: NS66.DOMAINCONTROL.COM
224 DNSSEC: unsigned
225 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
226>>> Last update of whois database: 2020-03-19T15:00:47Z <<<
227
228For more information on Whois status codes, please visit https://icann.org/epp
229
230
231
232The Registry database contains ONLY .COM, .NET, .EDU domains and
233Registrars.
234
235
236
237
238G E O I P L O O K U P
239=========================
240
241[i] IP Address: 23.229.234.138
242[i] Country: United States
243[i] State: Arizona
244[i] City: Scottsdale
245[i] Latitude: 33.6013
246[i] Longitude: -111.8867
247
248
249
250
251H T T P H E A D E R S
252=======================
253
254
255[i] HTTP/1.1 200 OK
256[i] Date: Thu, 19 Mar 2020 15:01:00 GMT
257[i] Server: Apache
258[i] X-Powered-By: PHP/5.6.40
259[i] Link: <https://www.fightwhitegenocide.com/wp-json/>; rel="https://api.w.org/", <https://www.fightwhitegenocide.com/>; rel=shortlink
260[i] Upgrade: h2,h2c
261[i] Connection: Upgrade, close
262[i] Vary: Accept-Encoding,User-Agent
263[i] Content-Type: text/html; charset=UTF-8
264
265
266
267
268D N S L O O K U P
269===================
270
271fightwhitegenocide.com. 10799 IN A 23.229.234.138
272fightwhitegenocide.com. 3599 IN NS ns65.domaincontrol.com.
273fightwhitegenocide.com. 3599 IN NS ns66.domaincontrol.com.
274fightwhitegenocide.com. 3599 IN SOA ns65.domaincontrol.com. dns.jomax.net. 2019040302 28800 7200 604800 600
275fightwhitegenocide.com. 3599 IN MX 0 mail.fightwhitegenocide.com.
276fightwhitegenocide.com. 3599 IN TXT "google-site-verification=K4bXz6_akRl-syxq-Xa0kgcDmw62uMbueQ5B1hmjJfA"
277fightwhitegenocide.com. 3599 IN TXT "v=spf1 a mx ptr include:secureserver.net ~all"
278
279
280
281
282S U B N E T C A L C U L A T I O N
283====================================
284
285Address = 23.229.234.138
286Network = 23.229.234.138 / 32
287Netmask = 255.255.255.255
288Broadcast = not needed on Point-to-Point links
289Wildcard Mask = 0.0.0.0
290Hosts Bits = 0
291Max. Hosts = 1 (2^0 - 0)
292Host Range = { 23.229.234.138 - 23.229.234.138 }
293
294
295
296N M A P P O R T S C A N
297============================
298
299Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-19 15:01 UTC
300Nmap scan report for fightwhitegenocide.com (23.229.234.138)
301Host is up (0.070s latency).
302rDNS record for 23.229.234.138: ip-23-229-234-138.ip.secureserver.net
303
304PORT STATE SERVICE
30521/tcp open ftp
30622/tcp open ssh
30780/tcp open http
308443/tcp open https
309
310Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds
311#################################################################################################################################
312[+] Starting At 2020-03-19 11:02:01.094762
313[+] Collecting Information On: https://www.fightwhitegenocide.com/
314[#] Status: 200
315--------------------------------------------------
316[#] Web Server Detected: Apache
317[#] X-Powered-By: PHP/5.6.40
318[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
319- Date: Thu, 19 Mar 2020 15:01:56 GMT
320- Server: Apache
321- X-Powered-By: PHP/5.6.40
322- Link: <https://www.fightwhitegenocide.com/wp-json/>; rel="https://api.w.org/", <https://www.fightwhitegenocide.com/>; rel=shortlink
323- Upgrade: h2,h2c
324- Connection: Upgrade, Keep-Alive
325- Vary: Accept-Encoding,User-Agent
326- Content-Encoding: gzip
327- Content-Length: 25069
328- Keep-Alive: timeout=5
329- Content-Type: text/html; charset=UTF-8
330--------------------------------------------------
331[#] Finding Location..!
332[#] status: success
333[#] country: United States
334[#] countryCode: US
335[#] region: AZ
336[#] regionName: Arizona
337[#] city: Scottsdale
338[#] zip: 85260
339[#] lat: 33.6173
340[#] lon: -111.905
341[#] timezone: America/Phoenix
342[#] isp: GoDaddy.com, LLC
343[#] org: GoDaddy.com, LLC
344[#] as: AS26496 GoDaddy.com, LLC
345[#] query: 23.229.234.138
346--------------------------------------------------
347[x] Didn't Detect WAF Presence on: https://www.fightwhitegenocide.com/
348--------------------------------------------------
349[#] Starting Reverse DNS
350[-] Failed ! Fail
351--------------------------------------------------
352[!] Scanning Open Port
353[#] 21/tcp open ftp
354[#] 22/tcp open ssh
355[#] 25/tcp open smtp
356[#] 80/tcp open http
357[#] 110/tcp open pop3
358[#] 143/tcp open imap
359[#] 443/tcp open https
360[#] 465/tcp open smtps
361[#] 587/tcp open submission
362[#] 993/tcp open imaps
363[#] 995/tcp open pop3s
364[#] 1248/tcp open hermes
365[#] 3306/tcp open mysql
366--------------------------------------------------
367[+] Getting SSL Info
368{'OCSP': ('http://ocsp.godaddy.com/',),
369 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',),
370 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1030.crl',),
371 'issuer': ((('countryName', 'US'),),
372 (('stateOrProvinceName', 'Arizona'),),
373 (('localityName', 'Scottsdale'),),
374 (('organizationName', 'GoDaddy.com, Inc.'),),
375 (('organizationalUnitName',
376 'http://certs.godaddy.com/repository/'),),
377 (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)),
378 'notAfter': 'Apr 3 16:04:24 2021 GMT',
379 'notBefore': 'Apr 3 16:04:24 2019 GMT',
380 'serialNumber': '838DF8A9A588AFD4',
381 'subject': ((('organizationalUnitName', 'Domain Control Validated'),),
382 (('commonName', 'fightwhitegenocide.com'),)),
383 'subjectAltName': (('DNS', 'fightwhitegenocide.com'),
384 ('DNS', 'www.fightwhitegenocide.com')),
385 'version': 3}
386-----BEGIN CERTIFICATE-----
387MIIG0jCCBbqgAwIBAgIJAION+KmliK/UMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
388VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
389MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
390cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
391dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MDQwMzE2MDQyNFoX
392DTIxMDQwMzE2MDQyNFowRDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
393dGVkMR8wHQYDVQQDExZmaWdodHdoaXRlZ2Vub2NpZGUuY29tMIIBIjANBgkqhkiG
3949w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGh6MU0G35ce0yMbdeKs0X4QcpC9J4AD8S5x
395FWe8B/TtwqGKlnouiDEctaSwfxAx3YM8RClAjAJiCSNS6+TNBOE8/5K8HKIyliGH
396abNiC5vO3Xx2KYv4kBUQB6wRTzo4G/NYr3BjwJER6pLOVWa5iypN0RVCiJtJqb3e
397e13EmPy1lnIqVgA7eDEWSnMe0hGVVGuTxC4K0QEwp6zRQTpZ5bNfsHHgmhXNFXD7
398H2PtPhBM13cC1uMElGDXn19te+XpgCiAXGHRMuVIgORjYAWIp9e8K+mWndk9irRg
399TW43hyn+JDO5rQNfhPdghHNiuAMKHFeVZi7OmFbakv+D8n0/2QIDAQABo4IDVDCC
400A1AwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
401DgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29k
402YWRkeS5jb20vZ2RpZzJzMS0xMDMwLmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0B
403BxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
404b20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEF
405BQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRw
406Oi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0
407MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMD0GA1UdEQQ2MDSCFmZp
408Z2h0d2hpdGVnZW5vY2lkZS5jb22CGnd3dy5maWdodHdoaXRlZ2Vub2NpZGUuY29t
409MB0GA1UdDgQWBBSLuHu+zam6FnC1a4J+OlVOIqw77zCCAX8GCisGAQQB1nkCBAIE
410ggFvBIIBawFpAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFp
4114/HITwAABAMASDBGAiEAlos4Xvypb6EENIY+wfSHEFggKuaY4kENSSkdZn+IrScC
412IQCt52l531l3QTwtNnbecXrw8Ijt5hPcqY3/wjAjC0Tu+QB1AO5Lvbd1zmC64UJp
413H6vhnmajD35fsHLYgwDEe4l6qP3LAAABaePxy2sAAAQDAEYwRAIgW/GR2415w+2P
414eabKYsHlwk4SKY7FX7DgaBkvQMiUeR0CIBSkQShwClxg4y6yvs/XdcFsUy5TX+a7
415qfGyyVU3X7XWAHcARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFp
4164/HQKQAABAMASDBGAiEAi2OdlA8X3s0YDiswqkv+rZ4fs/8NmT2Pm6YTpw3hhQsC
417IQCTL8CTJEsLsrEKYkWsBaBnilni1bHL1cTxTzFE0huCWjANBgkqhkiG9w0BAQsF
418AAOCAQEArqd/u7y0GAPloTbOnkvG+QqN0ekJB8ekSwsXxMdjRhXkzlBMwm+OYmpA
419q0Sb0lPwfamPaZ5FYP3yg0yYeBL7W9cmUbQ+B0KFMAgMcW1IHTq7OMKApKktyoYT
420kYu4M08v13iXzYIqXPQnQtn7FALuVEjHT2rif7TnapaXojRKZwi6G5cvKhPxxQ5I
4219rleqsXfh+ji1111HIbcFHOeMbwmBmARvWKDEx4z020KnBGqBiFNT3pSEh70DAXH
422EG7grIG2llvGpeFqxtYH+FMYvrxAFAchAURMtZ0kxHfYzFOhY9fJrkg4Wu1l8BAw
423DtLTbWgSoxYBYxPu1jFc6dpJs5y+iw==
424-----END CERTIFICATE-----
425
426--------------------------------------------------
427[+] Collecting Information Disclosure!
428[#] Detecting sitemap.xml file
429[!] sitemap.xml File Found: https://www.fightwhitegenocide.com/sitemap_index.xml
430[#] Detecting robots.txt file
431[!] robots.txt File Found: https://www.fightwhitegenocide.com//robots.txt
432[#] Detecting GNU Mailman
433[!] GNU Mailman App Detected: https://www.fightwhitegenocide.com//mailman/admin
434[!] version: 2.1.27
435--------------------------------------------------
436[+] Crawling Url Parameter On: https://www.fightwhitegenocide.com/
437--------------------------------------------------
438[#] Searching Html Form !
439[+] Html Form Discovered
440[#] action: https://www.fightwhitegenocide.com//
441[#] class: ['theactivism_search_form']
442[#] id: theactivism_search_form
443[#] method: get
444--------------------------------------------------
445[!] Found 7 dom parameter
446[#] https://www.fightwhitegenocide.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.fightwhitegenocide.com%2F&format=xml
447[#] https://www.fightwhitegenocide.com//#
448[#] https://www.fightwhitegenocide.com/2020/02/04/anti-whites-attack-us-for-merely-objecting-to-genocide/#respond
449[#] https://www.fightwhitegenocide.com/2020/02/04/anti-whites-attack-us-for-merely-objecting-to-genocide/#respond
450[#] https://www.fightwhitegenocide.com/2019/07/27/fight-white-genocide-podcast-16-the-religion-of-political-correctness/#comments
451[#] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-15-an-interview-with-georgia-peach/#respond
452[#] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-14-fighting-the-word-war/#comments
453--------------------------------------------------
454[!] 3 Internal Dynamic Parameter Discovered
455[+] https://www.fightwhitegenocide.com/xmlrpc.php?rsd
456[+] https://www.fightwhitegenocide.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.fightwhitegenocide.com%2F
457[+] https://www.fightwhitegenocide.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.fightwhitegenocide.com%2F&format=xml
458--------------------------------------------------
459[!] 1 External Dynamic Parameter Discovered
460[#] https://fonts.googleapis.com/css?family=Noto+Sans:700%2C400%7COpen+Sans:300%2C400%2C700%7CSource+Sans+Pro:900%2C700%2C400%7CRoboto:900%7CAnton:400
461--------------------------------------------------
462[!] 91 Internal links Discovered
463[+] https://www.fightwhitegenocide.com/
464[+] https://www.fightwhitegenocide.com/feed/
465[+] https://www.fightwhitegenocide.com/comments/feed/
466[+] https://www.fightwhitegenocide.com/wp-includes/wlwmanifest.xml
467[+] https://www.fightwhitegenocide.com/feed/podcast
468[+] https://www.fightwhitegenocide.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css
469[+] https://www.fightwhitegenocide.com/wp-content/uploads/2017/09/cropped-logo002-32x32.png
470[+] https://www.fightwhitegenocide.com/wp-content/uploads/2017/09/cropped-logo002-192x192.png
471[+] https://www.fightwhitegenocide.com/wp-content/uploads/2017/09/cropped-logo002-180x180.png
472[+] https://www.fightwhitegenocide.com/
473[+] http://www.fightwhitegenocide.com/
474[+] https://www.fightwhitegenocide.com/faqs/
475[+] https://www.fightwhitegenocide.com/resources/
476[+] https://www.fightwhitegenocide.com/memes/
477[+] https://www.fightwhitegenocide.com/responding-to-anti-whites/
478[+] https://www.fightwhitegenocide.com/anti-white-quotes/
479[+] https://www.fightwhitegenocide.com/robert-whitakers-mantra/
480[+] https://www.fightwhitegenocide.com/robert-whitaker-old-blog-archive/
481[+] https://www.fightwhitegenocide.com/stings/
482[+] https://www.fightwhitegenocide.com/beefcakes-bootcamp/
483[+] https://www.fightwhitegenocide.com/trackrecord/
484[+] https://www.fightwhitegenocide.com/news/
485[+] https://www.fightwhitegenocide.com/billboards/
486[+] https://www.fightwhitegenocide.com/fwg-audio/
487[+] https://www.fightwhitegenocide.com/category/podcast/
488[+] https://www.fightwhitegenocide.com/rules-pro-whites/
489[+] https://www.fightwhitegenocide.com/fwgmerch/
490[+] https://www.fightwhitegenocide.com/about-us/
491[+] https://www.fightwhitegenocide.com/mission/
492[+] https://www.fightwhitegenocide.com/contact-us/
493[+] https://www.fightwhitegenocide.com///donate
494[+] https://www.fightwhitegenocide.com///donate
495[+] https://www.fightwhitegenocide.com//mailto:info@fightwhitegenocide.com
496[+] https://www.fightwhitegenocide.com/author/laura-fitz/
497[+] https://www.fightwhitegenocide.com/2020/02/04/anti-whites-attack-us-for-merely-objecting-to-genocide/
498[+] https://www.fightwhitegenocide.com/2020/02/04/anti-whites-attack-us-for-merely-objecting-to-genocide/
499[+] https://www.fightwhitegenocide.com/author/laura-fitz/
500[+] https://www.fightwhitegenocide.com/2019/07/27/fight-white-genocide-podcast-16-the-religion-of-political-correctness/
501[+] https://www.fightwhitegenocide.com/2019/07/27/fight-white-genocide-podcast-16-the-religion-of-political-correctness/
502[+] https://www.fightwhitegenocide.com/author/laura-fitz/
503[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-15-an-interview-with-georgia-peach/
504[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-15-an-interview-with-georgia-peach/
505[+] https://www.fightwhitegenocide.com/author/laura-fitz/
506[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-14-fighting-the-word-war/
507[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-14-fighting-the-word-war/
508[+] https://www.fightwhitegenocide.com/2020/03/18/have-some-covid-19-with-your-white-genocide/
509[+] https://www.fightwhitegenocide.com/2020/03/18/have-some-covid-19-with-your-white-genocide/
510[+] https://www.fightwhitegenocide.com/2020/03/18/have-some-covid-19-with-your-white-genocide/
511[+] https://www.fightwhitegenocide.com/2020/03/12/the-stop-white-genocide-party/
512[+] https://www.fightwhitegenocide.com/2020/03/12/the-stop-white-genocide-party/
513[+] https://www.fightwhitegenocide.com/2020/03/12/the-stop-white-genocide-party/
514[+] https://www.fightwhitegenocide.com/2020/03/07/would-todays-anti-white-governments-of-white-countries-halt-white-genocide-to-help-contain-covid-19/
515[+] https://www.fightwhitegenocide.com/2020/03/07/would-todays-anti-white-governments-of-white-countries-halt-white-genocide-to-help-contain-covid-19/
516[+] https://www.fightwhitegenocide.com/2020/03/07/would-todays-anti-white-governments-of-white-countries-halt-white-genocide-to-help-contain-covid-19/
517[+] https://www.fightwhitegenocide.com/2020/03/06/defund-new-hampshires-white-genocide-will-be-good-for-you-program/
518[+] https://www.fightwhitegenocide.com/2020/03/06/defund-new-hampshires-white-genocide-will-be-good-for-you-program/
519[+] https://www.fightwhitegenocide.com/2020/03/06/defund-new-hampshires-white-genocide-will-be-good-for-you-program/
520[+] https://www.fightwhitegenocide.com/2019/07/27/fight-white-genocide-podcast-16-the-religion-of-political-correctness/
521[+] https://www.fightwhitegenocide.com/2019/07/27/fight-white-genocide-podcast-16-the-religion-of-political-correctness/
522[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-15-an-interview-with-georgia-peach/
523[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-15-an-interview-with-georgia-peach/
524[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-14-fighting-the-word-war/
525[+] https://www.fightwhitegenocide.com/2019/07/05/fight-white-genocide-podcast-14-fighting-the-word-war/
526[+] https://www.fightwhitegenocide.com/2019/06/19/fight-white-genocide-podcast-13-youtube-panics-brothers-of-banned/
527[+] https://www.fightwhitegenocide.com/2019/06/19/fight-white-genocide-podcast-13-youtube-panics-brothers-of-banned/
528[+] https://www.fightwhitegenocide.com/2018/03/13/shut-up-and-unify/
529[+] https://www.fightwhitegenocide.com/2018/03/13/shut-up-and-unify/
530[+] https://www.fightwhitegenocide.com/2017/09/28/steve-bannon-hate-founding-fathers/
531[+] https://www.fightwhitegenocide.com/2017/09/28/steve-bannon-hate-founding-fathers/
532[+] https://www.fightwhitegenocide.com/2017/09/26/redefining-respectability/
533[+] https://www.fightwhitegenocide.com/2017/09/26/redefining-respectability/
534[+] https://www.fightwhitegenocide.com/2017/09/19/larpers-bazaar/
535[+] https://www.fightwhitegenocide.com/2017/09/19/larpers-bazaar/
536[+] https://www.fightwhitegenocide.com/2020/03/18/have-some-covid-19-with-your-white-genocide/
537[+] https://www.fightwhitegenocide.com/2020/03/18/have-some-covid-19-with-your-white-genocide/
538[+] https://www.fightwhitegenocide.com/2020/03/12/the-stop-white-genocide-party/
539[+] https://www.fightwhitegenocide.com/2020/03/12/the-stop-white-genocide-party/
540[+] https://www.fightwhitegenocide.com/portfolios/meme_052/
541[+] https://www.fightwhitegenocide.com/portfolios/meme_051/
542[+] https://www.fightwhitegenocide.com/portfolios/meme_050/
543[+] https://www.fightwhitegenocide.com/portfolios/meme_49/
544[+] https://www.fightwhitegenocide.com/portfolios/meme_048/
545[+] https://www.fightwhitegenocide.com/portfolios/meme_047/
546[+] https://www.fightwhitegenocide.com/portfolios/meme_046/
547[+] https://www.fightwhitegenocide.com/portfolios/meme_045/
548[+] https://www.fightwhitegenocide.com//mailto:info@fightwhitegenocide.com
549[+] http://www.fightwhitegenocide.com/
550[+] https://www.fightwhitegenocide.com/about-us/
551[+] https://www.fightwhitegenocide.com/news/
552[+] https://www.fightwhitegenocide.com/contact-us/
553[+] https://www.fightwhitegenocide.com/fwgmerch/
554--------------------------------------------------
555[!] 6 External links Discovered
556[#] https://twitter.com/fwhitegenocide
557[#] https://www.facebook.com/fightwhitegenocide
558[#] https://www.youtube.com/channel/UCQrMfqq8KrkqrNXmvBBvKRg
559[#] https://twitter.com/fwhitegenocide
560[#] https://www.facebook.com/fightwhitegenocide
561[#] https://www.youtube.com/channel/UCQrMfqq8KrkqrNXmvBBvKRg
562--------------------------------------------------
563[#] Mapping Subdomain..
564[-] No Any Subdomain Found
565[!] Found 0 Subdomain
566--------------------------------------------------
567[!] Done At 2020-03-19 11:02:48.812140
568#################################################################################################################################
569Trying "fightwhitegenocide.com"
570;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27277
571;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 4
572
573;; QUESTION SECTION:
574;fightwhitegenocide.com. IN ANY
575
576;; ANSWER SECTION:
577fightwhitegenocide.com. 3600 IN TXT "google-site-verification=K4bXz6_akRl-syxq-Xa0kgcDmw62uMbueQ5B1hmjJfA"
578fightwhitegenocide.com. 3600 IN TXT "v=spf1 a mx ptr include:secureserver.net ~all"
579fightwhitegenocide.com. 3600 IN MX 0 mail.fightwhitegenocide.com.
580fightwhitegenocide.com. 3600 IN SOA ns65.domaincontrol.com. dns.jomax.net. 2019040302 28800 7200 604800 600
581fightwhitegenocide.com. 10800 IN A 23.229.234.138
582fightwhitegenocide.com. 3600 IN NS ns65.domaincontrol.com.
583fightwhitegenocide.com. 3600 IN NS ns66.domaincontrol.com.
584
585;; ADDITIONAL SECTION:
586ns65.domaincontrol.com. 3920 IN A 97.74.102.43
587ns66.domaincontrol.com. 34227 IN A 173.201.70.43
588ns65.domaincontrol.com. 3920 IN AAAA 2603:5:2164::2b
589ns66.domaincontrol.com. 34227 IN AAAA 2603:5:2264::2b
590
591Received 405 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 100 ms
592#################################################################################################################################
593
594; <<>> DiG 9.11.16-2-Debian <<>> +trace fightwhitegenocide.com any
595;; global options: +cmd
596. 23251 IN NS a.root-servers.net.
597. 23251 IN NS b.root-servers.net.
598. 23251 IN NS c.root-servers.net.
599. 23251 IN NS d.root-servers.net.
600. 23251 IN NS e.root-servers.net.
601. 23251 IN NS f.root-servers.net.
602. 23251 IN NS g.root-servers.net.
603. 23251 IN NS h.root-servers.net.
604. 23251 IN NS i.root-servers.net.
605. 23251 IN NS j.root-servers.net.
606. 23251 IN NS k.root-servers.net.
607. 23251 IN NS l.root-servers.net.
608. 23251 IN NS m.root-servers.net.
609. 23251 IN RRSIG NS 8 0 518400 20200401050000 20200319040000 33853 . B3YXtn4NP7F4Mmz433w+D9K44DZZBZGg42mA3MiPA2BmABNBMMifiBIf 2HFQMlZgheM0MmYGP8ttqX4hrRVNBbEi8cJrKQCGKei3yNyDN97Hyb7v jaZHU1/JMo/tqohMHmneUjKSSotkyix9lmOC7r8CxdG10k3X0QY9/Z5J l38szvHxmroMv2i09ouE9ATWx7+heQtUObBpmlmTMbCb8dNERp+I4kVC NbyvXqiu/8JMuhtDHGWNw/yd97lyh2wCgJooDP2uLyPKBbBC3fLEzYet C/agaiSZYjVM+YJXH7FZVYjh3098wqJ3VHBgQ8Gz5/Dk/Gi13/lA3qxh ylhQ+w==
610;; Received 525 bytes from 10.101.0.243#53(10.101.0.243) in 279 ms
611
612com. 172800 IN NS a.gtld-servers.net.
613com. 172800 IN NS b.gtld-servers.net.
614com. 172800 IN NS c.gtld-servers.net.
615com. 172800 IN NS d.gtld-servers.net.
616com. 172800 IN NS e.gtld-servers.net.
617com. 172800 IN NS f.gtld-servers.net.
618com. 172800 IN NS g.gtld-servers.net.
619com. 172800 IN NS h.gtld-servers.net.
620com. 172800 IN NS i.gtld-servers.net.
621com. 172800 IN NS j.gtld-servers.net.
622com. 172800 IN NS k.gtld-servers.net.
623com. 172800 IN NS l.gtld-servers.net.
624com. 172800 IN NS m.gtld-servers.net.
625com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
626com. 86400 IN RRSIG DS 8 1 86400 20200401050000 20200319040000 33853 . KbpOwQfic6davPdARGLxLq75ug6QdxXXnMgjizE+kHLd/10oC3lKRsut gB1uhRHSuZsjzBq/qUJiDxDEiTrqjfMlqTG17GU58svxdw8R88rQPWyg K2zUxD6W72XS8Wc7a6m8BIktluHSRnBsM8xz6VM5du6ZNHSRXYRXdrj5 zEXVPDyEHlav3YL0fRK9xLwfIhLL003FNs1zT/WymwR6XgbwoLu+5tzt TzmcDVtT0G6F9BR9NtGLjugEkaQxM80RpdHGahxcbZLoDLsj+VuTeZj9 OmW81Ln6gl09WAhJVjW0TWNlJrbO1Yk1cm8HQRc5bSVf01OxkzMcM1Lp LpvstA==
627;; Received 1182 bytes from 2001:500:2d::d#53(d.root-servers.net) in 27 ms
628
629fightwhitegenocide.com. 172800 IN NS ns66.domaincontrol.com.
630fightwhitegenocide.com. 172800 IN NS ns65.domaincontrol.com.
631CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
632CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200326044915 20200319033915 56311 com. uZZHzB2EvBDgdpDnljWv+OCLIsJ2kQ/LqRjkoP7AouEaK5FdUZU04nML ElDLLmkAuOCbswdKtxbKL52iD7peTIycIjy5Rume4UNj5LWaeMq166gy 2llpNr4XsYOweAhFS78q0KP/STs2meI/ERPCDJmnlp+RGAGwR+csMEOb YHpp/1pG4s641I7YVBNnH5z6h0HoSMTglOQCYzo7Vp7mAQ==
6334D6SRCALRLFSDDAFU70K6JCF0T6RUR15.com. 86400 IN NSEC3 1 1 0 - 4D6UUV1246VR78EANCFQKK35GGABGEPJ NS DS RRSIG
6344D6SRCALRLFSDDAFU70K6JCF0T6RUR15.com. 86400 IN RRSIG NSEC3 8 2 86400 20200324042755 20200317031755 56311 com. XjUI3mjGzZoAVfoEFUFK7UTmyCJ/RRrGXfrm+5Kl/akltr/3Iv56yKnW H8z9FBPrdBtx2m9oPVTPIYV0R1lTus/hGWBnHpfQZ2qKie37PwaUrqq0 xABqbYowpez3RMHuNU4PojdtUU7aE3BecrfmAHdfyjEtcXsFOXupLRJP avchzE6D0lj3u0L+vKsXxjImHfSORmDLzIFbg1aeZTWLcA==
635;; Received 740 bytes from 192.54.112.30#53(h.gtld-servers.net) in 164 ms
636
637fightwhitegenocide.com. 10800 IN A 23.229.234.138
638fightwhitegenocide.com. 3600 IN NS ns65.domaincontrol.com.
639fightwhitegenocide.com. 3600 IN NS ns66.domaincontrol.com.
640fightwhitegenocide.com. 3600 IN SOA ns65.domaincontrol.com. dns.jomax.net. 2019040302 28800 7200 604800 600
641fightwhitegenocide.com. 3600 IN MX 0 mail.fightwhitegenocide.com.
642fightwhitegenocide.com. 3600 IN TXT "google-site-verification=K4bXz6_akRl-syxq-Xa0kgcDmw62uMbueQ5B1hmjJfA"
643fightwhitegenocide.com. 3600 IN TXT "v=spf1 a mx ptr include:secureserver.net ~all"
644;; Received 328 bytes from 2603:5:2264::2b#53(ns66.domaincontrol.com) in 33 ms
645
646#################################################################################################################################
647[*] Performing General Enumeration of Domain: fightwhitegenocide.com
648[-] DNSSEC is not configured for fightwhitegenocide.com
649[*] SOA ns65.domaincontrol.com 97.74.102.43
650[*] NS ns66.domaincontrol.com 173.201.70.43
651[*] NS ns66.domaincontrol.com 2603:5:2264::2b
652[*] NS ns65.domaincontrol.com 97.74.102.43
653[*] NS ns65.domaincontrol.com 2603:5:2164::2b
654[*] MX mail.fightwhitegenocide.com 23.229.234.138
655[*] A fightwhitegenocide.com 23.229.234.138
656[*] Enumerating SRV Records
657[*] SRV _autodiscover._tcp.fightwhitegenocide.com cpanelemaildiscovery.cpanel.net 208.74.120.173 443 0
658[*] SRV _autodiscover._tcp.fightwhitegenocide.com cpanelemaildiscovery.cpanel.net 208.74.123.37 443 0
659[+] 2 Records Found
660#################################################################################################################################
661
662 AVAILABLE PLUGINS
663 -----------------
664
665 SessionRenegotiationPlugin
666 SessionResumptionPlugin
667 CompressionPlugin
668 OpenSslCipherSuitesPlugin
669 CertificateInfoPlugin
670 FallbackScsvPlugin
671 HttpHeadersPlugin
672 EarlyDataPlugin
673 OpenSslCcsInjectionPlugin
674 RobotPlugin
675 HeartbleedPlugin
676
677
678
679 CHECKING HOST(S) AVAILABILITY
680 -----------------------------
681
682 23.229.234.138:443 => 23.229.234.138
683
684
685
686
687 SCAN RESULTS FOR 23.229.234.138:443 - 23.229.234.138
688 ----------------------------------------------------
689
690 * TLSV1_3 Cipher Suites:
691 Server rejected all cipher suites.
692
693 * TLS 1.2 Session Resumption Support:
694 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
695 With TLS Tickets: OK - Supported
696
697 * Session Renegotiation:
698 Client-initiated Renegotiation: OK - Rejected
699 Secure Renegotiation: OK - Supported
700
701 * Deflate Compression:
702 OK - Compression disabled
703
704 * ROBOT Attack:
705 UNKNOWN - Received inconsistent results
706
707 * Certificate Information:
708Unhandled exception while running --certinfo:
709timeout - timed out
710
711 * Downgrade Attacks:
712Unhandled exception while running --fallback:
713timeout - timed out
714
715 * OpenSSL Heartbleed:
716Unhandled exception while running --heartbleed:
717timeout - timed out
718
719 * TLSV1_1 Cipher Suites:
720Unhandled exception while running --tlsv1_1:
721timeout - timed out
722
723 * TLSV1_2 Cipher Suites:
724Unhandled exception while running --tlsv1_2:
725timeout - timed out
726
727 * OpenSSL CCS Injection:
728 OK - Not vulnerable to OpenSSL CCS injection
729
730 * SSLV2 Cipher Suites:
731 Server rejected all cipher suites.
732
733 * TLSV1 Cipher Suites:
734 Server rejected all cipher suites.
735 Undefined - An unexpected error happened:
736 TLS_RSA_WITH_NULL_SHA timeout - timed out
737 TLS_RSA_WITH_NULL_MD5 timeout - timed out
738 TLS_ECDH_anon_WITH_AES_256_CBC_SHA timeout - timed out
739 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
740 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
741 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
742 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
743 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
744 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
745 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
746 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
747 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
748 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
749 TLS_DH_anon_WITH_AES_256_GCM_SHA384 timeout - timed out
750 TLS_DH_anon_WITH_AES_256_CBC_SHA256 timeout - timed out
751 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
752 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
753 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
754 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
755 TLS_DH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
756 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
757 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
758 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
759 TLS_DH_DSS_WITH_AES_256_CBC_SHA timeout - timed out
760 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
761 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
762 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
763 TLS_DHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
764 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
765 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
766 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
767 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
768
769 * SSLV3 Cipher Suites:
770 Server rejected all cipher suites.
771 Undefined - An unexpected error happened:
772 TLS_RSA_WITH_NULL_SHA256 timeout - timed out
773 TLS_RSA_WITH_NULL_SHA timeout - timed out
774 TLS_RSA_WITH_NULL_MD5 timeout - timed out
775 TLS_RSA_WITH_DES_CBC_SHA timeout - timed out
776 TLS_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
777 TLS_RSA_EXPORT_WITH_RC4_40_MD5 timeout - timed out
778 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 timeout - timed out
779 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
780 TLS_ECDH_anon_WITH_NULL_SHA timeout - timed out
781 TLS_ECDH_RSA_WITH_NULL_SHA timeout - timed out
782 TLS_ECDH_ECDSA_WITH_NULL_SHA timeout - timed out
783 TLS_ECDHE_RSA_WITH_NULL_SHA timeout - timed out
784 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
785 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
786 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
787 TLS_ECDHE_ECDSA_WITH_NULL_SHA timeout - timed out
788 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
789 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
790 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
791 TLS_DH_anon_WITH_DES_CBC_SHA timeout - timed out
792 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 timeout - timed out
793 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
794 TLS_DH_RSA_WITH_DES_CBC_SHA timeout - timed out
795 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
796 TLS_DH_DSS_WITH_DES_CBC_SHA timeout - timed out
797 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
798 TLS_DHE_RSA_WITH_DES_CBC_SHA timeout - timed out
799 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
800 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
801 TLS_DHE_DSS_WITH_DES_CBC_SHA timeout - timed out
802 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
803 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
804
805
806 SCAN COMPLETED IN 178.98 S
807 --------------------------
808#################################################################################################################################
809traceroute to www.fightwhitegenocide.com (23.229.234.138), 30 hops max, 60 byte packets
810 1 _gateway (10.203.37.1) 126.528 ms 126.522 ms 126.505 ms
811 2 * * *
812 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 131.226 ms 131.438 ms 131.415 ms
813 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 131.150 ms 131.132 ms 131.240 ms
814 5 be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190) 136.524 ms 136.491 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 137.059 ms
815 6 be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226) 136.961 ms be3377.ccr21.sto01.atlas.cogentco.com (154.54.36.90) 132.650 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226) 132.580 ms
816 7 ae-11.edge4.Stockholm2.Level3.net (4.68.106.129) 137.515 ms ae-10.edge4.Stockholm2.Level3.net (4.68.106.125) 137.392 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129) 137.405 ms
817 8 * * *
818 9 4.28.83.74 (4.28.83.74) 300.459 ms 301.038 ms 300.470 ms
81910 148.72.32.7 (148.72.32.7) 301.565 ms 148.72.32.11 (148.72.32.11) 305.922 ms 148.72.32.7 (148.72.32.7) 298.776 ms
82011 be39.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.73) 297.775 ms 297.483 ms 297.410 ms
821#################################################################################################################################
822Domains still to check: 1
823 Checking if the hostname fightwhitegenocide.com. given is in fact a domain...
824
825Analyzing domain: fightwhitegenocide.com.
826 Checking NameServers using system default resolver...
827 IP: 173.201.70.43 (United States)
828 HostName: ns66.domaincontrol.com Type: NS
829 HostName: ns66.domaincontrol.com Type: PTR
830 IP: 97.74.102.43 (United States)
831 HostName: ns65.domaincontrol.com Type: NS
832 HostName: ns65.domaincontrol.com Type: PTR
833
834 Checking MailServers using system default resolver...
835 IP: 23.229.234.138 (United States)
836 HostName: mail.fightwhitegenocide.com Type: MX
837 HostName: ip-23-229-234-138.ip.secureserver.net Type: PTR
838
839 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
840 No zone transfer found on nameserver 97.74.102.43
841 No zone transfer found on nameserver 173.201.70.43
842
843 Checking SPF record...
844
845 Checking SPF record...
846 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 97.74.135.0/24, but only the network IP
847 New IP found: 97.74.135.0
848 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 72.167.238.0/24, but only the network IP
849 New IP found: 72.167.238.0
850 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 72.167.234.0/24, but only the network IP
851 New IP found: 72.167.234.0
852 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 72.167.218.0/24, but only the network IP
853 New IP found: 72.167.218.0
854 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 68.178.252.0/24, but only the network IP
855 New IP found: 68.178.252.0
856 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 68.178.213.0/24, but only the network IP
857 New IP found: 68.178.213.0
858 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.69.139.0/24, but only the network IP
859 New IP found: 216.69.139.0
860 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 208.109.80.0/24, but only the network IP
861 New IP found: 208.109.80.0
862 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 188.121.52.0/23, but only the network IP
863 New IP found: 188.121.52.0
864 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 188.121.43.0/24, but only the network IP
865 New IP found: 188.121.43.0
866
867 Checking SPF record...
868 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 198.71.224.0/19, but only the network IP
869 New IP found: 198.71.224.0
870 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 184.168.224.0/24, but only the network IP
871 New IP found: 184.168.224.0
872 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 184.168.200.0/24, but only the network IP
873 New IP found: 184.168.200.0
874 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 184.168.131.0/24, but only the network IP
875 New IP found: 184.168.131.0
876 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 184.168.128.0/24, but only the network IP
877 New IP found: 184.168.128.0
878 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 182.50.144.0/23, but only the network IP
879 New IP found: 182.50.144.0
880 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 182.50.132.0/24, but only the network IP
881 New IP found: 182.50.132.0
882 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 173.201.192.0/23, but only the network IP
883 New IP found: 173.201.192.0
884
885 Checking SPF record...
886 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
887 New IP found: 40.92.0.0
888 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
889 New IP found: 40.107.0.0
890 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
891 New IP found: 52.100.0.0
892 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
893 New IP found: 104.47.0.0
894 There are no IPv4 addresses in the SPF. Maybe IPv6.
895 There are no IPv4 addresses in the SPF. Maybe IPv6.
896
897 Checking 192 most common hostnames using system default resolver...
898 IP: 23.229.234.138 (United States)
899 HostName: mail.fightwhitegenocide.com Type: MX
900 HostName: ip-23-229-234-138.ip.secureserver.net Type: PTR
901 HostName: www.fightwhitegenocide.com. Type: A
902 IP: 23.229.234.138 (United States)
903 HostName: mail.fightwhitegenocide.com Type: MX
904 HostName: ip-23-229-234-138.ip.secureserver.net Type: PTR
905 HostName: www.fightwhitegenocide.com. Type: A
906 HostName: mail.fightwhitegenocide.com. Type: A
907 IP: 23.229.234.138 (United States)
908 HostName: mail.fightwhitegenocide.com Type: MX
909 HostName: ip-23-229-234-138.ip.secureserver.net Type: PTR
910 HostName: www.fightwhitegenocide.com. Type: A
911 HostName: mail.fightwhitegenocide.com. Type: A
912 HostName: webmail.fightwhitegenocide.com. Type: A
913
914 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
915 Checking netblock 52.100.0.0
916 Checking netblock 188.121.52.0
917 Checking netblock 97.74.102.0
918 Checking netblock 208.109.80.0
919 Checking netblock 173.201.192.0
920 Checking netblock 68.178.252.0
921 Checking netblock 72.167.218.0
922 Checking netblock 173.201.70.0
923 Checking netblock 198.71.224.0
924 Checking netblock 184.168.200.0
925 Checking netblock 184.168.128.0
926 Checking netblock 23.229.234.0
927 Checking netblock 184.168.131.0
928 Checking netblock 184.168.224.0
929 Checking netblock 40.107.0.0
930 Checking netblock 40.92.0.0
931 Checking netblock 182.50.144.0
932 Checking netblock 182.50.132.0
933 Checking netblock 97.74.135.0
934 Checking netblock 72.167.238.0
935 Checking netblock 104.47.0.0
936 Checking netblock 188.121.43.0
937 Checking netblock 216.69.139.0
938 Checking netblock 68.178.213.0
939 Checking netblock 72.167.234.0
940
941 Searching for fightwhitegenocide.com. emails in Google
942 info@fightwhitegenocide.com;
943
944 Checking 25 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
945 Host 52.100.0.0 is down
946 Host 188.121.52.0 is down
947 Host 97.74.102.43 is up (echo-reply ttl 51)
948 Host 208.109.80.0 is up (reset ttl 12)
949 Host 173.201.192.0 is down
950 Host 68.178.252.0 is down
951 Host 72.167.218.0 is down
952 Host 173.201.70.43 is up (echo-reply ttl 52)
953 Host 198.71.224.0 is down
954 Host 184.168.200.0 is down
955 Host 184.168.128.0 is down
956 Host 23.229.234.138 is up (syn-ack ttl 43)
957 Host 184.168.131.0 is down
958 Host 184.168.224.0 is down
959 Host 40.107.0.0 is down
960 Host 40.92.0.0 is down
961 Host 182.50.144.0 is down
962 Host 182.50.132.0 is down
963 Host 97.74.135.0 is down
964 Host 72.167.238.0 is up (reset ttl 25)
965 Host 104.47.0.0 is down
966 Host 188.121.43.0 is down
967 Host 216.69.139.0 is down
968 Host 68.178.213.0 is down
969 Host 72.167.234.0 is down
970
971 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
972 Scanning ip 97.74.102.43 (ns65.domaincontrol.com (PTR)):
973 53/tcp open tcpwrapped syn-ack ttl 52
974 Scanning ip 208.109.80.0 ():
975 Scanning ip 173.201.70.43 (ns66.domaincontrol.com (PTR)):
976 53/tcp open tcpwrapped syn-ack ttl 51
977 Scanning ip 23.229.234.138 (webmail.fightwhitegenocide.com.):
978 21/tcp open ftp syn-ack ttl 43 Pure-FTPd
979 22/tcp open ssh syn-ack ttl 43 OpenSSH 5.3 (protocol 2.0)
980 25/tcp open smtp? syn-ack ttl 43
981 |_smtp-commands: Couldn't establish connection on port 25
982 80/tcp open http syn-ack ttl 43 Apache httpd (PHP 5.6.40)
983 110/tcp open pop3 syn-ack ttl 43 Dovecot pop3d
984 143/tcp open imap syn-ack ttl 43 Dovecot imapd
985 443/tcp open ssl/http syn-ack ttl 43 Apache httpd (PHP 5.6.40)
986 465/tcp open ssl/smtp syn-ack ttl 43 Exim smtpd 4.92
987 |_smtp-commands: Couldn't establish connection on port 465
988 587/tcp open smtp syn-ack ttl 43 Exim smtpd 4.92
989 |_smtp-commands: Couldn't establish connection on port 587
990 993/tcp open ssl/imaps? syn-ack ttl 43
991 995/tcp open ssl/pop3s? syn-ack ttl 43
992 3306/tcp open mysql syn-ack ttl 43 MySQL 5.6.44-cll-lve
993 OS Info: Service Info: Host: p3plcpnl0719.prod.phx3.secureserver.net
994 Scanning ip 72.167.238.0 ():
995 WebCrawling domain's web servers... up to 50 max links.
996
997 + URL to crawl: http://webmail.fightwhitegenocide.com.
998 + Date: 2020-03-19
999
1000 + Crawling URL: http://webmail.fightwhitegenocide.com.:
1001 + Links:
1002 + Crawling http://webmail.fightwhitegenocide.com. (timed out)
1003 + Searching for directories...
1004 + Searching open folders...
1005
1006
1007 + URL to crawl: http://mail.fightwhitegenocide.com.
1008 + Date: 2020-03-19
1009
1010 + Crawling URL: http://mail.fightwhitegenocide.com.:
1011 + Links:
1012 + Crawling http://mail.fightwhitegenocide.com. (timed out)
1013 + Searching for directories...
1014 + Searching open folders...
1015
1016
1017 + URL to crawl: http://mail.fightwhitegenocide.com
1018 + Date: 2020-03-19
1019
1020 + Crawling URL: http://mail.fightwhitegenocide.com:
1021 + Links:
1022 + Crawling http://mail.fightwhitegenocide.com (timed out)
1023 + Searching for directories...
1024 + Searching open folders...
1025
1026
1027 + URL to crawl: http://www.fightwhitegenocide.com.
1028 + Date: 2020-03-19
1029
1030 + Crawling URL: http://www.fightwhitegenocide.com.:
1031 + Links:
1032 + Crawling http://www.fightwhitegenocide.com. (timed out)
1033 + Searching for directories...
1034 + Searching open folders...
1035
1036
1037 + URL to crawl: https://webmail.fightwhitegenocide.com.
1038 + Date: 2020-03-19
1039
1040 + Crawling URL: https://webmail.fightwhitegenocide.com.:
1041 + Links:
1042 + Crawling https://webmail.fightwhitegenocide.com. (timed out)
1043 + Searching for directories...
1044 + Searching open folders...
1045
1046
1047 + URL to crawl: https://mail.fightwhitegenocide.com.
1048 + Date: 2020-03-19
1049
1050 + Crawling URL: https://mail.fightwhitegenocide.com.:
1051 + Links:
1052 + Crawling https://mail.fightwhitegenocide.com. (timed out)
1053 + Searching for directories...
1054 + Searching open folders...
1055
1056
1057 + URL to crawl: https://mail.fightwhitegenocide.com
1058 + Date: 2020-03-19
1059
1060 + Crawling URL: https://mail.fightwhitegenocide.com:
1061 + Links:
1062 + Crawling https://mail.fightwhitegenocide.com (timed out)
1063 + Searching for directories...
1064 + Searching open folders...
1065
1066
1067 + URL to crawl: https://www.fightwhitegenocide.com.
1068 + Date: 2020-03-19
1069
1070 + Crawling URL: https://www.fightwhitegenocide.com.:
1071 + Links:
1072 + Crawling https://www.fightwhitegenocide.com. (timed out)
1073 + Searching for directories...
1074 + Searching open folders...
1075
1076--Finished--
1077Summary information for domain fightwhitegenocide.com.
1078-----------------------------------------
1079 Domain Specific Information:
1080 Email: info@fightwhitegenocide.com;
1081
1082 Domain Ips Information:
1083 IP: 52.100.0.0
1084 Type: SPF
1085 Is Active: False
1086 IP: 188.121.52.0
1087 Type: SPF
1088 Is Active: False
1089 IP: 97.74.102.43
1090 HostName: ns65.domaincontrol.com Type: NS
1091 HostName: ns65.domaincontrol.com Type: PTR
1092 Country: United States
1093 Is Active: True (echo-reply ttl 51)
1094 Port: 53/tcp open tcpwrapped syn-ack ttl 52
1095 IP: 208.109.80.0
1096 Type: SPF
1097 Is Active: True (reset ttl 12)
1098 IP: 173.201.192.0
1099 Type: SPF
1100 Is Active: False
1101 IP: 68.178.252.0
1102 Type: SPF
1103 Is Active: False
1104 IP: 72.167.218.0
1105 Type: SPF
1106 Is Active: False
1107 IP: 173.201.70.43
1108 HostName: ns66.domaincontrol.com Type: NS
1109 HostName: ns66.domaincontrol.com Type: PTR
1110 Country: United States
1111 Is Active: True (echo-reply ttl 52)
1112 Port: 53/tcp open tcpwrapped syn-ack ttl 51
1113 IP: 198.71.224.0
1114 Type: SPF
1115 Is Active: False
1116 IP: 184.168.200.0
1117 Type: SPF
1118 Is Active: False
1119 IP: 184.168.128.0
1120 Type: SPF
1121 Is Active: False
1122 IP: 23.229.234.138
1123 HostName: mail.fightwhitegenocide.com Type: MX
1124 HostName: ip-23-229-234-138.ip.secureserver.net Type: PTR
1125 HostName: www.fightwhitegenocide.com. Type: A
1126 HostName: mail.fightwhitegenocide.com. Type: A
1127 HostName: webmail.fightwhitegenocide.com. Type: A
1128 Country: United States
1129 Is Active: True (syn-ack ttl 43)
1130 Port: 21/tcp open ftp syn-ack ttl 43 Pure-FTPd
1131 Port: 22/tcp open ssh syn-ack ttl 43 OpenSSH 5.3 (protocol 2.0)
1132 Port: 25/tcp open smtp? syn-ack ttl 43
1133 Script Info: |_smtp-commands: Couldn't establish connection on port 25
1134 Port: 80/tcp open http syn-ack ttl 43 Apache httpd (PHP 5.6.40)
1135 Port: 110/tcp open pop3 syn-ack ttl 43 Dovecot pop3d
1136 Port: 143/tcp open imap syn-ack ttl 43 Dovecot imapd
1137 Port: 443/tcp open ssl/http syn-ack ttl 43 Apache httpd (PHP 5.6.40)
1138 Port: 465/tcp open ssl/smtp syn-ack ttl 43 Exim smtpd 4.92
1139 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1140 Port: 587/tcp open smtp syn-ack ttl 43 Exim smtpd 4.92
1141 Script Info: |_smtp-commands: Couldn't establish connection on port 587
1142 Port: 993/tcp open ssl/imaps? syn-ack ttl 43
1143 Port: 995/tcp open ssl/pop3s? syn-ack ttl 43
1144 Port: 3306/tcp open mysql syn-ack ttl 43 MySQL 5.6.44-cll-lve
1145 Os Info: Host: p3plcpnl0719.prod.phx3.secureserver.net
1146 IP: 184.168.131.0
1147 Type: SPF
1148 Is Active: False
1149 IP: 184.168.224.0
1150 Type: SPF
1151 Is Active: False
1152 IP: 40.107.0.0
1153 Type: SPF
1154 Is Active: False
1155 IP: 40.92.0.0
1156 Type: SPF
1157 Is Active: False
1158 IP: 182.50.144.0
1159 Type: SPF
1160 Is Active: False
1161 IP: 182.50.132.0
1162 Type: SPF
1163 Is Active: False
1164 IP: 97.74.135.0
1165 Type: SPF
1166 Is Active: False
1167 IP: 72.167.238.0
1168 Type: SPF
1169 Is Active: True (reset ttl 25)
1170 IP: 104.47.0.0
1171 Type: SPF
1172 Is Active: False
1173 IP: 188.121.43.0
1174 Type: SPF
1175 Is Active: False
1176 IP: 216.69.139.0
1177 Type: SPF
1178 Is Active: False
1179 IP: 68.178.213.0
1180 Type: SPF
1181 Is Active: False
1182 IP: 72.167.234.0
1183 Type: SPF
1184 Is Active: False
1185
1186--------------End Summary --------------
1187-----------------------------------------
1188#################################################################################################################################
1189----- fightwhitegenocide.com -----
1190
1191
1192Host's addresses:
1193__________________
1194
1195fightwhitegenocide.com. 9063 IN A 23.229.234.138
1196
1197
1198Name Servers:
1199______________
1200
1201ns65.domaincontrol.com. 85809 IN A 97.74.102.43
1202ns66.domaincontrol.com. 85809 IN A 173.201.70.43
1203
1204
1205Mail (MX) Servers:
1206___________________
1207
1208mail.fightwhitegenocide.com. 3009 IN CNAME fightwhitegenocide.com.
1209fightwhitegenocide.com. 9062 IN A 23.229.234.138
1210
1211
1212Trying Zone Transfers and getting Bind Versions:
1213_________________________________________________
1214
1215
1216Trying Zone Transfer for fightwhitegenocide.com on ns65.domaincontrol.com ...
1217AXFR record query failed: corrupt packet
1218
1219Trying Zone Transfer for fightwhitegenocide.com on ns66.domaincontrol.com ...
1220AXFR record query failed: corrupt packet
1221
1222
1223Scraping fightwhitegenocide.com subdomains from Google:
1224________________________________________________________
1225
1226
1227 ---- Google search page: 1 ----
1228
1229
1230
1231Google Results:
1232________________
1233
1234 perhaps Google is blocking our queries.
1235 Check manually.
1236
1237
1238Brute forcing with /usr/share/dnsenum/dns.txt:
1239_______________________________________________
1240
1241admin.fightwhitegenocide.com. 10800 IN A 23.229.234.138
1242mail.fightwhitegenocide.com. 2976 IN CNAME fightwhitegenocide.com.
1243fightwhitegenocide.com. 9029 IN A 23.229.234.138
1244webmail.fightwhitegenocide.com. 3478 IN CNAME fightwhitegenocide.com.
1245fightwhitegenocide.com. 9005 IN A 23.229.234.138
1246www.fightwhitegenocide.com. 10668 IN CNAME fightwhitegenocide.com.
1247fightwhitegenocide.com. 9004 IN A 23.229.234.138
1248
1249
1250Launching Whois Queries:
1251_________________________
1252
1253 whois ip result: 23.229.234.0 -> 23.229.128.0/17
1254
1255
1256fightwhitegenocide.com______________________
1257
1258 23.229.128.0/17
1259################################################################################################################################
1260dnsenum VERSION:1.2.6
1261
1262----- www.fightwhitegenocide.com -----
1263
1264
1265Host's addresses:
1266__________________
1267
1268fightwhitegenocide.com. 9654 IN A 23.229.234.138
1269
1270
1271Name Servers:
1272______________
1273
1274ns66.domaincontrol.com. 86399 IN A 173.201.70.43
1275ns65.domaincontrol.com. 86399 IN A 97.74.102.43
1276
1277
1278Mail (MX) Servers:
1279___________________
1280
1281mail.fightwhitegenocide.com. 3600 IN CNAME fightwhitegenocide.com.
1282fightwhitegenocide.com. 9653 IN A 23.229.234.138
1283
1284
1285Trying Zone Transfers and getting Bind Versions:
1286_________________________________________________
1287
1288
1289Trying Zone Transfer for www.fightwhitegenocide.com on ns66.domaincontrol.com ...
1290
1291Trying Zone Transfer for www.fightwhitegenocide.com on ns65.domaincontrol.com ...
1292
1293
1294Brute forcing with /usr/share/sniper/wordlists/vhosts.txt:
1295___________________________________________________________
1296
1297
1298
1299www.fightwhitegenocide.com class C netranges:
1300______________________________________________
1301
1302
1303
1304www.fightwhitegenocide.com ip blocks:
1305______________________________________
1306
1307 /32
1308
1309done.
1310#################################################################################################################################
1311Source:
1312whois.arin.net
1313IP Address:
131423.229.234.138
1315Name:
1316GO-DADDY-COM-LLC
1317Handle:
1318NET-23-229-128-0-1
1319Registration Date:
13209/17/13
1321Range:
132223.229.128.0-23.229.255.255
1323Org:
1324GoDaddy.com, LLC
1325Org Handle:
1326GODAD
1327Address:
132814455 N Hayden Road
1329City:
1330Scottsdale
1331State/Province:
1332AZ
1333Postal Code:
133485260
1335Country:
1336United States
1337Name Servers:
1338#################################################################################################################################
1339URLCrazy Domain Report
1340Domain : www.fightwhitegenocide.com
1341Keyboard : qwerty
1342At : 2020-03-19 11:07:17 -0400
1343
1344# Please wait. 295 hostnames to process
1345
1346Typo Type Typo DNS-A CC-A DNS-MX Extn
1347-------------------------------------------------------------------------------------------------------------------------------------
1348Character Omission ww.fightwhitegenocide.com ? com
1349Character Omission www.fghtwhitegenocide.com ? com
1350Character Omission www.fighthitegenocide.com ? com
1351Character Omission www.fightwhiegenocide.com ? com
1352Character Omission www.fightwhiteenocide.com ? com
1353Character Omission www.fightwhitegencide.com ? com
1354Character Omission www.fightwhitegenocde.com ? com
1355Character Omission www.fightwhitegenocid.com ? com
1356Character Omission www.fightwhitegenocide.cm ? cm
1357Character Omission www.fightwhitegenocie.com ? com
1358Character Omission www.fightwhitegenoide.com ? com
1359Character Omission www.fightwhitegeocide.com ? com
1360Character Omission www.fightwhitegnocide.com ? com
1361Character Omission www.fightwhitgenocide.com ? com
1362Character Omission www.fightwhtegenocide.com ? com
1363Character Omission www.fightwitegenocide.com ? com
1364Character Omission www.fighwhitegenocide.com ? com
1365Character Omission www.figtwhitegenocide.com ? com
1366Character Omission www.fihtwhitegenocide.com ? com
1367Character Omission www.ightwhitegenocide.com ? com
1368Character Omission wwwfightwhitegenocide.com ? com
1369Character Repeat www.ffightwhitegenocide.com ? com
1370Character Repeat www.figghtwhitegenocide.com ? com
1371Character Repeat www.fighhtwhitegenocide.com ? com
1372Character Repeat www.fighttwhitegenocide.com ? com
1373Character Repeat www.fightwhhitegenocide.com ? com
1374Character Repeat www.fightwhiitegenocide.com ? com
1375Character Repeat www.fightwhiteegenocide.com ? com
1376Character Repeat www.fightwhitegeenocide.com ? com
1377Character Repeat www.fightwhitegennocide.com ? com
1378Character Repeat www.fightwhitegenoccide.com ? com
1379Character Repeat www.fightwhitegenocidde.com ? com
1380Character Repeat www.fightwhitegenocidee.com ? com
1381Character Repeat www.fightwhitegenociide.com ? com
1382Character Repeat www.fightwhitegenoocide.com ? com
1383Character Repeat www.fightwhiteggenocide.com ? com
1384Character Repeat www.fightwhittegenocide.com ? com
1385Character Repeat www.fightwwhitegenocide.com ? com
1386Character Repeat www.fiightwhitegenocide.com ? com
1387Character Repeat wwww.fightwhitegenocide.com ? com
1388Character Swap ww.wfightwhitegenocide.com ? com
1389Character Swap www.fgihtwhitegenocide.com ? com
1390Character Swap www.fighthwitegenocide.com ? com
1391Character Swap www.fightwhietgenocide.com ? com
1392Character Swap www.fightwhiteegnocide.com ? com
1393Character Swap www.fightwhitegencoide.com ? com
1394Character Swap www.fightwhitegenocdie.com ? com
1395Character Swap www.fightwhitegenocied.com ? com
1396Character Swap www.fightwhitegenoicde.com ? com
1397Character Swap www.fightwhitegeoncide.com ? com
1398Character Swap www.fightwhitegneocide.com ? com
1399Character Swap www.fightwhitgeenocide.com ? com
1400Character Swap www.fightwhtiegenocide.com ? com
1401Character Swap www.fightwihtegenocide.com ? com
1402Character Swap www.fighwthitegenocide.com ? com
1403Character Swap www.figthwhitegenocide.com ? com
1404Character Swap www.fihgtwhitegenocide.com ? com
1405Character Swap www.ifghtwhitegenocide.com ? com
1406Character Swap wwwf.ightwhitegenocide.com ? com
1407Character Replacement eww.fightwhitegenocide.com ? com
1408Character Replacement qww.fightwhitegenocide.com ? com
1409Character Replacement wew.fightwhitegenocide.com ? com
1410Character Replacement wqw.fightwhitegenocide.com ? com
1411Character Replacement wwe.fightwhitegenocide.com ? com
1412Character Replacement wwq.fightwhitegenocide.com ? com
1413Character Replacement www.dightwhitegenocide.com ? com
1414Character Replacement www.fifhtwhitegenocide.com ? com
1415Character Replacement www.figgtwhitegenocide.com ? com
1416Character Replacement www.fighrwhitegenocide.com ? com
1417Character Replacement www.fightehitegenocide.com ? com
1418Character Replacement www.fightqhitegenocide.com ? com
1419Character Replacement www.fightwgitegenocide.com ? com
1420Character Replacement www.fightwhiregenocide.com ? com
1421Character Replacement www.fightwhitefenocide.com ? com
1422Character Replacement www.fightwhitegebocide.com ? com
1423Character Replacement www.fightwhitegemocide.com ? com
1424Character Replacement www.fightwhitegenicide.com ? com
1425Character Replacement www.fightwhitegenocidr.com ? com
1426Character Replacement www.fightwhitegenocidw.com ? com
1427Character Replacement www.fightwhitegenocife.com ? com
1428Character Replacement www.fightwhitegenocise.com ? com
1429Character Replacement www.fightwhitegenocode.com ? com
1430Character Replacement www.fightwhitegenocude.com ? com
1431Character Replacement www.fightwhitegenovide.com ? com
1432Character Replacement www.fightwhitegenoxide.com ? com
1433Character Replacement www.fightwhitegenpcide.com ? com
1434Character Replacement www.fightwhitegrnocide.com ? com
1435Character Replacement www.fightwhitegwnocide.com ? com
1436Character Replacement www.fightwhitehenocide.com ? com
1437Character Replacement www.fightwhitrgenocide.com ? com
1438Character Replacement www.fightwhitwgenocide.com ? com
1439Character Replacement www.fightwhiyegenocide.com ? com
1440Character Replacement www.fightwhotegenocide.com ? com
1441Character Replacement www.fightwhutegenocide.com ? com
1442Character Replacement www.fightwjitegenocide.com ? com
1443Character Replacement www.fighywhitegenocide.com ? com
1444Character Replacement www.figjtwhitegenocide.com ? com
1445Character Replacement www.fihhtwhitegenocide.com ? com
1446Character Replacement www.foghtwhitegenocide.com ? com
1447Character Replacement www.fughtwhitegenocide.com ? com
1448Character Replacement www.gightwhitegenocide.com ? com
1449Double Character Replacement eew.fightwhitegenocide.com ? com
1450Double Character Replacement qqw.fightwhitegenocide.com ? com
1451Double Character Replacement wee.fightwhitegenocide.com ? com
1452Double Character Replacement wqq.fightwhitegenocide.com ? com
1453Character Insertion weww.fightwhitegenocide.com ? com
1454Character Insertion wqww.fightwhitegenocide.com ? com
1455Character Insertion wwew.fightwhitegenocide.com ? com
1456Character Insertion wwqw.fightwhitegenocide.com ? com
1457Character Insertion www.fdightwhitegenocide.com ? com
1458Character Insertion www.fgightwhitegenocide.com ? com
1459Character Insertion www.figfhtwhitegenocide.com ? com
1460Character Insertion www.fighgtwhitegenocide.com ? com
1461Character Insertion www.fighjtwhitegenocide.com ? com
1462Character Insertion www.fightrwhitegenocide.com ? com
1463Character Insertion www.fightwehitegenocide.com ? com
1464Character Insertion www.fightwhgitegenocide.com ? com
1465Character Insertion www.fightwhiotegenocide.com ? com
1466Character Insertion www.fightwhitegenbocide.com ? com
1467Character Insertion www.fightwhitegenmocide.com ? com
1468Character Insertion www.fightwhitegenocider.com ? com
1469Character Insertion www.fightwhitegenocidew.com ? com
1470Character Insertion www.fightwhitegenocidfe.com ? com
1471Character Insertion www.fightwhitegenocidse.com ? com
1472Character Insertion www.fightwhitegenociode.com ? com
1473Character Insertion www.fightwhitegenociude.com ? com
1474Character Insertion www.fightwhitegenocvide.com ? com
1475Character Insertion www.fightwhitegenocxide.com ? com
1476Character Insertion www.fightwhitegenoicide.com ? com
1477Character Insertion www.fightwhitegenopcide.com ? com
1478Character Insertion www.fightwhitegernocide.com ? com
1479Character Insertion www.fightwhitegewnocide.com ? com
1480Character Insertion www.fightwhitegfenocide.com ? com
1481Character Insertion www.fightwhiteghenocide.com ? com
1482Character Insertion www.fightwhitergenocide.com ? com
1483Character Insertion www.fightwhitewgenocide.com ? com
1484Character Insertion www.fightwhitregenocide.com ? com
1485Character Insertion www.fightwhityegenocide.com ? com
1486Character Insertion www.fightwhiutegenocide.com ? com
1487Character Insertion www.fightwhjitegenocide.com ? com
1488Character Insertion www.fightwqhitegenocide.com ? com
1489Character Insertion www.fightywhitegenocide.com ? com
1490Character Insertion www.fioghtwhitegenocide.com ? com
1491Character Insertion www.fiughtwhitegenocide.com ? com
1492Character Insertion wwwe.fightwhitegenocide.com ? com
1493Character Insertion wwwq.fightwhitegenocide.com ? com
1494Missing Dot wwwwww.fightwhitegenocide.com ? com
1495Singular or Pluralise fightwhitegenocide.com 23.229.234.138 mail.fightwhitegenocide.com com
1496Singular or Pluralise fightwhitegenocides.com ? com
1497Vowel Swap www.faghtwhategenocade.com ? com
1498Vowel Swap www.feghtwhetegenocede.com ? com
1499Vowel Swap www.fightwhitaganocida.com ? com
1500Vowel Swap www.fightwhitiginocidi.com ? com
1501Vowel Swap www.fightwhitogonocido.com ? com
1502Vowel Swap www.fightwhitugunocidu.com ? com
1503Vowel Swap www.foghtwhotegenocode.com ? com
1504Vowel Swap www.fughtwhutegenocude.com ? com
1505Homophones www.fayeghtwhayetegenocayede.com ? com
1506Homophones www.feyeghtwheyetegenoceyede.com ? com
1507Homophones www.fightwhightegenocide.com ? com
1508Homophones www.fightwhitegeknowcide.com ? com
1509Bit Flipping 7ww.fightwhitegenocide.com ? com
1510Bit Flipping gww.fightwhitegenocide.com ? com
1511Bit Flipping sww.fightwhitegenocide.com ? com
1512Bit Flipping uww.fightwhitegenocide.com ? com
1513Bit Flipping vww.fightwhitegenocide.com ? com
1514Bit Flipping w7w.fightwhitegenocide.com ? com
1515Bit Flipping wgw.fightwhitegenocide.com ? com
1516Bit Flipping wsw.fightwhitegenocide.com ? com
1517Bit Flipping wuw.fightwhitegenocide.com ? com
1518Bit Flipping wvw.fightwhitegenocide.com ? com
1519Bit Flipping ww7.fightwhitegenocide.com ? com
1520Bit Flipping wwg.fightwhitegenocide.com ? com
1521Bit Flipping wws.fightwhitegenocide.com ? com
1522Bit Flipping wwu.fightwhitegenocide.com ? com
1523Bit Flipping wwv.fightwhitegenocide.com ? com
1524Bit Flipping www.bightwhitegenocide.com ? com
1525Bit Flipping www.faghtwhitegenocide.com ? com
1526Bit Flipping www.fhghtwhitegenocide.com ? com
1527Bit Flipping www.fichtwhitegenocide.com ? com
1528Bit Flipping www.fiehtwhitegenocide.com ? com
1529Bit Flipping www.figh4whitegenocide.com ? com
1530Bit Flipping www.fighdwhitegenocide.com ? com
1531Bit Flipping www.fighpwhitegenocide.com ? com
1532Bit Flipping www.fight7hitegenocide.com ? com
1533Bit Flipping www.fightghitegenocide.com ? com
1534Bit Flipping www.fightshitegenocide.com ? com
1535Bit Flipping www.fightuhitegenocide.com ? com
1536Bit Flipping www.fightvhitegenocide.com ? com
1537Bit Flipping www.fightwhategenocide.com ? com
1538Bit Flipping www.fightwhhtegenocide.com ? com
1539Bit Flipping www.fightwhi4egenocide.com ? com
1540Bit Flipping www.fightwhidegenocide.com ? com
1541Bit Flipping www.fightwhipegenocide.com ? com
1542Bit Flipping www.fightwhitagenocide.com ? com
1543Bit Flipping www.fightwhitdgenocide.com ? com
1544Bit Flipping www.fightwhitecenocide.com ? com
1545Bit Flipping www.fightwhiteeenocide.com ? com
1546Bit Flipping www.fightwhiteganocide.com ? com
1547Bit Flipping www.fightwhitegdnocide.com ? com
1548Bit Flipping www.fightwhitege.ocide.com ? com
1549Bit Flipping www.fightwhitegefocide.com ? com
1550Bit Flipping www.fightwhitegejocide.com ? com
1551Bit Flipping www.fightwhitegelocide.com ? com
1552Bit Flipping www.fightwhitegengcide.com ? com
1553Bit Flipping www.fightwhitegenkcide.com ? com
1554Bit Flipping www.fightwhitegenmcide.com ? com
1555Bit Flipping www.fightwhitegenncide.com ? com
1556Bit Flipping www.fightwhitegenoaide.com ? com
1557Bit Flipping www.fightwhitegenobide.com ? com
1558Bit Flipping www.fightwhitegenocade.com ? com
1559Bit Flipping www.fightwhitegenochde.com ? com
1560Bit Flipping www.fightwhitegenocida.com ? com
1561Bit Flipping www.fightwhitegenocidd.com ? com
1562Bit Flipping www.fightwhitegenocidg.com ? com
1563Bit Flipping www.fightwhitegenocidm.com ? com
1564Bit Flipping www.fightwhitegenocidu.com ? com
1565Bit Flipping www.fightwhitegenociee.com ? com
1566Bit Flipping www.fightwhitegenocile.com ? com
1567Bit Flipping www.fightwhitegenocite.com ? com
1568Bit Flipping www.fightwhitegenockde.com ? com
1569Bit Flipping www.fightwhitegenocmde.com ? com
1570Bit Flipping www.fightwhitegenocyde.com ? com
1571Bit Flipping www.fightwhitegenogide.com ? com
1572Bit Flipping www.fightwhitegenokide.com ? com
1573Bit Flipping www.fightwhitegenoside.com ? com
1574Bit Flipping www.fightwhitegeoocide.com ? com
1575Bit Flipping www.fightwhiteggnocide.com ? com
1576Bit Flipping www.fightwhitegmnocide.com ? com
1577Bit Flipping www.fightwhitegunocide.com ? com
1578Bit Flipping www.fightwhiteoenocide.com ? com
1579Bit Flipping www.fightwhitewenocide.com ? com
1580Bit Flipping www.fightwhitggenocide.com ? com
1581Bit Flipping www.fightwhitmgenocide.com ? com
1582Bit Flipping www.fightwhitugenocide.com ? com
1583Bit Flipping www.fightwhiuegenocide.com ? com
1584Bit Flipping www.fightwhivegenocide.com ? com
1585Bit Flipping www.fightwhktegenocide.com ? com
1586Bit Flipping www.fightwhmtegenocide.com ? com
1587Bit Flipping www.fightwhytegenocide.com ? com
1588Bit Flipping www.fightwiitegenocide.com ? com
1589Bit Flipping www.fightwlitegenocide.com ? com
1590Bit Flipping www.fightwxitegenocide.com ? com
1591Bit Flipping www.fighuwhitegenocide.com ? com
1592Bit Flipping www.fighvwhitegenocide.com ? com
1593Bit Flipping www.figitwhitegenocide.com ? com
1594Bit Flipping www.figltwhitegenocide.com ? com
1595Bit Flipping www.figxtwhitegenocide.com ? com
1596Bit Flipping www.fiohtwhitegenocide.com ? com
1597Bit Flipping www.fiwhtwhitegenocide.com ? com
1598Bit Flipping www.fkghtwhitegenocide.com ? com
1599Bit Flipping www.fmghtwhitegenocide.com ? com
1600Bit Flipping www.fyghtwhitegenocide.com ? com
1601Bit Flipping www.nightwhitegenocide.com ? com
1602Bit Flipping www.vightwhitegenocide.com ? com
1603Bit Flipping wwwnfightwhitegenocide.com ? com
1604Homoglyphs vvvvvv.fightvvhitegenocide.com ? com
1605Homoglyphs vvvvvv.fightwhitegenocide.com ? com
1606Homoglyphs vvvvw.fightvvhitegenocide.com ? com
1607Homoglyphs vvvvw.fightwhitegenocide.com ? com
1608Homoglyphs vvwvv.fightvvhitegenocide.com ? com
1609Homoglyphs vvwvv.fightwhitegenocide.com ? com
1610Homoglyphs vvww.fightvvhitegenocide.com ? com
1611Homoglyphs vvww.fightwhitegenocide.com ? com
1612Homoglyphs wvvvv.fightvvhitegenocide.com ? com
1613Homoglyphs wvvvv.fightwhitegenocide.com ? com
1614Homoglyphs wvvw.fightvvhitegenocide.com ? com
1615Homoglyphs wvvw.fightwhitegenocide.com ? com
1616Homoglyphs wwvv.fightvvhitegenocide.com ? com
1617Homoglyphs wwvv.fightwhitegenocide.com ? com
1618Homoglyphs www.fightvvhitegenocide.com ? com
1619Homoglyphs www.fightwhitegen0cide.com ? com
1620Homoglyphs www.fightwhitegenocicle.com ? com
1621Homoglyphs www.fightwhitegenoclde.com ? com
1622Homoglyphs www.fightwhltegenocide.com ? com
1623Homoglyphs www.fightwhltegenoclde.com ? com
1624Homoglyphs www.flghtwhitegenocide.com ? com
1625Homoglyphs www.flghtwhitegenoclde.com ? com
1626Homoglyphs www.flghtwhltegenocide.com ? com
1627Homoglyphs www.flghtwhltegenoclde.com ? com
1628Wrong TLD fightwhitegenocide.ca ? ca
1629Wrong TLD fightwhitegenocide.ch ? ch
1630Wrong TLD fightwhitegenocide.de ? de
1631Wrong TLD fightwhitegenocide.edu ? edu
1632Wrong TLD fightwhitegenocide.es ? es
1633Wrong TLD fightwhitegenocide.fr ? fr
1634Wrong TLD fightwhitegenocide.it ? it
1635Wrong TLD fightwhitegenocide.jp ? jp
1636Wrong TLD fightwhitegenocide.net 209.99.64.55 US,UNITED STATES net
1637Wrong TLD fightwhitegenocide.nl ? nl
1638Wrong TLD fightwhitegenocide.no ? no
1639Wrong TLD fightwhitegenocide.org ? org
1640Wrong TLD fightwhitegenocide.ru ? ru
1641Wrong TLD fightwhitegenocide.se ? se
1642Wrong TLD fightwhitegenocide.us ? us
1643################################################################################################################################
1644[*] Processing domain www.fightwhitegenocide.com
1645[*] Using system resolvers ['10.101.0.243', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
1646[+] Getting nameservers
1647173.201.70.43 - ns66.domaincontrol.com
164897.74.102.43 - ns65.domaincontrol.com
1649[-] Zone transfer failed
1650
1651[+] TXT records found
1652"google-site-verification=K4bXz6_akRl-syxq-Xa0kgcDmw62uMbueQ5B1hmjJfA"
1653"v=spf1 a mx ptr include:secureserver.net ~all"
1654
1655[+] MX records found, added to target list
16560 mail.fightwhitegenocide.com.
1657
1658[*] Scanning www.fightwhitegenocide.com for A records
165923.229.234.138 - www.fightwhitegenocide.com
1660
1661#################################################################################################################################
1662[*] Found SPF record:
1663[*] v=spf1 a mx ptr include:secureserver.net ~all
1664[*] SPF record contains an All item: ~all
1665[*] No DMARC record found. Looking for organizational record
1666[+] No organizational DMARC record
1667[+] Spoofing possible for www.fightwhitegenocide.com!
1668################################################################################################################################
1669WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1670Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:16 EDT
1671Nmap scan report for www.fightwhitegenocide.com (23.229.234.138)
1672Host is up (0.30s latency).
1673rDNS record for 23.229.234.138: ip-23-229-234-138.ip.secureserver.net
1674Not shown: 495 filtered ports
1675Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1676PORT STATE SERVICE
167722/tcp open ssh
1678
1679Nmap done: 1 IP address (1 host up) scanned in 15.24 seconds
1680#################################################################################################################################
1681Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:16 EDT
1682Nmap scan report for www.fightwhitegenocide.com (23.229.234.138)
1683Host is up.
1684rDNS record for 23.229.234.138: ip-23-229-234-138.ip.secureserver.net
1685
1686PORT STATE SERVICE
168753/udp open|filtered domain
168867/udp open|filtered dhcps
168968/udp open|filtered dhcpc
169069/udp open|filtered tftp
169188/udp open|filtered kerberos-sec
1692123/udp open|filtered ntp
1693137/udp open|filtered netbios-ns
1694138/udp open|filtered netbios-dgm
1695139/udp open|filtered netbios-ssn
1696161/udp open|filtered snmp
1697162/udp open|filtered snmptrap
1698389/udp open|filtered ldap
1699500/udp open|filtered isakmp
1700520/udp open|filtered route
17012049/udp open|filtered nfs
1702
1703Nmap done: 1 IP address (1 host up) scanned in 5.25 seconds
1704#################################################################################################################################
1705# general
1706(gen) banner: SSH-2.0-OpenSSH_5.3
1707(gen) software: OpenSSH 5.3
1708(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
1709(gen) compression: enabled (zlib@openssh.com)
1710
1711# key exchange algorithms
1712(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1713 `- [info] available since OpenSSH 4.4
1714(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1715 `- [warn] using weak hashing algorithm
1716 `- [info] available since OpenSSH 2.3.0
1717(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1718 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1719(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1720 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1721 `- [warn] using small 1024-bit modulus
1722 `- [warn] using weak hashing algorithm
1723 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1724
1725# host-key algorithms
1726(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1727(key) ssh-rsa-cert-v01@openssh.com -- [info] available since OpenSSH 5.6
1728(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1729 `- [warn] using small 1024-bit modulus
1730 `- [warn] using weak random number generator could reveal the key
1731 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1732
1733# encryption algorithms (ciphers)
1734(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1735(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1736(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1737(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1738 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1739 `- [warn] using weak cipher
1740 `- [info] available since OpenSSH 4.2
1741(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1742 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1743 `- [warn] using weak cipher
1744 `- [info] available since OpenSSH 4.2
1745(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1746 `- [warn] using weak cipher mode
1747 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1748(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1749 `- [warn] using weak cipher
1750 `- [warn] using weak cipher mode
1751 `- [warn] using small 64-bit block size
1752 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1753(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1754 `- [fail] disabled since Dropbear SSH 0.53
1755 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1756 `- [warn] using weak cipher mode
1757 `- [warn] using small 64-bit block size
1758 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1759(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1760 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1761 `- [warn] using weak cipher mode
1762 `- [warn] using small 64-bit block size
1763 `- [info] available since OpenSSH 2.1.0
1764(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1765 `- [warn] using weak cipher mode
1766 `- [info] available since OpenSSH 2.3.0
1767(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1768 `- [warn] using weak cipher mode
1769 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1770(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1771 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1772 `- [warn] using weak cipher
1773 `- [info] available since OpenSSH 2.1.0
1774(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1775 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1776 `- [warn] using weak cipher mode
1777 `- [info] available since OpenSSH 2.3.0
1778
1779# message authentication code algorithms
1780(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1781 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1782 `- [warn] using encrypt-and-MAC mode
1783 `- [warn] using weak hashing algorithm
1784 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1785(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1786 `- [warn] using weak hashing algorithm
1787 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1788(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1789 `- [warn] using small 64-bit tag size
1790 `- [info] available since OpenSSH 4.7
1791(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1792 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1793(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1794 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1795(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1796 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1797 `- [warn] using encrypt-and-MAC mode
1798 `- [info] available since OpenSSH 2.5.0
1799(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1800 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1801 `- [warn] using encrypt-and-MAC mode
1802 `- [info] available since OpenSSH 2.1.0
1803(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1804 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1805 `- [warn] using encrypt-and-MAC mode
1806 `- [warn] using weak hashing algorithm
1807 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1808(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1809 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1810 `- [warn] using encrypt-and-MAC mode
1811 `- [warn] using weak hashing algorithm
1812 `- [info] available since OpenSSH 2.5.0
1813
1814# algorithm recommendations (for OpenSSH 5.3)
1815(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1816(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1817(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1818(rec) -ssh-dss -- key algorithm to remove
1819(rec) -arcfour -- enc algorithm to remove
1820(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1821(rec) -blowfish-cbc -- enc algorithm to remove
1822(rec) -3des-cbc -- enc algorithm to remove
1823(rec) -aes256-cbc -- enc algorithm to remove
1824(rec) -arcfour256 -- enc algorithm to remove
1825(rec) -cast128-cbc -- enc algorithm to remove
1826(rec) -aes192-cbc -- enc algorithm to remove
1827(rec) -arcfour128 -- enc algorithm to remove
1828(rec) -aes128-cbc -- enc algorithm to remove
1829(rec) -hmac-md5-96 -- mac algorithm to remove
1830(rec) -hmac-ripemd160 -- mac algorithm to remove
1831(rec) -hmac-sha1-96 -- mac algorithm to remove
1832(rec) -umac-64@openssh.com -- mac algorithm to remove
1833(rec) -hmac-md5 -- mac algorithm to remove
1834(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1835(rec) -hmac-sha1 -- mac algorithm to remove
1836#################################################################################################################################
1837Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:16 EDT
1838NSE: Loaded 51 scripts for scanning.
1839NSE: Script Pre-scanning.
1840Initiating NSE at 11:16
1841Completed NSE at 11:16, 0.00s elapsed
1842Initiating NSE at 11:16
1843Completed NSE at 11:16, 0.00s elapsed
1844Initiating Parallel DNS resolution of 1 host. at 11:16
1845Completed Parallel DNS resolution of 1 host. at 11:16, 0.02s elapsed
1846Initiating SYN Stealth Scan at 11:16
1847Scanning www.fightwhitegenocide.com (23.229.234.138) [1 port]
1848Discovered open port 22/tcp on 23.229.234.138
1849Completed SYN Stealth Scan at 11:16, 0.36s elapsed (1 total ports)
1850Initiating Service scan at 11:16
1851Scanning 1 service on www.fightwhitegenocide.com (23.229.234.138)
1852Completed Service scan at 11:16, 0.61s elapsed (1 service on 1 host)
1853Initiating OS detection (try #1) against www.fightwhitegenocide.com (23.229.234.138)
1854Retrying OS detection (try #2) against www.fightwhitegenocide.com (23.229.234.138)
1855Initiating Traceroute at 11:16
1856Completed Traceroute at 11:16, 3.01s elapsed
1857Initiating Parallel DNS resolution of 11 hosts. at 11:16
1858Completed Parallel DNS resolution of 11 hosts. at 11:16, 0.14s elapsed
1859NSE: Script scanning 23.229.234.138.
1860Initiating NSE at 11:16
1861NSE: [ssh-run 23.229.234.138:22] Failed to specify credentials and command to run.
1862NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:root
1863NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:admin
1864NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:administrator
1865NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:webadmin
1866NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:sysadmin
1867NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:netadmin
1868NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:guest
1869NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:user
1870NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:web
1871NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:test
1872NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:
1873NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:
1874NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:
1875NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:
1876NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:
1877NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:
1878NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:
1879NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:
1880NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:
1881NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:
1882NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:123456
1883NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:123456
1884NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:123456
1885NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:123456
1886NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:123456
1887NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:123456
1888NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:123456
1889NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:123456
1890NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:123456
1891NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:123456
1892NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:12345
1893NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:12345
1894NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:12345
1895NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:12345
1896NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:12345
1897NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:12345
1898NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:12345
1899NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:12345
1900NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:12345
1901NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:12345
1902NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:123456789
1903NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:123456789
1904NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:123456789
1905NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:123456789
1906NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:123456789
1907NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:123456789
1908NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:123456789
1909NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:123456789
1910NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:123456789
1911NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:123456789
1912NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:password
1913NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:password
1914NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:password
1915NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:password
1916NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:password
1917NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:password
1918NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:password
1919NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:password
1920NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:password
1921NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:password
1922NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:iloveyou
1923NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:iloveyou
1924NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:iloveyou
1925NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:iloveyou
1926NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:iloveyou
1927NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:iloveyou
1928NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:iloveyou
1929NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:iloveyou
1930NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:iloveyou
1931NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:iloveyou
1932NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:princess
1933NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:princess
1934NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: administrator:princess
1935NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: webadmin:princess
1936NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: sysadmin:princess
1937NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: netadmin:princess
1938NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: guest:princess
1939NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: user:princess
1940NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: web:princess
1941NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: test:princess
1942NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: root:12345678
1943NSE: [ssh-brute 23.229.234.138:22] Trying username/password pair: admin:12345678
1944Completed NSE at 11:18, 90.74s elapsed
1945Initiating NSE at 11:18
1946Completed NSE at 11:18, 0.05s elapsed
1947Nmap scan report for www.fightwhitegenocide.com (23.229.234.138)
1948Host is up (0.30s latency).
1949rDNS record for 23.229.234.138: ip-23-229-234-138.ip.secureserver.net
1950
1951PORT STATE SERVICE VERSION
195222/tcp open ssh OpenSSH 5.3 (protocol 2.0)
1953| ssh-auth-methods:
1954| Supported authentication methods:
1955| publickey
1956| gssapi-keyex
1957| gssapi-with-mic
1958|_ password
1959| ssh-hostkey:
1960| 1024 49:7c:f2:06:6d:06:8a:62:de:bd:71:71:f5:68:b3:e6 (DSA)
1961| ssh-dss AAAAB3NzaC1kc3MAAACBALoAKxNsvG4jjobr/MZIV1S1XxoGaQy1CJgIMPx/UB3q6jG0utMu8Q/T4wzoQnQ6Egw2Z8hYJbewm9yoQd6NWoDrzlymX5e+tbZIQLJG3JC43EFSGmuz+C+oj3aPoT9fAFs+V0zNfhu02mzETMaNlU1FN1HLmZ17XWSC/WyucVnPAAAAFQC+Wi2FeS6XIvmxFZOACqEq+xKEuwAAAIEAtZRn52mooTSFnvKKmTfPQskbGuwhU4kEUxwg9NG5rv2ABbmN5qv6P2AL17W4Iy4t6erSvMlR6l9vvTB2hL0YS7rqkke2+VxDyWaMMWu3fbFdz0VCpAVs71yB8G2A9fu+GKz+4neaAMdCWNVmWQOZMhKU+N9ywqn9bLP+a8zJCuUAAACBAInJrsSYycTGrsIImpfK6Mzaf6t3kAGMG061PTGkY9ZUKdinwh3mFQbidFQR/uaWimRZAOWF898uqdv2CvlqIYaUaaBBLMCBDcCkYvFqD8oFtwlzmbap5v0P6qXLSe3kNPf2CWRYi9niyOCskS21+ZcYnR2lFvvggURcrUPmlgIa
1962| 2048 f2:3b:11:1b:62:67:af:9c:2f:6c:56:29:da:f7:84:7e (RSA)
1963|_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0FoaiA4SyR+TCtgc9gWArYAJ/Cg3cIQoLIf6hn8ziAxXfVoLkDsWHKNv1nnIMlK8uwZ90/m5BR2GDnYeaXFqSixDKQVDd+zHdWc+hOJRwHajjoaIUpsquSXFJOX8xFl3tDlwtRuxvPv9TbRX8hAu/OCV+1pZas2vueHwtIYg3AA8mWXgNSWEKzCFToZnRtRAMHjB25ynEW8opOFTAW5LkH0lp5ABm9a/BOzeWqa5sy6AD5b3KV5LbYV6PN3Y6PK/7YWidtOJTJRIrtYrJyhi6TUYBQ+pLrd3fp5/DOevHkCRcEYNFzY2BrRjEbFcAUcZNuJO8OicKuG1IoBtrFkBbQ==
1964| ssh-publickey-acceptance:
1965|_ Accepted Public Keys: No public keys accepted
1966|_ssh-run: Failed to specify credentials and command to run.
1967| vulners:
1968| cpe:/a:openbsd:openssh:5.3:
1969| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
1970| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
1971| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
1972| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
1973| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
1974| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
1975| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
1976| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
1977|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
1978Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1979Aggressive OS guesses: ASUS RT-N56U WAP (Linux 3.4) (98%), Linux 3.2 (98%), Linux 3.1 (97%), Linux 3.16 (97%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (97%), AVM FRITZ!WLAN Repeater 450E (FritzOS 6.51) (89%), Geovision EBD4700 CCTV camera (Linux 3.4) (89%), Android 4.1 (Linux 3.0) (89%), Hitron CVE-30360 router (89%), Linux 2.6.32 (89%)
1980No exact OS matches for host (test conditions non-ideal).
1981Network Distance: 13 hops
1982
1983TRACEROUTE (using port 22/tcp)
1984HOP RTT ADDRESS
19851 127.24 ms 10.203.37.1
19862 ...
19873 128.03 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
19884 127.79 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
19895 133.66 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
19906 133.71 ms be3377.ccr21.sto01.atlas.cogentco.com (154.54.36.90)
19917 133.99 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
19928 ...
19939 299.90 ms 4.28.83.74
199410 297.36 ms 148.72.32.7
199511 297.33 ms be39.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.73)
199612 302.56 ms ip-97-74-255-129.ip.secureserver.net (97.74.255.129)
199713 298.62 ms ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
1998
1999NSE: Script Post-scanning.
2000Initiating NSE at 11:18
2001Completed NSE at 11:18, 0.00s elapsed
2002Initiating NSE at 11:18
2003Completed NSE at 11:18, 0.00s elapsed
2004#################################################################################################################################
2005USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2006RHOSTS => www.fightwhitegenocide.com
2007RHOST => www.fightwhitegenocide.com
2008[*] 23.229.234.138:22 - SSH - Using malformed packet technique
2009[*] 23.229.234.138:22 - SSH - Starting scan
2010[-] 23.229.234.138:22 - SSH - User 'admin' on could not connect
2011[-] 23.229.234.138:22 - SSH - User 'administrator' on could not connect
2012[-] 23.229.234.138:22 - SSH - User 'anonymous' on could not connect
2013[-] 23.229.234.138:22 - SSH - User 'backup' on could not connect
2014[-] 23.229.234.138:22 - SSH - User 'bee' on could not connect
2015[-] 23.229.234.138:22 - SSH - User 'ftp' on could not connect
2016[-] 23.229.234.138:22 - SSH - User 'guest' on could not connect
2017[-] 23.229.234.138:22 - SSH - User 'GUEST' on could not connect
2018[-] 23.229.234.138:22 - SSH - User 'info' on could not connect
2019[-] 23.229.234.138:22 - SSH - User 'mail' on could not connect
2020[-] 23.229.234.138:22 - SSH - User 'mailadmin' on could not connect
2021[-] 23.229.234.138:22 - SSH - User 'msfadmin' on could not connect
2022[-] 23.229.234.138:22 - SSH - User 'mysql' on could not connect
2023[-] 23.229.234.138:22 - SSH - User 'nobody' on could not connect
2024[-] 23.229.234.138:22 - SSH - User 'oracle' on could not connect
2025[-] 23.229.234.138:22 - SSH - User 'owaspbwa' on could not connect
2026[-] 23.229.234.138:22 - SSH - User 'postfix' on could not connect
2027[-] 23.229.234.138:22 - SSH - User 'postgres' on could not connect
2028[-] 23.229.234.138:22 - SSH - User 'private' on could not connect
2029[-] 23.229.234.138:22 - SSH - User 'proftpd' on could not connect
2030[-] 23.229.234.138:22 - SSH - User 'public' on could not connect
2031[-] 23.229.234.138:22 - SSH - User 'root' on could not connect
2032[-] 23.229.234.138:22 - SSH - User 'superadmin' on could not connect
2033[-] 23.229.234.138:22 - SSH - User 'support' on could not connect
2034[-] 23.229.234.138:22 - SSH - User 'sys' on could not connect
2035[-] 23.229.234.138:22 - SSH - User 'system' on could not connect
2036[-] 23.229.234.138:22 - SSH - User 'systemadmin' on could not connect
2037[-] 23.229.234.138:22 - SSH - User 'systemadministrator' on could not connect
2038[-] 23.229.234.138:22 - SSH - User 'test' on could not connect
2039[-] 23.229.234.138:22 - SSH - User 'tomcat' on could not connect
2040[-] 23.229.234.138:22 - SSH - User 'user' on could not connect
2041[-] 23.229.234.138:22 - SSH - User 'webmaster' on could not connect
2042[-] 23.229.234.138:22 - SSH - User 'www-data' on could not connect
2043[-] 23.229.234.138:22 - SSH - User 'Fortimanager_Access' on could not connect
2044[*] Scanned 1 of 1 hosts (100% complete)
2045[*] Auxiliary module execution completed
2046#################################################################################################################################
2047Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:04 EDT
2048Warning: 23.229.234.138 giving up on port because retransmission cap hit (2).
2049Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2050Host is up (0.30s latency).
2051Not shown: 452 filtered ports, 12 closed ports
2052Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2053PORT STATE SERVICE VERSION
205421/tcp open ftp Pure-FTPd
2055| ssl-cert: Subject: commonName=*.prod.phx3.secureserver.net
2056| Subject Alternative Name: DNS:*.prod.phx3.secureserver.net, DNS:prod.phx3.secureserver.net
2057| Not valid before: 2020-01-14T18:56:22
2058|_Not valid after: 2022-01-14T18:56:22
2059|_ssl-date: 2020-03-19T15:08:35+00:00; -6s from scanner time.
206022/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2061| ssh-hostkey:
2062| 1024 49:7c:f2:06:6d:06:8a:62:de:bd:71:71:f5:68:b3:e6 (DSA)
2063|_ 2048 f2:3b:11:1b:62:67:af:9c:2f:6c:56:29:da:f7:84:7e (RSA)
206425/tcp open smtp?
2065| fingerprint-strings:
2066| GenericLines:
2067|_ 421 Too many concurrent SMTP connections; please try again later.
2068|_smtp-commands: Couldn't establish connection on port 25
206980/tcp open http Apache httpd (PHP 5.6.40)
2070110/tcp open pop3 Dovecot pop3d
2071|_pop3-capabilities: RESP-CODES USER PIPELINING AUTH-RESP-CODE UIDL STLS CAPA SASL(PLAIN LOGIN) TOP
2072|_ssl-date: 2020-03-19T15:08:20+00:00; -6s from scanner time.
2073143/tcp open imap Dovecot imapd
2074|_imap-capabilities: AUTH=LOGINA0001 LOGIN-REFERRALS post-login IMAP4rev1 NAMESPACE SASL-IR Pre-login OK STARTTLS capabilities LITERAL+ IDLE have ENABLE listed more ID AUTH=PLAIN
2075|_ssl-date: 2020-03-19T15:08:21+00:00; -5s from scanner time.
2076443/tcp open ssl/http Apache httpd (PHP 5.6.40)
2077465/tcp open ssl/smtp Exim smtpd 4.92
2078|_smtp-commands: SMTP EHLO ip-23-229-234-138.ip.secureserver.net: failed to receive data: failed to receive data
2079| ssl-cert: Subject: commonName=*.prod.phx3.secureserver.net
2080| Subject Alternative Name: DNS:*.prod.phx3.secureserver.net, DNS:prod.phx3.secureserver.net
2081| Not valid before: 2020-01-14T18:56:22
2082|_Not valid after: 2022-01-14T18:56:22
2083|_ssl-date: 2020-03-19T15:08:20+00:00; -5s from scanner time.
2084587/tcp open smtp Exim smtpd 4.92
2085| smtp-commands: p3plcpnl0719.prod.phx3.secureserver.net Hello ip-23-229-234-138.ip.secureserver.net [45.132.192.87], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, STARTTLS, SMTPUTF8, HELP,
2086|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2087| ssl-cert: Subject: commonName=*.prod.phx3.secureserver.net
2088| Subject Alternative Name: DNS:*.prod.phx3.secureserver.net, DNS:prod.phx3.secureserver.net
2089| Not valid before: 2020-01-14T18:56:22
2090|_Not valid after: 2022-01-14T18:56:22
2091|_ssl-date: 2020-03-19T15:08:43+00:00; -6s from scanner time.
2092993/tcp open ssl/imaps?
2093|_ssl-date: 2020-03-19T15:08:20+00:00; -5s from scanner time.
2094995/tcp open ssl/pop3s?
2095|_ssl-date: 2020-03-19T15:08:20+00:00; -5s from scanner time.
20963306/tcp open mysql MySQL 5.6.44-cll-lve
2097| mysql-info:
2098| Protocol: 10
2099| Version: 5.6.44-cll-lve
2100| Thread ID: 3076934
2101| Capabilities flags: 63487
2102| Some Capabilities: FoundRows, ConnectWithDatabase, Support41Auth, Speaks41ProtocolOld, Speaks41ProtocolNew, SupportsCompression, SupportsTransactions, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, ODBCClient, IgnoreSpaceBeforeParenthesis, InteractiveClient, IgnoreSigpipes, LongPassword, LongColumnFlag, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
2103| Status: Autocommit
2104| Salt: SR$Wl9t_]64A,WSw"=NO
2105|_ Auth Plugin Name: mysql_native_password
21061 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2107SF-Port25-TCP:V=7.80%I=7%D=3/19%Time=5E738A25%P=x86_64-pc-linux-gnu%r(Gene
2108SF:ricLines,43,"421\x20Too\x20many\x20concurrent\x20SMTP\x20connections;\x
2109SF:20please\x20try\x20again\x20later\.\r\n");
2110Aggressive OS guesses: Linux 3.2 (94%), Linux 3.1 (93%), AVM FRITZ!WLAN Repeater 450E (FritzOS 6.51) (93%), Hitron CVE-30360 router (93%), Linux 2.6.32 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 2.6.32 - 3.1 (93%), Linux 2.6.39 (93%), ProVision-ISR security DVR (93%), OpenWrt 12.09-rc1 Attitude Adjustment (Linux 3.3 - 3.7) (93%)
2111No exact OS matches for host (test conditions non-ideal).
2112Network Distance: 13 hops
2113Service Info: Host: p3plcpnl0719.prod.phx3.secureserver.net
2114
2115Host script results:
2116|_clock-skew: mean: -5s, deviation: 0s, median: -5s
2117
2118TRACEROUTE (using port 21/tcp)
2119HOP RTT ADDRESS
21201 126.92 ms 10.203.37.1
21212 ...
21223 127.74 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
21234 127.52 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
21245 133.06 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
21256 133.32 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
21267 133.55 ms ae-10.edge4.Stockholm2.Level3.net (4.68.106.125)
21278 ...
21289 296.52 ms 4.28.83.74
212910 296.94 ms 148.72.32.7
213011 296.35 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
213112 301.13 ms ip-97-74-255-129.ip.secureserver.net (97.74.255.129)
213213 296.14 ms ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2133#################################################################################################################################
2134Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:11 EDT
2135Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2136Host is up (0.080s latency).
2137Not shown: 14 filtered ports
2138Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2139PORT STATE SERVICE VERSION
214053/udp open|filtered domain
214167/udp open|filtered dhcps
214268/udp open|filtered dhcpc
214369/udp open|filtered tftp
214488/udp open|filtered kerberos-sec
2145123/udp open|filtered ntp
2146137/udp open|filtered netbios-ns
2147138/udp open|filtered netbios-dgm
2148139/udp open|filtered netbios-ssn
2149161/udp open|filtered snmp
2150162/udp open|filtered snmptrap
2151389/udp open|filtered ldap
2152520/udp open|filtered route
21532049/udp open|filtered nfs
2154Too many fingerprints match this host to give specific OS details
2155Network Distance: 13 hops
2156
2157TRACEROUTE (using proto 1/icmp)
2158HOP RTT ADDRESS
21591 126.36 ms 10.203.37.1
21602 ...
21613 127.04 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
21624 126.70 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
21635 132.12 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
21646 132.15 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
21657 135.91 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
21668 ...
21679 296.05 ms 4.28.83.74
216810 296.15 ms 148.72.32.7
216911 297.21 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
217012 484.95 ms ip-97-74-255-129.ip.secureserver.net (97.74.255.129)
217113 302.01 ms ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2172#################################################################################################################################
2173Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:17 EDT
2174Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2175Host is up (0.30s latency).
2176
2177PORT STATE SERVICE VERSION
217821/tcp open ftp Pure-FTPd
2179Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2180Device type: WAP|general purpose|webcam
2181Running (JUST GUESSING): Asus embedded (98%), Linux 3.X|2.6.X (98%), AXIS embedded (96%)
2182OS CPE: cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera
2183Aggressive OS guesses: ASUS RT-N56U WAP (Linux 3.4) (98%), Linux 3.2 (98%), Linux 3.1 (96%), Linux 3.16 (96%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (96%)
2184No exact OS matches for host (test conditions non-ideal).
2185Network Distance: 13 hops
2186
2187TRACEROUTE (using port 21/tcp)
2188HOP RTT ADDRESS
21891 131.14 ms 10.203.37.1
21902 ...
21913 131.79 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
21924 131.77 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
21935 137.23 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
21946 137.81 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
21957 137.34 ms ae-10.edge4.Stockholm2.Level3.net (4.68.106.125)
21968 ...
21979 297.06 ms 4.28.83.74
219810 350.98 ms 148.72.32.7
219911 297.55 ms be39.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.73)
220012 302.59 ms ip-97-74-255-129.ip.secureserver.net (97.74.255.129)
220113 301.78 ms ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2202#################################################################################################################################
2203Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:28 EDT
2204Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2205Host is up.
2206
2207PORT STATE SERVICE VERSION
220822/tcp filtered ssh
2209Too many fingerprints match this host to give specific OS details
2210
2211TRACEROUTE (using proto 1/icmp)
2212HOP RTT ADDRESS
22131 131.00 ms 10.203.37.1
22142 ...
22153 131.65 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
22164 131.62 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
22175 137.26 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
22186 137.37 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
22197 137.65 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
22208 298.53 ms ae-2-30.bear2.Phoenix1.Level3.net (4.69.210.161)
22219 297.36 ms 4.28.83.74
222210 297.80 ms 148.72.32.7
222311 318.04 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
222412 ... 30
2225#################################################################################################################################
2226USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2227RHOSTS => 23.229.234.138
2228RHOST => 23.229.234.138
2229[*] 23.229.234.138:22 - SSH - Using malformed packet technique
2230[*] 23.229.234.138:22 - SSH - Starting scan
2231[-] 23.229.234.138:22 - SSH - User 'admin' on could not connect
2232[-] 23.229.234.138:22 - SSH - User 'administrator' on could not connect
2233[-] 23.229.234.138:22 - SSH - User 'anonymous' on could not connect
2234[-] 23.229.234.138:22 - SSH - User 'backup' on could not connect
2235[-] 23.229.234.138:22 - SSH - User 'bee' on could not connect
2236[-] 23.229.234.138:22 - SSH - User 'ftp' on could not connect
2237[-] 23.229.234.138:22 - SSH - User 'guest' on could not connect
2238[-] 23.229.234.138:22 - SSH - User 'GUEST' on could not connect
2239[-] 23.229.234.138:22 - SSH - User 'info' on could not connect
2240[-] 23.229.234.138:22 - SSH - User 'mail' on could not connect
2241[-] 23.229.234.138:22 - SSH - User 'mailadmin' on could not connect
2242[-] 23.229.234.138:22 - SSH - User 'msfadmin' on could not connect
2243[-] 23.229.234.138:22 - SSH - User 'mysql' on could not connect
2244[-] 23.229.234.138:22 - SSH - User 'nobody' on could not connect
2245[-] 23.229.234.138:22 - SSH - User 'oracle' on could not connect
2246[-] 23.229.234.138:22 - SSH - User 'owaspbwa' on could not connect
2247[-] 23.229.234.138:22 - SSH - User 'postfix' on could not connect
2248[-] 23.229.234.138:22 - SSH - User 'postgres' on could not connect
2249[-] 23.229.234.138:22 - SSH - User 'private' on could not connect
2250[-] 23.229.234.138:22 - SSH - User 'proftpd' on could not connect
2251[-] 23.229.234.138:22 - SSH - User 'public' on could not connect
2252[-] 23.229.234.138:22 - SSH - User 'root' on could not connect
2253[-] 23.229.234.138:22 - SSH - User 'superadmin' on could not connect
2254[-] 23.229.234.138:22 - SSH - User 'support' on could not connect
2255[-] 23.229.234.138:22 - SSH - User 'sys' on could not connect
2256[-] 23.229.234.138:22 - SSH - User 'system' on could not connect
2257[-] 23.229.234.138:22 - SSH - User 'systemadmin' on could not connect
2258[-] 23.229.234.138:22 - SSH - User 'systemadministrator' on could not connect
2259[-] 23.229.234.138:22 - SSH - User 'test' on could not connect
2260[-] 23.229.234.138:22 - SSH - User 'tomcat' on could not connect
2261[-] 23.229.234.138:22 - SSH - User 'user' on could not connect
2262[-] 23.229.234.138:22 - SSH - User 'webmaster' on could not connect
2263[-] 23.229.234.138:22 - SSH - User 'www-data' on could not connect
2264[-] 23.229.234.138:22 - SSH - User 'Fortimanager_Access' on could not connect
2265[*] Scanned 1 of 1 hosts (100% complete)
2266[*] Auxiliary module execution completed
2267################################################################################################################################
2268Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:48 EDT
2269Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2270Host is up.
2271
2272PORT STATE SERVICE VERSION
227325/tcp filtered smtp
2274Too many fingerprints match this host to give specific OS details
2275
2276TRACEROUTE (using proto 1/icmp)
2277HOP RTT ADDRESS
22781 131.74 ms 10.203.37.1
22792 ...
22803 128.89 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
22814 128.86 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
22825 134.24 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
22836 134.29 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
22847 134.49 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
22858 297.84 ms ae-2-30.bear2.Phoenix1.Level3.net (4.69.210.161)
22869 297.73 ms 4.28.83.74
228710 297.95 ms 148.72.32.7
228811 296.35 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
228912 ... 30
2290#################################################################################################################################
2291Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:49 EDT
2292Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2293Host is up.
2294
2295PORT STATE SERVICE VERSION
229667/tcp filtered dhcps
229767/udp open|filtered dhcps
2298|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2299Too many fingerprints match this host to give specific OS details
2300
2301TRACEROUTE (using proto 1/icmp)
2302HOP RTT ADDRESS
23031 129.83 ms 10.203.37.1
23042 ...
23053 130.54 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
23064 126.97 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
23075 132.15 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
23086 132.38 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
23097 132.95 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
23108 297.40 ms ae-2-30.bear2.Phoenix1.Level3.net (4.69.210.161)
23119 296.02 ms 4.28.83.74
231210 296.28 ms 148.72.32.7
231311 296.84 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
231412 ... 30
2315#################################################################################################################################
2316Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:51 EDT
2317Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2318Host is up.
2319
2320PORT STATE SERVICE VERSION
232168/tcp filtered dhcpc
232268/udp open|filtered dhcpc
2323Too many fingerprints match this host to give specific OS details
2324
2325TRACEROUTE (using proto 1/icmp)
2326HOP RTT ADDRESS
23271 131.38 ms 10.203.37.1
23282 ...
23293 129.91 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
23304 129.84 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
23315 133.13 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
23326 133.15 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
23337 134.99 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
23348 296.37 ms ae-2-30.bear2.Phoenix1.Level3.net (4.69.210.161)
23359 296.36 ms 4.28.83.74
233610 297.43 ms 148.72.32.7
233711 296.98 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
233812 ... 30
2339#################################################################################################################################
2340Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:52 EDT
2341Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2342Host is up.
2343
2344PORT STATE SERVICE VERSION
234569/tcp filtered tftp
234669/udp open|filtered tftp
2347Too many fingerprints match this host to give specific OS details
2348
2349TRACEROUTE (using proto 1/icmp)
2350HOP RTT ADDRESS
23511 129.87 ms 10.203.37.1
23522 ...
23533 131.04 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
23544 130.56 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
23555 135.91 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
23566 136.49 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
23577 155.34 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
23588 299.98 ms ae-2-30.bear2.Phoenix1.Level3.net (4.69.210.161)
23599 295.59 ms 4.28.83.74
236010 295.86 ms 148.72.32.7
236111 296.23 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
236212 ... 30
2363#################################################################################################################################
2364Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:58 EDT
2365Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2366Host is up.
2367
2368PORT STATE SERVICE VERSION
2369110/tcp filtered pop3
2370Too many fingerprints match this host to give specific OS details
2371
2372TRACEROUTE (using proto 1/icmp)
2373HOP RTT ADDRESS
23741 130.14 ms 10.203.37.1
23752 ...
23763 130.97 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
23774 127.32 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
23785 132.40 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
23796 133.30 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
23807 133.32 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
23818 ...
23829 296.82 ms 4.28.83.74
238310 296.88 ms 148.72.32.7
238411 302.12 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
238512 ... 30
2386#################################################################################################################################
2387Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:58 EDT
2388Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2389Host is up.
2390
2391PORT STATE SERVICE VERSION
2392123/tcp filtered ntp
2393123/udp open|filtered ntp
2394Too many fingerprints match this host to give specific OS details
2395
2396TRACEROUTE (using proto 1/icmp)
2397HOP RTT ADDRESS
23981 129.90 ms 10.203.37.1
23992 ...
24003 130.93 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
24014 130.57 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
24025 136.16 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
24036 136.57 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
24047 136.35 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
24058 297.57 ms ae-2-30.bear2.Phoenix1.Level3.net (4.69.210.161)
24069 295.61 ms 4.28.83.74
240710 297.15 ms 148.72.32.7
240811 296.14 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
240912 ... 30
2410#################################################################################################################################
2411Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 12:06 EDT
2412Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
2413Host is up.
2414
2415PORT STATE SERVICE VERSION
24163306/tcp filtered mysql
2417Too many fingerprints match this host to give specific OS details
2418
2419TRACEROUTE (using proto 1/icmp)
2420HOP RTT ADDRESS
24211 131.47 ms 10.203.37.1
24222 ...
24233 132.33 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
24244 131.99 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
24255 137.63 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
24266 137.68 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
24277 139.44 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
24288 ...
24299 297.59 ms 4.28.83.74
243010 297.64 ms 148.72.32.7
243111 297.56 ms be38.trmc0215-01.ars.mgmt.phx3.gdg (184.168.0.69)
243212 ... 30
2433#################################################################################################################################
2434[+] URL: https://www.fightwhitegenocide.com/ [23.229.234.138]
2435[+] Started: Thu Mar 19 10:50:33 2020
2436
2437Interesting Finding(s):
2438
2439[+] Headers
2440 | Interesting Entries:
2441 | - server: Apache
2442 | - x-powered-by: PHP/5.6.40
2443 | Found By: Headers (Passive Detection)
2444 | Confidence: 100%
2445
2446[+] https://www.fightwhitegenocide.com/robots.txt
2447 | Interesting Entries:
2448 | - /wp-admin/
2449 | - /wp-admin/admin-ajax.php
2450 | Found By: Robots Txt (Aggressive Detection)
2451 | Confidence: 100%
2452
2453[+] XML-RPC seems to be enabled: https://www.fightwhitegenocide.com/xmlrpc.php
2454 | Found By: Direct Access (Aggressive Detection)
2455 | Confidence: 100%
2456 | References:
2457 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2458 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2459 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2460 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2461 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2462
2463[+] https://www.fightwhitegenocide.com/readme.html
2464 | Found By: Direct Access (Aggressive Detection)
2465 | Confidence: 100%
2466
2467[+] https://www.fightwhitegenocide.com/wp-content/debug.log
2468 | Found By: Direct Access (Aggressive Detection)
2469 | Confidence: 100%
2470 | Reference: https://codex.wordpress.org/Debugging_in_WordPress
2471
2472[+] https://www.fightwhitegenocide.com/wp-cron.php
2473 | Found By: Direct Access (Aggressive Detection)
2474 | Confidence: 60%
2475 | References:
2476 | - https://www.iplocation.net/defend-wordpress-from-ddos
2477 | - https://github.com/wpscanteam/wpscan/issues/1299
2478
2479[+] WordPress version 4.9.13 identified (Latest, released on 2019-12-12).
2480 | Found By: Rss Generator (Passive Detection)
2481 | - https://www.fightwhitegenocide.com/feed/, <generator>https://wordpress.org/?v=4.9.13</generator>
2482 | - https://www.fightwhitegenocide.com/comments/feed/, <generator>https://wordpress.org/?v=4.9.13</generator>
2483 | - https://www.fightwhitegenocide.com/feed/podcast, <generator>https://wordpress.org/?v=4.9.13</generator>
2484
2485[+] WordPress theme in use: the-activism
2486 | Location: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/
2487 | Readme: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/readme.txt
2488 | Style URL: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/style.css?ver=1.00
2489 | Style Name: The Activism
2490 | Style URI: http://themeforest.net/user/Softwebmedia/portfolio
2491 | Description: A premium WordPress responsive theme by Soft Web Media...
2492 | Author: Soft Web Media
2493 | Author URI: http://themeforest.net/user/Softwebmedia
2494 |
2495 | Found By: Css Style In Homepage (Passive Detection)
2496 | Confirmed By: Css Style In 404 Page (Passive Detection)
2497 |
2498 | Version: 1.03 (80% confidence)
2499 | Found By: Style (Passive Detection)
2500 | - https://www.fightwhitegenocide.com/wp-content/themes/the-activism/style.css?ver=1.00, Match: 'Version: 1.03'
2501
2502[+] Enumerating All Plugins (via Passive Methods)
2503[+] Checking Plugin Versions (via Passive and Aggressive Methods)
2504
2505[i] Plugin(s) Identified:
2506
2507[+] contact-form-7
2508 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/contact-form-7/
2509 | Last Updated: 2020-03-07T10:12:00.000Z
2510 | [!] The version is out of date, the latest version is 5.1.7
2511 |
2512 | Found By: Urls In Homepage (Passive Detection)
2513 | Confirmed By: Urls In 404 Page (Passive Detection)
2514 |
2515 | Version: 5.0.4 (100% confidence)
2516 | Found By: Query Parameter (Passive Detection)
2517 | - https://www.fightwhitegenocide.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.4
2518 | - https://www.fightwhitegenocide.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.4
2519 | Confirmed By:
2520 | Readme - Stable Tag (Aggressive Detection)
2521 | - https://www.fightwhitegenocide.com/wp-content/plugins/contact-form-7/readme.txt
2522 | Readme - ChangeLog Section (Aggressive Detection)
2523 | - https://www.fightwhitegenocide.com/wp-content/plugins/contact-form-7/readme.txt
2524
2525[+] js_composer
2526 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/js_composer/
2527 |
2528 | Found By: Urls In Homepage (Passive Detection)
2529 | Confirmed By:
2530 | Urls In 404 Page (Passive Detection)
2531 | Meta Generator (Passive Detection)
2532 | Body Tag (Passive Detection)
2533 |
2534 | Version: 5.2.1 (80% confidence)
2535 | Found By: Body Tag (Passive Detection)
2536 | - https://www.fightwhitegenocide.com/, Match: 'js-comp-ver-5.2.1'
2537 | Confirmed By: Query Parameter (Passive Detection)
2538 | - https://www.fightwhitegenocide.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.2.1
2539 | - https://www.fightwhitegenocide.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.2.1
2540
2541[+] mailchimp-for-woocommerce
2542 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/mailchimp-for-woocommerce/
2543 | Last Updated: 2020-03-16T15:09:00.000Z
2544 | [!] The version is out of date, the latest version is 2.3.5
2545 |
2546 | Found By: Urls In Homepage (Passive Detection)
2547 | Confirmed By: Urls In 404 Page (Passive Detection)
2548 |
2549 | Version: 2.1.17 (100% confidence)
2550 | Found By: Readme - Stable Tag (Aggressive Detection)
2551 | - https://www.fightwhitegenocide.com/wp-content/plugins/mailchimp-for-woocommerce/README.txt
2552 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
2553 | - https://www.fightwhitegenocide.com/wp-content/plugins/mailchimp-for-woocommerce/README.txt
2554
2555[+] mailchimp-for-wp
2556 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/mailchimp-for-wp/
2557 | Last Updated: 2020-02-10T09:38:00.000Z
2558 | [!] The version is out of date, the latest version is 4.7.5
2559 |
2560 | Found By: Urls In Homepage (Passive Detection)
2561 | Confirmed By: Urls In 404 Page (Passive Detection)
2562 |
2563 | Version: 4.2.5 (100% confidence)
2564 | Found By: Readme - Stable Tag (Aggressive Detection)
2565 | - https://www.fightwhitegenocide.com/wp-content/plugins/mailchimp-for-wp/readme.txt
2566 | Confirmed By: Change Log (Aggressive Detection)
2567 | - https://www.fightwhitegenocide.com/wp-content/plugins/mailchimp-for-wp/CHANGELOG.md, Match: '#### 4.2.5 - Sep 11, 2018'
2568
2569[+] npo-sites-shortcodes
2570 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/npo-sites-shortcodes/
2571 |
2572 | Found By: Urls In Homepage (Passive Detection)
2573 | Confirmed By: Urls In 404 Page (Passive Detection)
2574 |
2575 | The version could not be determined.
2576
2577[+] post-grid
2578 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/post-grid/
2579 | Last Updated: 2020-02-06T15:02:00.000Z
2580 | [!] The version is out of date, the latest version is 2.0.44
2581 |
2582 | Found By: Urls In Homepage (Passive Detection)
2583 | Confirmed By: Urls In 404 Page (Passive Detection)
2584 |
2585 | Version: 2.0.29 (100% confidence)
2586 | Found By: Readme - Stable Tag (Aggressive Detection)
2587 | - https://www.fightwhitegenocide.com/wp-content/plugins/post-grid/readme.txt
2588 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
2589 | - https://www.fightwhitegenocide.com/wp-content/plugins/post-grid/readme.txt
2590
2591[+] recent-tweets-widget
2592 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/recent-tweets-widget/
2593 | Latest Version: 1.6.8 (up to date)
2594 | Last Updated: 2020-01-09T21:55:00.000Z
2595 |
2596 | Found By: Urls In Homepage (Passive Detection)
2597 | Confirmed By: Urls In 404 Page (Passive Detection)
2598 |
2599 | Version: 1.6.8 (100% confidence)
2600 | Found By: Readme - Stable Tag (Aggressive Detection)
2601 | - https://www.fightwhitegenocide.com/wp-content/plugins/recent-tweets-widget/readme.txt
2602 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
2603 | - https://www.fightwhitegenocide.com/wp-content/plugins/recent-tweets-widget/readme.txt
2604
2605[+] revslider
2606 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/revslider/
2607 |
2608 | Found By: Urls In Homepage (Passive Detection)
2609 | Confirmed By:
2610 | Urls In 404 Page (Passive Detection)
2611 | Comment (Passive Detection)
2612 | Div Data Version (Passive Detection)
2613 | Meta Generator (Passive Detection)
2614 |
2615 | Version: 5.4.5.2 (100% confidence)
2616 | Found By: Comment (Passive Detection)
2617 | - https://www.fightwhitegenocide.com/, Match: 'START REVOLUTION SLIDER 5.4.5.2'
2618 | Confirmed By: Div Data Version (Passive Detection)
2619 | - https://www.fightwhitegenocide.com/, Match: '5.4.5.2'
2620
2621[+] seriously-simple-podcasting
2622 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/seriously-simple-podcasting/
2623 | Last Updated: 2020-03-03T12:20:00.000Z
2624 | [!] The version is out of date, the latest version is 1.20.13
2625 |
2626 | Found By: Urls In Homepage (Passive Detection)
2627 | Confirmed By:
2628 | Urls In 404 Page (Passive Detection)
2629 | Meta Tag (Passive Detection)
2630 |
2631 | Version: 1.19.13 (100% confidence)
2632 | Found By: Query Parameter (Passive Detection)
2633 | - https://www.fightwhitegenocide.com/wp-content/plugins/seriously-simple-podcasting/assets/css/player.css?ver=1.19.13
2634 | Confirmed By:
2635 | Meta Tag (Passive Detection)
2636 | - https://www.fightwhitegenocide.com/, Match: 'Seriously Simple Podcasting 1.19.13'
2637 | Readme - Stable Tag (Aggressive Detection)
2638 | - https://www.fightwhitegenocide.com/wp-content/plugins/seriously-simple-podcasting/readme.txt
2639 | Readme - ChangeLog Section (Aggressive Detection)
2640 | - https://www.fightwhitegenocide.com/wp-content/plugins/seriously-simple-podcasting/readme.txt
2641
2642[+] woocommerce
2643 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/woocommerce/
2644 | Last Updated: 2020-03-10T16:51:00.000Z
2645 | [!] The version is out of date, the latest version is 4.0.0
2646 |
2647 | Found By: Urls In Homepage (Passive Detection)
2648 | Confirmed By:
2649 | Urls In 404 Page (Passive Detection)
2650 | Meta Generator (Passive Detection)
2651 |
2652 | Version: 3.7.0 (100% confidence)
2653 | Found By: Query Parameter (Passive Detection)
2654 | - https://www.fightwhitegenocide.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.7.0
2655 | - https://www.fightwhitegenocide.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.7.0
2656 | - https://www.fightwhitegenocide.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.7.0
2657 | Confirmed By:
2658 | Meta Generator (Passive Detection)
2659 | - https://www.fightwhitegenocide.com/, Match: 'WooCommerce 3.7.0'
2660 | Readme - Stable Tag (Aggressive Detection)
2661 | - https://www.fightwhitegenocide.com/wp-content/plugins/woocommerce/readme.txt
2662 | Readme - ChangeLog Section (Aggressive Detection)
2663 | - https://www.fightwhitegenocide.com/wp-content/plugins/woocommerce/readme.txt
2664
2665[+] wordpress-seo
2666 | Location: https://www.fightwhitegenocide.com/wp-content/plugins/wordpress-seo/
2667 | Last Updated: 2020-03-18T12:01:00.000Z
2668 | [!] The version is out of date, the latest version is 13.3
2669 |
2670 | Found By: Comment (Passive Detection)
2671 |
2672 | Version: 9.0.2 (100% confidence)
2673 | Found By: Comment (Passive Detection)
2674 | - https://www.fightwhitegenocide.com/, Match: 'optimized with the Yoast SEO plugin v9.0.2 -'
2675 | Confirmed By:
2676 | Readme - Stable Tag (Aggressive Detection)
2677 | - https://www.fightwhitegenocide.com/wp-content/plugins/wordpress-seo/readme.txt
2678 | Readme - ChangeLog Section (Aggressive Detection)
2679 | - https://www.fightwhitegenocide.com/wp-content/plugins/wordpress-seo/readme.txt
2680
2681[+] Enumerating Config Backups (via Passive and Aggressive Methods)
2682 Checking Config Backups - Time: 00:01:32 <=============> (21 / 21) 100.00% Time: 00:01:32
2683
2684[i] No Config Backups Found.
2685
2686[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
2687[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
2688
2689[+] Finished: Thu Mar 19 10:54:15 2020
2690[+] Requests Done: 89
2691[+] Cached Requests: 8
2692[+] Data Sent: 21.696 KB
2693[+] Data Received: 643.48 MB
2694[+] Memory used: 211.84 MB
2695[+] Elapsed time: 00:03:42
2696##################################################################################################################################
2697[+] URL: https://www.fightwhitegenocide.com/ [23.229.234.138]
2698[+] Started: Thu Mar 19 10:50:42 2020
2699
2700Interesting Finding(s):
2701
2702[+] Headers
2703 | Interesting Entries:
2704 | - server: Apache
2705 | - x-powered-by: PHP/5.6.40
2706 | Found By: Headers (Passive Detection)
2707 | Confidence: 100%
2708
2709[+] https://www.fightwhitegenocide.com/robots.txt
2710 | Interesting Entries:
2711 | - /wp-admin/
2712 | - /wp-admin/admin-ajax.php
2713 | Found By: Robots Txt (Aggressive Detection)
2714 | Confidence: 100%
2715
2716[+] XML-RPC seems to be enabled: https://www.fightwhitegenocide.com/xmlrpc.php
2717 | Found By: Direct Access (Aggressive Detection)
2718 | Confidence: 100%
2719 | References:
2720 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2721 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2722 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2723 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2724 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2725
2726[+] https://www.fightwhitegenocide.com/readme.html
2727 | Found By: Direct Access (Aggressive Detection)
2728 | Confidence: 100%
2729
2730[+] https://www.fightwhitegenocide.com/wp-content/debug.log
2731 | Found By: Direct Access (Aggressive Detection)
2732 | Confidence: 100%
2733 | Reference: https://codex.wordpress.org/Debugging_in_WordPress
2734
2735[+] https://www.fightwhitegenocide.com/wp-cron.php
2736 | Found By: Direct Access (Aggressive Detection)
2737 | Confidence: 60%
2738 | References:
2739 | - https://www.iplocation.net/defend-wordpress-from-ddos
2740 | - https://github.com/wpscanteam/wpscan/issues/1299
2741
2742[+] WordPress version 4.9.13 identified (Latest, released on 2019-12-12).
2743 | Found By: Rss Generator (Passive Detection)
2744 | - https://www.fightwhitegenocide.com/feed/, <generator>https://wordpress.org/?v=4.9.13</generator>
2745 | - https://www.fightwhitegenocide.com/comments/feed/, <generator>https://wordpress.org/?v=4.9.13</generator>
2746 | - https://www.fightwhitegenocide.com/feed/podcast, <generator>https://wordpress.org/?v=4.9.13</generator>
2747
2748[+] WordPress theme in use: the-activism
2749 | Location: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/
2750 | Readme: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/readme.txt
2751 | Style URL: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/style.css?ver=1.00
2752 | Style Name: The Activism
2753 | Style URI: http://themeforest.net/user/Softwebmedia/portfolio
2754 | Description: A premium WordPress responsive theme by Soft Web Media...
2755 | Author: Soft Web Media
2756 | Author URI: http://themeforest.net/user/Softwebmedia
2757 |
2758 | Found By: Css Style In Homepage (Passive Detection)
2759 | Confirmed By: Css Style In 404 Page (Passive Detection)
2760 |
2761 | Version: 1.03 (80% confidence)
2762 | Found By: Style (Passive Detection)
2763 | - https://www.fightwhitegenocide.com/wp-content/themes/the-activism/style.css?ver=1.00, Match: 'Version: 1.03'
2764
2765[+] Enumerating Users (via Passive and Aggressive Methods)
2766 Brute Forcing Author IDs - Time: 00:02:42 <==> (10 / 10) 100.00% Time: 00:02:42
2767
2768[i] User(s) Identified:
2769
2770[+] laura-fitz
2771 | Found By: Author Posts - Author Pattern (Passive Detection)
2772 | Confirmed By:
2773 | Wp Json Api (Aggressive Detection)
2774 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2775 | Yoast Seo Author Sitemap (Aggressive Detection)
2776 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2777 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2778
2779[+] Deprogrammer
2780 | Found By: Rss Generator (Passive Detection)
2781 | Confirmed By: Rss Generator (Aggressive Detection)
2782
2783[+] Laura Fitz-Gerald
2784 | Found By: Rss Generator (Passive Detection)
2785 | Confirmed By: Rss Generator (Aggressive Detection)
2786
2787[+] Wuntz Moore
2788 | Found By: Rss Generator (Passive Detection)
2789 | Confirmed By: Rss Generator (Aggressive Detection)
2790
2791[+] admin
2792 | Found By: Wp Json Api (Aggressive Detection)
2793 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2794 | Confirmed By:
2795 | Oembed API - Author URL (Aggressive Detection)
2796 | - https://www.fightwhitegenocide.com/wp-json/oembed/1.0/embed?url=https://www.fightwhitegenocide.com/&format=json
2797 | Yoast Seo Author Sitemap (Aggressive Detection)
2798 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2799 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2800 | Login Error Messages (Aggressive Detection)
2801
2802[+] zdeprogrammer
2803 | Found By: Wp Json Api (Aggressive Detection)
2804 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2805 | Confirmed By:
2806 | Yoast Seo Author Sitemap (Aggressive Detection)
2807 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2808 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2809 | Login Error Messages (Aggressive Detection)
2810
2811[+] eyeslevel
2812 | Found By: Wp Json Api (Aggressive Detection)
2813 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2814 | Confirmed By:
2815 | Yoast Seo Author Sitemap (Aggressive Detection)
2816 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2817 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2818
2819[+] fwg-activist
2820 | Found By: Wp Json Api (Aggressive Detection)
2821 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2822 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2823
2824[+] fwg_activist_submission
2825 | Found By: Wp Json Api (Aggressive Detection)
2826 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2827 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2828
2829[+] instmstr2
2830 | Found By: Wp Json Api (Aggressive Detection)
2831 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2832 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2833
2834[+] ken
2835 | Found By: Wp Json Api (Aggressive Detection)
2836 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2837 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
2838 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2839
2840[+] rbwalker
2841 | Found By: Wp Json Api (Aggressive Detection)
2842 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2843 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
2844 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2845
2846[+] seapea
2847 | Found By: Wp Json Api (Aggressive Detection)
2848 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2849 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
2850 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2851
2852[+] henryd-1
2853 | Found By: Wp Json Api (Aggressive Detection)
2854 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2855 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
2856 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2857
2858[+] zjimfalls
2859 | Found By: Wp Json Api (Aggressive Detection)
2860 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2861 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2862
2863[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
2864[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
2865
2866[+] Finished: Thu Mar 19 10:55:12 2020
2867[+] Requests Done: 53
2868[+] Cached Requests: 17
2869[+] Data Sent: 15.741 KB
2870[+] Data Received: 632.37 MB
2871[+] Memory used: 128.152 MB
2872[+] Elapsed time: 00:04:29
2873#################################################################################################################################
2874[+] URL: https://www.fightwhitegenocide.com/ [23.229.234.138]
2875[+] Started: Thu Mar 19 10:56:36 2020
2876
2877Interesting Finding(s):
2878
2879[+] Headers
2880 | Interesting Entries:
2881 | - server: Apache
2882 | - x-powered-by: PHP/5.6.40
2883 | Found By: Headers (Passive Detection)
2884 | Confidence: 100%
2885
2886[+] https://www.fightwhitegenocide.com/robots.txt
2887 | Interesting Entries:
2888 | - /wp-admin/
2889 | - /wp-admin/admin-ajax.php
2890 | Found By: Robots Txt (Aggressive Detection)
2891 | Confidence: 100%
2892
2893[+] XML-RPC seems to be enabled: https://www.fightwhitegenocide.com/xmlrpc.php
2894 | Found By: Direct Access (Aggressive Detection)
2895 | Confidence: 100%
2896 | References:
2897 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2898 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2899 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2900 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2901 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2902
2903[+] https://www.fightwhitegenocide.com/readme.html
2904 | Found By: Direct Access (Aggressive Detection)
2905 | Confidence: 100%
2906
2907[+] https://www.fightwhitegenocide.com/wp-content/debug.log
2908 | Found By: Direct Access (Aggressive Detection)
2909 | Confidence: 100%
2910 | Reference: https://codex.wordpress.org/Debugging_in_WordPress
2911
2912[+] https://www.fightwhitegenocide.com/wp-cron.php
2913 | Found By: Direct Access (Aggressive Detection)
2914 | Confidence: 60%
2915 | References:
2916 | - https://www.iplocation.net/defend-wordpress-from-ddos
2917 | - https://github.com/wpscanteam/wpscan/issues/1299
2918
2919[+] WordPress version 4.9.13 identified (Latest, released on 2019-12-12).
2920 | Found By: Rss Generator (Passive Detection)
2921 | - https://www.fightwhitegenocide.com/feed/, <generator>https://wordpress.org/?v=4.9.13</generator>
2922 | - https://www.fightwhitegenocide.com/comments/feed/, <generator>https://wordpress.org/?v=4.9.13</generator>
2923 | - https://www.fightwhitegenocide.com/feed/podcast, <generator>https://wordpress.org/?v=4.9.13</generator>
2924
2925[+] WordPress theme in use: the-activism
2926 | Location: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/
2927 | Readme: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/readme.txt
2928 | Style URL: https://www.fightwhitegenocide.com/wp-content/themes/the-activism/style.css?ver=1.00
2929 | Style Name: The Activism
2930 | Style URI: http://themeforest.net/user/Softwebmedia/portfolio
2931 | Description: A premium WordPress responsive theme by Soft Web Media...
2932 | Author: Soft Web Media
2933 | Author URI: http://themeforest.net/user/Softwebmedia
2934 |
2935 | Found By: Css Style In Homepage (Passive Detection)
2936 | Confirmed By: Css Style In 404 Page (Passive Detection)
2937 |
2938 | Version: 1.03 (80% confidence)
2939 | Found By: Style (Passive Detection)
2940 | - https://www.fightwhitegenocide.com/wp-content/themes/the-activism/style.css?ver=1.00, Match: 'Version: 1.03'
2941
2942[+] Enumerating Users (via Passive and Aggressive Methods)
2943 Brute Forcing Author IDs - Time: 00:00:19 <============> (10 / 10) 100.00% Time: 00:00:19
2944
2945[i] User(s) Identified:
2946
2947[+] laura-fitz
2948 | Found By: Author Posts - Author Pattern (Passive Detection)
2949 | Confirmed By:
2950 | Wp Json Api (Aggressive Detection)
2951 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2952 | Yoast Seo Author Sitemap (Aggressive Detection)
2953 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2954 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2955
2956[+] Deprogrammer
2957 | Found By: Rss Generator (Passive Detection)
2958 | Confirmed By: Rss Generator (Aggressive Detection)
2959
2960[+] Laura Fitz-Gerald
2961 | Found By: Rss Generator (Passive Detection)
2962 | Confirmed By: Rss Generator (Aggressive Detection)
2963
2964[+] Wuntz Moore
2965 | Found By: Rss Generator (Passive Detection)
2966 | Confirmed By: Rss Generator (Aggressive Detection)
2967
2968[+] admin
2969 | Found By: Wp Json Api (Aggressive Detection)
2970 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2971 | Confirmed By:
2972 | Oembed API - Author URL (Aggressive Detection)
2973 | - https://www.fightwhitegenocide.com/wp-json/oembed/1.0/embed?url=https://www.fightwhitegenocide.com/&format=json
2974 | Yoast Seo Author Sitemap (Aggressive Detection)
2975 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2976 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2977
2978[+] zdeprogrammer
2979 | Found By: Wp Json Api (Aggressive Detection)
2980 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2981 | Confirmed By:
2982 | Yoast Seo Author Sitemap (Aggressive Detection)
2983 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2984 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2985
2986[+] eyeslevel
2987 | Found By: Wp Json Api (Aggressive Detection)
2988 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2989 | Confirmed By:
2990 | Yoast Seo Author Sitemap (Aggressive Detection)
2991 | - https://www.fightwhitegenocide.com/author-sitemap.xml
2992 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2993
2994[+] fwg-activist
2995 | Found By: Wp Json Api (Aggressive Detection)
2996 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
2997 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
2998
2999[+] fwg_activist_submission
3000 | Found By: Wp Json Api (Aggressive Detection)
3001 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3002 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
3003
3004[+] instmstr2
3005 | Found By: Wp Json Api (Aggressive Detection)
3006 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3007 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
3008
3009[+] ken
3010 | Found By: Wp Json Api (Aggressive Detection)
3011 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3012 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
3013 | - https://www.fightwhitegenocide.com/author-sitemap.xml
3014
3015[+] rbwalker
3016 | Found By: Wp Json Api (Aggressive Detection)
3017 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3018 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
3019 | - https://www.fightwhitegenocide.com/author-sitemap.xml
3020
3021[+] seapea
3022 | Found By: Wp Json Api (Aggressive Detection)
3023 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3024 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
3025 | - https://www.fightwhitegenocide.com/author-sitemap.xml
3026
3027[+] henryd-1
3028 | Found By: Wp Json Api (Aggressive Detection)
3029 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3030 | Confirmed By:
3031 | Yoast Seo Author Sitemap (Aggressive Detection)
3032 | - https://www.fightwhitegenocide.com/author-sitemap.xml
3033 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
3034
3035[+] zjimfalls
3036 | Found By: Wp Json Api (Aggressive Detection)
3037 | - https://www.fightwhitegenocide.com/wp-json/wp/v2/users/?per_page=100&page=1
3038 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
3039
3040[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
3041[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
3042
3043[+] Finished: Thu Mar 19 10:57:11 2020
3044[+] Requests Done: 17
3045[+] Cached Requests: 50
3046[+] Data Sent: 4.859 KB
3047[+] Data Received: 247.157 KB
3048[+] Memory used: 132.496 MB
3049[+] Elapsed time: 00:00:34
3050################################################################################################################################
3051[INFO] ------TARGET info------
3052[*] TARGET: https://www.fightwhitegenocide.com/
3053[*] TARGET IP: 23.229.234.138
3054[INFO] NO load balancer detected for www.fightwhitegenocide.com...
3055[*] DNS servers: fightwhitegenocide.com.
3056[*] TARGET server: Apache
3057[*] CC: US
3058[*] Country: United States
3059[*] RegionCode: AZ
3060[*] RegionName: Arizona
3061[*] City: Scottsdale
3062[*] ASN: AS26496
3063[*] BGP_PREFIX: 23.229.128.0/17
3064[*] ISP: AS-26496-GO-DADDY-COM-LLC, US
3065[INFO] SSL/HTTPS certificate detected
3066[*] Issuer: issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
3067[*] Subject: subject=OU = Domain Control Validated, CN = fightwhitegenocide.com
3068[INFO] DNS enumeration:
3069[*] admin.fightwhitegenocide.com 23.229.234.138
3070[*] mail.fightwhitegenocide.com fightwhitegenocide.com. 23.229.234.138
3071[*] webmail.fightwhitegenocide.com fightwhitegenocide.com. 23.229.234.138
3072[INFO] Possible abuse mails are:
3073[*] abuse@fightwhitegenocide.com
3074[*] abuse@www.fightwhitegenocide.com
3075[*] fbl-spamcop@ext.godaddy.com
3076[INFO] NO PAC (Proxy Auto Configuration) file FOUND
3077[ALERT] robots.txt file FOUND in http://www.fightwhitegenocide.com/robots.txt
3078[INFO] Checking for HTTP status codes recursively from http://www.fightwhitegenocide.com/robots.txt
3079[INFO] Status code Folders
3080[*] 302 http://www.fightwhitegenocide.com/wp-admin/
3081[INFO] Starting FUZZing in http://www.fightwhitegenocide.com/FUzZzZzZzZz...
3082[INFO] Status code Folders
3083[*] 301 http://www.fightwhitegenocide.com/news
3084[*] 301 http://www.fightwhitegenocide.com/full
3085[INFO] NO passwords found in source code
3086[INFO] SAME content in http://www.fightwhitegenocide.com/ AND http://23.229.234.138/
3087
3088Recherche www.fightwhitegenocide.com
3089Connexion HTTPS à www.fightwhitegenocide.com
3090Connection vérifiée à www.fightwhitegenocide.com (sujet=www.fightwhitegenocide.com)
3091Certificat émis par: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com\, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
3092Connection HTTP sécurisée 256-bit TLS1.2 (ECDHE_RSA_AES_256_GCM_SHA384)
3093Envoi de la requête HTTP.
3094Requête HTTP envoyée. Attente de réponse.
3095Alerte ! : Erreur de lecture inattendue ; connexion interrompue.
3096Accès impossible `https://www.fightwhitegenocide.com/'
3097Alerte ! : Impossible d’accéder au document.
3098
3099lynx : accès impossible au fichier de départ
3100[INFO] Links found from https://www.fightwhitegenocide.com/:
3101cut: intervalle de champ incorrecte
3102Saisissez « cut --help » pour plus d'informations.
3103[INFO] Shodan detected the following opened ports on 23.229.234.138:
3104[*] 0
3105[*] 1
3106[*] 110
3107[*] 143
3108[*] 2082
3109[*] 2083
3110[*] 2086
3111[*] 2087
3112[*] 21
3113[*] 22
3114[*] 3
3115[*] 3306
3116[*] 4
3117[*] 443
3118[*] 465
3119[*] 587
3120[*] 8
3121[*] 80
3122[*] 993
3123[*] 995
3124[INFO] ------VirusTotal SECTION------
3125[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
3126[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
3127[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
3128[INFO] ------Alexa Rank SECTION------
3129[INFO] Percent of Visitors Rank in Country:
3130[INFO] Percent of Search Traffic:
3131[INFO] Percent of Unique Visits:
3132[INFO] Total Sites Linking In:
3133[*] Total Sites
3134[INFO] Useful links related to www.fightwhitegenocide.com - 23.229.234.138:
3135[*] https://www.virustotal.com/pt/ip-address/23.229.234.138/information/
3136[*] https://www.hybrid-analysis.com/search?host=23.229.234.138
3137[*] https://www.shodan.io/host/23.229.234.138
3138[*] https://www.senderbase.org/lookup/?search_string=23.229.234.138
3139[*] https://www.alienvault.com/open-threat-exchange/ip/23.229.234.138
3140[*] http://pastebin.com/search?q=23.229.234.138
3141[*] http://urlquery.net/search.php?q=23.229.234.138
3142[*] http://www.alexa.com/siteinfo/www.fightwhitegenocide.com
3143[*] http://www.google.com/safebrowsing/diagnostic?site=www.fightwhitegenocide.com
3144[*] https://censys.io/ipv4/23.229.234.138
3145[*] https://www.abuseipdb.com/check/23.229.234.138
3146[*] https://urlscan.io/search/#23.229.234.138
3147[*] https://github.com/search?q=23.229.234.138&type=Code
3148[INFO] Useful links related to AS26496 - 23.229.128.0/17:
3149[*] http://www.google.com/safebrowsing/diagnostic?site=AS:26496
3150[*] https://www.senderbase.org/lookup/?search_string=23.229.128.0/17
3151[*] http://bgp.he.net/AS26496
3152[*] https://stat.ripe.net/AS26496
3153[INFO] Date: 19/03/20 | Time: 10:58:17
3154[INFO] Total time: 1 minute(s) and 56 second(s)
3155################################################################################################################################
3156Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:04 EDT
3157Nmap scan report for ip-23-229-234-138.ip.secureserver.net (23.229.234.138)
3158Host is up (0.30s latency).
3159Not shown: 975 filtered ports
3160PORT STATE SERVICE VERSION
316121/tcp open ftp Pure-FTPd
3162| vulscan: VulDB - https://vuldb.com:
3163| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
3164| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
3165| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
3166|
3167| MITRE CVE - https://cve.mitre.org:
3168| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
3169|
3170| SecurityFocus - https://www.securityfocus.com/bid/:
3171| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
3172|
3173| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3174| No findings
3175|
3176| Exploit-DB - https://www.exploit-db.com:
3177| No findings
3178|
3179| OpenVAS (Nessus) - http://www.openvas.org:
3180| No findings
3181|
3182| SecurityTracker - https://www.securitytracker.com:
3183| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
3184| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
3185| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
3186| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
3187|
3188| OSVDB - http://www.osvdb.org:
3189| No findings
3190|_
319122/tcp open ssh OpenSSH 5.3 (protocol 2.0)
3192| vulscan: VulDB - https://vuldb.com:
3193| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
3194| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
3195| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
3196| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
3197|
3198| MITRE CVE - https://cve.mitre.org:
3199| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
3200| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
3201| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
3202| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
3203| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
3204| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
3205| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
3206| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
3207| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
3208|
3209| SecurityFocus - https://www.securityfocus.com/bid/:
3210| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
3211| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
3212| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
3213| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
3214| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
3215| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
3216| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
3217| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
3218| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
3219| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
3220| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
3221| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
3222| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
3223| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
3224| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
3225| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
3226| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
3227| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
3228| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
3229| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
3230| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
3231| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
3232| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
3233| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
3234| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
3235| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
3236| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
3237| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
3238| [75990] OpenSSH Login Handling Security Bypass Weakness
3239| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
3240| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
3241| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
3242| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
3243| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
3244| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
3245| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
3246| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
3247| [61286] OpenSSH Remote Denial of Service Vulnerability
3248| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
3249| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
3250| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
3251| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
3252| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
3253| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3254| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
3255| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
3256| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3257| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
3258| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
3259| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
3260| [30794] Red Hat OpenSSH Backdoor Vulnerability
3261| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
3262| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
3263| [28531] OpenSSH ForceCommand Command Execution Weakness
3264| [28444] OpenSSH X Connections Session Hijacking Vulnerability
3265| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
3266| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
3267| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
3268| [20956] OpenSSH Privilege Separation Key Signature Weakness
3269| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
3270| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
3271| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
3272| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
3273| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
3274| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
3275| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
3276| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
3277| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
3278| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
3279| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
3280| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
3281| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
3282| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
3283| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
3284| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
3285| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
3286| [6168] OpenSSH Visible Password Vulnerability
3287| [5374] OpenSSH Trojan Horse Vulnerability
3288| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
3289| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3290| [4241] OpenSSH Channel Code Off-By-One Vulnerability
3291| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
3292| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
3293| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
3294| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
3295| [2917] OpenSSH PAM Session Evasion Vulnerability
3296| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
3297| [2356] OpenSSH Private Key Authentication Check Vulnerability
3298| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
3299| [1334] OpenSSH UseLogin Vulnerability
3300|
3301| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3302| [83258] GSI-OpenSSH auth-pam.c security bypass
3303| [82781] OpenSSH time limit denial of service
3304| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
3305| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
3306| [72756] Debian openssh-server commands information disclosure
3307| [68339] OpenSSH pam_thread buffer overflow
3308| [67264] OpenSSH ssh-keysign unauthorized access
3309| [65910] OpenSSH remote_glob function denial of service
3310| [65163] OpenSSH certificate information disclosure
3311| [64387] OpenSSH J-PAKE security bypass
3312| [63337] Cisco Unified Videoconferencing OpenSSH weak security
3313| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
3314| [45202] OpenSSH signal handler denial of service
3315| [44747] RHEL OpenSSH backdoor
3316| [44280] OpenSSH PermitRootLogin information disclosure
3317| [44279] OpenSSH sshd weak security
3318| [44037] OpenSSH sshd SELinux role unauthorized access
3319| [43940] OpenSSH X11 forwarding information disclosure
3320| [41549] OpenSSH ForceCommand directive security bypass
3321| [41438] OpenSSH sshd session hijacking
3322| [40897] OpenSSH known_hosts weak security
3323| [40587] OpenSSH username weak security
3324| [37371] OpenSSH username data manipulation
3325| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
3326| [37112] RHSA update for OpenSSH signal handler race condition not installed
3327| [37107] RHSA update for OpenSSH identical block denial of service not installed
3328| [36637] OpenSSH X11 cookie privilege escalation
3329| [35167] OpenSSH packet.c newkeys[mode] denial of service
3330| [34490] OpenSSH OPIE information disclosure
3331| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
3332| [32975] Apple Mac OS X OpenSSH denial of service
3333| [32387] RHSA-2006:0738 updates for openssh not installed
3334| [32359] RHSA-2006:0697 updates for openssh not installed
3335| [32230] RHSA-2006:0298 updates for openssh not installed
3336| [32132] RHSA-2006:0044 updates for openssh not installed
3337| [30120] OpenSSH privilege separation monitor authentication verification weakness
3338| [29255] OpenSSH GSSAPI user enumeration
3339| [29254] OpenSSH signal handler race condition
3340| [29158] OpenSSH identical block denial of service
3341| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
3342| [25116] OpenSSH OpenPAM denial of service
3343| [24305] OpenSSH SCP shell expansion command execution
3344| [22665] RHSA-2005:106 updates for openssh not installed
3345| [22117] OpenSSH GSSAPI allows elevated privileges
3346| [22115] OpenSSH GatewayPorts security bypass
3347| [20930] OpenSSH sshd.c LoginGraceTime denial of service
3348| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
3349| [17213] OpenSSH allows port bouncing attacks
3350| [16323] OpenSSH scp file overwrite
3351| [13797] OpenSSH PAM information leak
3352| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
3353| [13264] OpenSSH PAM code could allow an attacker to gain access
3354| [13215] OpenSSH buffer management errors could allow an attacker to execute code
3355| [13214] OpenSSH memory vulnerabilities
3356| [13191] OpenSSH large packet buffer overflow
3357| [12196] OpenSSH could allow an attacker to bypass login restrictions
3358| [11970] OpenSSH could allow an attacker to obtain valid administrative account
3359| [11902] OpenSSH PAM support enabled information leak
3360| [9803] OpenSSH "
3361| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
3362| [9307] OpenSSH is running on the system
3363| [9169] OpenSSH "
3364| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
3365| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
3366| [8383] OpenSSH off-by-one error in channel code
3367| [7647] OpenSSH UseLogin option arbitrary code execution
3368| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
3369| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
3370| [7179] OpenSSH source IP access control bypass
3371| [6757] OpenSSH "
3372| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
3373| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
3374| [5517] OpenSSH allows unauthorized access to resources
3375| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
3376|
3377| Exploit-DB - https://www.exploit-db.com:
3378| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
3379| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
3380| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3381| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
3382| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
3383| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
3384| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
3385| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
3386| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
3387| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
3388| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
3389| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
3390| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
3391| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
3392|
3393| OpenVAS (Nessus) - http://www.openvas.org:
3394| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
3395| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
3396| [881183] CentOS Update for openssh CESA-2012:0884 centos6
3397| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
3398| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
3399| [870763] RedHat Update for openssh RHSA-2012:0884-04
3400| [870129] RedHat Update for openssh RHSA-2008:0855-01
3401| [861813] Fedora Update for openssh FEDORA-2010-5429
3402| [861319] Fedora Update for openssh FEDORA-2007-395
3403| [861170] Fedora Update for openssh FEDORA-2007-394
3404| [861012] Fedora Update for openssh FEDORA-2007-715
3405| [840345] Ubuntu Update for openssh vulnerability USN-597-1
3406| [840300] Ubuntu Update for openssh update USN-612-5
3407| [840271] Ubuntu Update for openssh vulnerability USN-612-2
3408| [840268] Ubuntu Update for openssh update USN-612-7
3409| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
3410| [840214] Ubuntu Update for openssh vulnerability USN-566-1
3411| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
3412| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
3413| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
3414| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
3415| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
3416| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
3417| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
3418| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
3419| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
3420| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3421| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3422| [100584] OpenSSH X Connections Session Hijacking Vulnerability
3423| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
3424| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
3425| [65987] SLES10: Security update for OpenSSH
3426| [65819] SLES10: Security update for OpenSSH
3427| [65514] SLES9: Security update for OpenSSH
3428| [65513] SLES9: Security update for OpenSSH
3429| [65334] SLES9: Security update for OpenSSH
3430| [65248] SLES9: Security update for OpenSSH
3431| [65218] SLES9: Security update for OpenSSH
3432| [65169] SLES9: Security update for openssh,openssh-askpass
3433| [65126] SLES9: Security update for OpenSSH
3434| [65019] SLES9: Security update for OpenSSH
3435| [65015] SLES9: Security update for OpenSSH
3436| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
3437| [61639] Debian Security Advisory DSA 1638-1 (openssh)
3438| [61030] Debian Security Advisory DSA 1576-2 (openssh)
3439| [61029] Debian Security Advisory DSA 1576-1 (openssh)
3440| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
3441| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
3442| [60667] Slackware Advisory SSA:2008-095-01 openssh
3443| [59014] Slackware Advisory SSA:2007-255-01 openssh
3444| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
3445| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
3446| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
3447| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
3448| [57492] Slackware Advisory SSA:2006-272-02 openssh
3449| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
3450| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
3451| [57470] FreeBSD Ports: openssh
3452| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
3453| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
3454| [56294] Slackware Advisory SSA:2006-045-06 openssh
3455| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
3456| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
3457| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
3458| [53788] Debian Security Advisory DSA 025-1 (openssh)
3459| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
3460| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
3461| [11343] OpenSSH Client Unauthorized Remote Forwarding
3462| [10954] OpenSSH AFS/Kerberos ticket/token passing
3463| [10883] OpenSSH Channel Code Off by 1
3464| [10823] OpenSSH UseLogin Environment Variables
3465|
3466| SecurityTracker - https://www.securitytracker.com:
3467| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
3468| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
3469| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
3470| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
3471| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
3472| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
3473| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
3474| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
3475| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
3476| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
3477| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
3478| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
3479| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
3480| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
3481| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
3482| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
3483| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
3484| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
3485| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
3486| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
3487| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
3488| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
3489| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
3490| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
3491| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
3492| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
3493| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
3494| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
3495| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
3496| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
3497| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
3498| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
3499| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
3500| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
3501| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
3502| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
3503| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
3504| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
3505|
3506| OSVDB - http://www.osvdb.org:
3507| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
3508| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
3509| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
3510| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
3511| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
3512| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
3513| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
3514| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
3515| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
3516| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
3517| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
3518| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
3519| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
3520| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
3521| [56921] OpenSSH Unspecified Remote Compromise
3522| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
3523| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
3524| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
3525| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
3526| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
3527| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
3528| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
3529| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
3530| [43745] OpenSSH X11 Forwarding Local Session Hijacking
3531| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
3532| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
3533| [37315] pam_usb OpenSSH Authentication Unspecified Issue
3534| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
3535| [34601] OPIE w/ OpenSSH Account Enumeration
3536| [34600] OpenSSH S/KEY Authentication Account Enumeration
3537| [32721] OpenSSH Username Password Complexity Account Enumeration
3538| [30232] OpenSSH Privilege Separation Monitor Weakness
3539| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
3540| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
3541| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
3542| [29152] OpenSSH Identical Block Packet DoS
3543| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
3544| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
3545| [22692] OpenSSH scp Command Line Filename Processing Command Injection
3546| [20216] OpenSSH with KerberosV Remote Authentication Bypass
3547| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
3548| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
3549| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
3550| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
3551| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
3552| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
3553| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
3554| [6601] OpenSSH *realloc() Unspecified Memory Errors
3555| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
3556| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
3557| [6072] OpenSSH PAM Conversation Function Stack Modification
3558| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
3559| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
3560| [5408] OpenSSH echo simulation Information Disclosure
3561| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
3562| [4536] OpenSSH Portable AIX linker Privilege Escalation
3563| [3938] OpenSSL and OpenSSH /dev/random Check Failure
3564| [3456] OpenSSH buffer_append_space() Heap Corruption
3565| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
3566| [2140] OpenSSH w/ PAM Username Validity Timing Attack
3567| [2112] OpenSSH Reverse DNS Lookup Bypass
3568| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
3569| [1853] OpenSSH Symbolic Link 'cookies' File Removal
3570| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
3571| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
3572| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
3573| [688] OpenSSH UseLogin Environment Variable Local Command Execution
3574| [642] OpenSSH Multiple Key Type ACL Bypass
3575| [504] OpenSSH SSHv2 Public Key Authentication Bypass
3576| [341] OpenSSH UseLogin Local Privilege Escalation
3577|_
357825/tcp open smtp?
357926/tcp closed rsftp
358080/tcp open http Apache httpd (PHP 5.6.40)
3581| vulscan: VulDB - https://vuldb.com:
3582| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3583| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3584| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3585| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3586| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3587| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3588| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3589| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3590| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3591| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3592| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3593| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3594| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3595| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3596| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3597| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3598| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3599| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3600| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3601| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3602| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3603| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3604| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3605| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3606| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3607| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3608| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3609| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3610| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3611| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3612| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3613| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3614| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3615| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3616| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3617| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3618| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3619| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3620| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3621| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3622| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3623| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3624| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3625| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3626| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3627| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3628| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3629| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3630| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3631| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3632| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3633| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3634| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3635| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3636| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3637| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3638| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3639| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3640| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3641| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3642| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3643| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3644| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3645| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3646| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3647| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3648| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3649| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3650| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3651| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3652| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3653| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3654| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3655| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3656| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3657| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3658| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3659| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3660| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3661| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3662| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3663| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3664| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3665| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3666| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3667| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3668| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3669| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3670| [136370] Apache Fineract up to 1.2.x sql injection
3671| [136369] Apache Fineract up to 1.2.x sql injection
3672| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3673| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3674| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3675| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3676| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3677| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3678| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3679| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3680| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3681| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3682| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3683| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3684| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3685| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3686| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3687| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3688| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3689| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3690| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3691| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3692| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3693| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3694| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3695| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3696| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3697| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3698| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3699| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3700| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3701| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3702| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3703| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3704| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3705| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3706| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3707| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3708| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3709| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3710| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3711| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3712| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3713| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3714| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3715| [130629] Apache Guacamole Cookie Flag weak encryption
3716| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3717| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3718| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3719| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3720| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3721| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3722| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3723| [130123] Apache Airflow up to 1.8.2 information disclosure
3724| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3725| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3726| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3727| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3728| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3729| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3730| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3731| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3732| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3733| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3734| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3735| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3736| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3737| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3738| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3739| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3740| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3741| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3742| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3743| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3744| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3745| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3746| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3747| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3748| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3749| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3750| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3751| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3752| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3753| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3754| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3755| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3756| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3757| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3758| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3759| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3760| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3761| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3762| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3763| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3764| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3765| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3766| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3767| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3768| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3769| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3770| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3771| [127007] Apache Spark Request Code Execution
3772| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3773| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3774| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3775| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3776| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3777| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3778| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3779| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3780| [126346] Apache Tomcat Path privilege escalation
3781| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3782| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3783| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3784| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3785| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3786| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3787| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3788| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3789| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3790| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3791| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3792| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3793| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3794| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3795| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3796| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3797| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3798| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3799| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3800| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3801| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3802| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3803| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3804| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3805| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3806| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3807| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3808| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3809| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3810| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3811| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3812| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3813| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3814| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3815| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3816| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3817| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3818| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3819| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3820| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3821| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3822| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3823| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3824| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3825| [123197] Apache Sentry up to 2.0.0 privilege escalation
3826| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3827| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3828| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3829| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3830| [122800] Apache Spark 1.3.0 REST API weak authentication
3831| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3832| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3833| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3834| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3835| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3836| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3837| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3838| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3839| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3840| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3841| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3842| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3843| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3844| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3845| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3846| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3847| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3848| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3849| [121354] Apache CouchDB HTTP API Code Execution
3850| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3851| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3852| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
3853| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
3854| [120168] Apache CXF weak authentication
3855| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
3856| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
3857| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
3858| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
3859| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
3860| [119306] Apache MXNet Network Interface privilege escalation
3861| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
3862| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
3863| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
3864| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
3865| [118143] Apache NiFi activemq-client Library Deserialization denial of service
3866| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
3867| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
3868| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
3869| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
3870| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
3871| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
3872| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
3873| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
3874| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
3875| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
3876| [117115] Apache Tika up to 1.17 tika-server command injection
3877| [116929] Apache Fineract getReportType Parameter privilege escalation
3878| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
3879| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
3880| [116926] Apache Fineract REST Parameter privilege escalation
3881| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
3882| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
3883| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
3884| [115883] Apache Hive up to 2.3.2 privilege escalation
3885| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
3886| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
3887| [115518] Apache Ignite 2.3 Deserialization privilege escalation
3888| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
3889| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
3890| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
3891| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
3892| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
3893| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
3894| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
3895| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
3896| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
3897| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
3898| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
3899| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
3900| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
3901| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
3902| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
3903| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
3904| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
3905| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
3906| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
3907| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
3908| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
3909| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
3910| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
3911| [113895] Apache Geode up to 1.3.x Code Execution
3912| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
3913| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
3914| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
3915| [113747] Apache Tomcat Servlets privilege escalation
3916| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
3917| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
3918| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
3919| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
3920| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
3921| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3922| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
3923| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3924| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
3925| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
3926| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
3927| [112885] Apache Allura up to 1.8.0 File information disclosure
3928| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
3929| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
3930| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
3931| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
3932| [112625] Apache POI up to 3.16 Loop denial of service
3933| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
3934| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
3935| [112339] Apache NiFi 1.5.0 Header privilege escalation
3936| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
3937| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
3938| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
3939| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
3940| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
3941| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
3942| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
3943| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
3944| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
3945| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
3946| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
3947| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
3948| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
3949| [112114] Oracle 9.1 Apache Log4j privilege escalation
3950| [112113] Oracle 9.1 Apache Log4j privilege escalation
3951| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
3952| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
3953| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
3954| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
3955| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
3956| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
3957| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
3958| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
3959| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
3960| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
3961| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
3962| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
3963| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
3964| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
3965| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
3966| [110701] Apache Fineract Query Parameter sql injection
3967| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
3968| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
3969| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
3970| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
3971| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
3972| [110106] Apache CXF Fediz Spring cross site request forgery
3973| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
3974| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
3975| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
3976| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
3977| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
3978| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
3979| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
3980| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
3981| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
3982| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
3983| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
3984| [108938] Apple macOS up to 10.13.1 apache denial of service
3985| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
3986| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
3987| [108935] Apple macOS up to 10.13.1 apache denial of service
3988| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
3989| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
3990| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
3991| [108931] Apple macOS up to 10.13.1 apache denial of service
3992| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
3993| [108929] Apple macOS up to 10.13.1 apache denial of service
3994| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
3995| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
3996| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
3997| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
3998| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
3999| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4000| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4001| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
4002| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4003| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4004| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4005| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4006| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4007| [108782] Apache Xerces2 XML Service denial of service
4008| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4009| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4010| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4011| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4012| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4013| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4014| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4015| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4016| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4017| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4018| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4019| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4020| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4021| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4022| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4023| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4024| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4025| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4026| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4027| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4028| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4029| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4030| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4031| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4032| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4033| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4034| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4035| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4036| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4037| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4038| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4039| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4040| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4041| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4042| [107639] Apache NiFi 1.4.0 XML External Entity
4043| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4044| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4045| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4046| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4047| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4048| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4049| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4050| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4051| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4052| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4053| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4054| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4055| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4056| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4057| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4058| [107084] Apache Struts up to 2.3.19 cross site scripting
4059| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4060| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4061| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4062| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4063| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4064| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4065| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4066| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4067| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4068| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4069| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4070| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4071| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4072| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4073| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4074| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4075| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4076| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4077| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4078| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4079| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4080| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4081| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4082| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4083| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4084| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4085| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4086| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4087| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4088| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4089| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4090| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4091| [105643] Apache Pony Mail up to 0.8b weak authentication
4092| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4093| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4094| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4095| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4096| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4097| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4098| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4099| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4100| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4101| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4102| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4103| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4104| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4105| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4106| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4107| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4108| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4109| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4110| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4111| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4112| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4113| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4114| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4115| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4116| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4117| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4118| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4119| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4120| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4121| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4122| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4123| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4124| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4125| [103690] Apache OpenMeetings 1.0.0 sql injection
4126| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4127| [103688] Apache OpenMeetings 1.0.0 weak encryption
4128| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4129| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4130| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4131| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4132| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4133| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4134| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4135| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4136| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4137| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4138| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4139| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4140| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4141| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4142| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4143| [103352] Apache Solr Node weak authentication
4144| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4145| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4146| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4147| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
4148| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4149| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4150| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4151| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4152| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4153| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4154| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4155| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4156| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4157| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4158| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4159| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4160| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4161| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4162| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4163| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
4164| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4165| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4166| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4167| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4168| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4169| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4170| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4171| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4172| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4173| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4174| [99937] Apache Batik up to 1.8 privilege escalation
4175| [99936] Apache FOP up to 2.1 privilege escalation
4176| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4177| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4178| [99930] Apache Traffic Server up to 6.2.0 denial of service
4179| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4180| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4181| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4182| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4183| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4184| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4185| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4186| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4187| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4188| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4189| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4190| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4191| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4192| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4193| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4194| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4195| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4196| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4197| [98605] Apple macOS up to 10.12.3 Apache denial of service
4198| [98604] Apple macOS up to 10.12.3 Apache denial of service
4199| [98603] Apple macOS up to 10.12.3 Apache denial of service
4200| [98602] Apple macOS up to 10.12.3 Apache denial of service
4201| [98601] Apple macOS up to 10.12.3 Apache denial of service
4202| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4203| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4204| [98199] Apache Camel Validation XML External Entity
4205| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4206| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4207| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4208| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4209| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4210| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4211| [97081] Apache Tomcat HTTPS Request denial of service
4212| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4213| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4214| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4215| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4216| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4217| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4218| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4219| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4220| [95311] Apache Storm UI Daemon privilege escalation
4221| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4222| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4223| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4224| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4225| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4226| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4227| [94540] Apache Tika 1.9 tika-server File information disclosure
4228| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4229| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4230| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4231| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4232| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4233| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4234| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4235| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4236| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4237| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4238| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4239| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4240| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4241| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4242| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4243| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4244| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4245| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4246| [93532] Apache Commons Collections Library Java privilege escalation
4247| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4248| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4249| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4250| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4251| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4252| [93098] Apache Commons FileUpload privilege escalation
4253| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4254| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4255| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4256| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4257| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4258| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4259| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4260| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4261| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4262| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4263| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4264| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4265| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4266| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4267| [92549] Apache Tomcat on Red Hat privilege escalation
4268| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4269| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4270| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4271| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4272| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4273| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4274| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4275| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4276| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4277| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4278| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4279| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4280| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4281| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4282| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4283| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4284| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4285| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4286| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4287| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4288| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4289| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4290| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4291| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4292| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4293| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4294| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4295| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4296| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4297| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4298| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4299| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4300| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4301| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4302| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4303| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4304| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4305| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4306| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4307| [90263] Apache Archiva Header denial of service
4308| [90262] Apache Archiva Deserialize privilege escalation
4309| [90261] Apache Archiva XML DTD Connection privilege escalation
4310| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4311| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4312| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4313| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4314| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4315| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4316| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4317| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4318| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4319| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4320| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4321| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4322| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4323| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4324| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4325| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4326| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4327| [87765] Apache James Server 2.3.2 Command privilege escalation
4328| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4329| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4330| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4331| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4332| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4333| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4334| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4335| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4336| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4337| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4338| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4339| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4340| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4341| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4342| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4343| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4344| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4345| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
4346| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4347| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4348| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4349| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4350| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4351| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4352| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4353| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4354| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4355| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4356| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4357| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4358| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4359| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4360| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4361| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4362| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4363| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4364| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4365| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4366| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4367| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4368| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4369| [82076] Apache Ranger up to 0.5.1 privilege escalation
4370| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4371| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4372| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4373| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4374| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4375| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4376| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4377| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4378| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4379| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4380| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4381| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4382| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4383| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4384| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4385| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4386| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4387| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4388| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4389| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4390| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4391| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4392| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4393| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4394| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4395| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4396| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4397| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4398| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4399| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4400| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4401| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4402| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4403| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4404| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4405| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4406| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4407| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4408| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4409| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4410| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4411| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4412| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4413| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4414| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4415| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4416| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4417| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4418| [78989] Apache Ambari up to 2.1.1 Open Redirect
4419| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4420| [78987] Apache Ambari up to 2.0.x cross site scripting
4421| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4422| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4423| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4424| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4425| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4426| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4427| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4428| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4429| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4430| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4431| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4432| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4433| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4434| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4435| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4436| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4437| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4438| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4439| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4440| [76567] Apache Struts 2.3.20 unknown vulnerability
4441| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4442| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4443| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4444| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4445| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4446| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4447| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4448| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4449| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4450| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4451| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4452| [74793] Apache Tomcat File Upload denial of service
4453| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4454| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4455| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4456| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4457| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4458| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4459| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4460| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4461| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4462| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4463| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4464| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4465| [74468] Apache Batik up to 1.6 denial of service
4466| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4467| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4468| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4469| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4470| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4471| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4472| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4473| [73731] Apache XML Security unknown vulnerability
4474| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4475| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4476| [73593] Apache Traffic Server up to 5.1.0 denial of service
4477| [73511] Apache POI up to 3.10 Deadlock denial of service
4478| [73510] Apache Solr up to 4.3.0 cross site scripting
4479| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4480| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4481| [73173] Apache CloudStack Stack-Based unknown vulnerability
4482| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4483| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4484| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4485| [72890] Apache Qpid 0.30 unknown vulnerability
4486| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4487| [72878] Apache Cordova 3.5.0 cross site request forgery
4488| [72877] Apache Cordova 3.5.0 cross site request forgery
4489| [72876] Apache Cordova 3.5.0 cross site request forgery
4490| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4491| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4492| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4493| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4494| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4495| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4496| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4497| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4498| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4499| [71629] Apache Axis2/C spoofing
4500| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4501| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4502| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4503| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4504| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4505| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4506| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4507| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4508| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4509| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4510| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4511| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4512| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4513| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4514| [70809] Apache POI up to 3.11 Crash denial of service
4515| [70808] Apache POI up to 3.10 unknown vulnerability
4516| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4517| [70749] Apache Axis up to 1.4 getCN spoofing
4518| [70701] Apache Traffic Server up to 3.3.5 denial of service
4519| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4520| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4521| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4522| [70661] Apache Subversion up to 1.6.17 denial of service
4523| [70660] Apache Subversion up to 1.6.17 spoofing
4524| [70659] Apache Subversion up to 1.6.17 spoofing
4525| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4526| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4527| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4528| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4529| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4530| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4531| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4532| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4533| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4534| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4535| [69846] Apache HBase up to 0.94.8 information disclosure
4536| [69783] Apache CouchDB up to 1.2.0 memory corruption
4537| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4538| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4539| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4540| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4541| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4542| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4543| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4544| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4545| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4546| [69431] Apache Archiva up to 1.3.6 cross site scripting
4547| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4548| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4549| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4550| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4551| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4552| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4553| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4554| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4555| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4556| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4557| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4558| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4559| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4560| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4561| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4562| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4563| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4564| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4565| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4566| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4567| [66356] Apache Wicket up to 6.8.0 information disclosure
4568| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4569| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4570| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4571| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4572| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4573| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4574| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4575| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4576| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4577| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4578| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4579| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4580| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4581| [65668] Apache Solr 4.0.0 Updater denial of service
4582| [65665] Apache Solr up to 4.3.0 denial of service
4583| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4584| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4585| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4586| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4587| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4588| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4589| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4590| [65410] Apache Struts 2.3.15.3 cross site scripting
4591| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4592| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4593| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4594| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4595| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4596| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4597| [65340] Apache Shindig 2.5.0 information disclosure
4598| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4599| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4600| [10826] Apache Struts 2 File privilege escalation
4601| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4602| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4603| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4604| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4605| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4606| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4607| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4608| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4609| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4610| [64722] Apache XML Security for C++ Heap-based memory corruption
4611| [64719] Apache XML Security for C++ Heap-based memory corruption
4612| [64718] Apache XML Security for C++ verify denial of service
4613| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4614| [64716] Apache XML Security for C++ spoofing
4615| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4616| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4617| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4618| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4619| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4620| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4621| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4622| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4623| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4624| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4625| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4626| [64467] Apache Geronimo 3.0 memory corruption
4627| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4628| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4629| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4630| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4631| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4632| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4633| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4634| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4635| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4636| [8873] Apache Struts 2.3.14 privilege escalation
4637| [8872] Apache Struts 2.3.14 privilege escalation
4638| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4639| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4640| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4641| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4642| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4643| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4644| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4645| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4646| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4647| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4648| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4649| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4650| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4651| [8427] Apache Tomcat Session Transaction weak authentication
4652| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4653| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4654| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4655| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4656| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4657| [63747] Apache Rave up to 0.20 User Account information disclosure
4658| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4659| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4660| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4661| [7687] Apache CXF up to 2.7.2 Token weak authentication
4662| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4663| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4664| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4665| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4666| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4667| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4668| [63090] Apache Tomcat up to 4.1.24 denial of service
4669| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4670| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4671| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4672| [62833] Apache CXF -/2.6.0 spoofing
4673| [62832] Apache Axis2 up to 1.6.2 spoofing
4674| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4675| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4676| [62826] Apache Libcloud up to 0.11.0 spoofing
4677| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4678| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4679| [62661] Apache Axis2 unknown vulnerability
4680| [62658] Apache Axis2 unknown vulnerability
4681| [62467] Apache Qpid up to 0.17 denial of service
4682| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4683| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4684| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4685| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4686| [62035] Apache Struts up to 2.3.4 denial of service
4687| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4688| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4689| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4690| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4691| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4692| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4693| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4694| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4695| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4696| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4697| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4698| [61229] Apache Sling up to 2.1.1 denial of service
4699| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4700| [61094] Apache Roller up to 5.0 cross site scripting
4701| [61093] Apache Roller up to 5.0 cross site request forgery
4702| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4703| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4704| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4705| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4706| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4707| [60708] Apache Qpid 0.12 unknown vulnerability
4708| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4709| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4710| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4711| [4882] Apache Wicket up to 1.5.4 directory traversal
4712| [4881] Apache Wicket up to 1.4.19 cross site scripting
4713| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4714| [60352] Apache Struts up to 2.2.3 memory corruption
4715| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4716| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4717| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4718| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4719| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4720| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4721| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4722| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4723| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4724| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4725| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4726| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4727| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4728| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4729| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4730| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4731| [59888] Apache Tomcat up to 6.0.6 denial of service
4732| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4733| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4734| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4735| [59850] Apache Geronimo up to 2.2.1 denial of service
4736| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4737| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4738| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4739| [58413] Apache Tomcat up to 6.0.10 spoofing
4740| [58381] Apache Wicket up to 1.4.17 cross site scripting
4741| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4742| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4743| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4744| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4745| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4746| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4747| [57568] Apache Archiva up to 1.3.4 cross site scripting
4748| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4749| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4750| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4751| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4752| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4753| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4754| [57025] Apache Tomcat up to 7.0.11 information disclosure
4755| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4756| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4757| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4758| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4759| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4760| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4761| [56512] Apache Continuum up to 1.4.0 cross site scripting
4762| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4763| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4764| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4765| [56441] Apache Tomcat up to 7.0.6 denial of service
4766| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4767| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4768| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4769| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4770| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4771| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4772| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4773| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4774| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4775| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4776| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4777| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4778| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4779| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4780| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4781| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4782| [54012] Apache Tomcat up to 6.0.10 denial of service
4783| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4784| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4785| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4786| [52894] Apache Tomcat up to 6.0.7 information disclosure
4787| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4788| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4789| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4790| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4791| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4792| [52584] Apache CouchDB up to 0.10.1 information disclosure
4793| [51757] Apache HTTP Server 2.0.44 cross site scripting
4794| [51756] Apache HTTP Server 2.0.44 spoofing
4795| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4796| [51690] Apache Tomcat up to 6.0 directory traversal
4797| [51689] Apache Tomcat up to 6.0 information disclosure
4798| [51688] Apache Tomcat up to 6.0 directory traversal
4799| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4800| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4801| [50626] Apache Solr 1.0.0 cross site scripting
4802| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4803| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4804| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4805| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4806| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4807| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4808| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4809| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4810| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4811| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4812| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4813| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4814| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4815| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
4816| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4817| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4818| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4819| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4820| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4821| [47214] Apachefriends xampp 1.6.8 spoofing
4822| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4823| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4824| [47065] Apache Tomcat 4.1.23 cross site scripting
4825| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4826| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4827| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4828| [86625] Apache Struts directory traversal
4829| [44461] Apache Tomcat up to 5.5.0 information disclosure
4830| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4831| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4832| [43663] Apache Tomcat up to 6.0.16 directory traversal
4833| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4834| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4835| [43516] Apache Tomcat up to 4.1.20 directory traversal
4836| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4837| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4838| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4839| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4840| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4841| [40924] Apache Tomcat up to 6.0.15 information disclosure
4842| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4843| [40922] Apache Tomcat up to 6.0 information disclosure
4844| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4845| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4846| [40656] Apache Tomcat 5.5.20 information disclosure
4847| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4848| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4849| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4850| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4851| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4852| [40234] Apache Tomcat up to 6.0.15 directory traversal
4853| [40221] Apache HTTP Server 2.2.6 information disclosure
4854| [40027] David Castro Apache Authcas 0.4 sql injection
4855| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
4856| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4857| [3414] Apache Tomcat WebDAV Stored privilege escalation
4858| [39489] Apache Jakarta Slide up to 2.1 directory traversal
4859| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
4860| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
4861| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4862| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
4863| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
4864| [38524] Apache Geronimo 2.0 unknown vulnerability
4865| [3256] Apache Tomcat up to 6.0.13 cross site scripting
4866| [38331] Apache Tomcat 4.1.24 information disclosure
4867| [38330] Apache Tomcat 4.1.24 information disclosure
4868| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
4869| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
4870| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
4871| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
4872| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
4873| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
4874| [37292] Apache Tomcat up to 5.5.1 cross site scripting
4875| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
4876| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4877| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
4878| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
4879| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
4880| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
4881| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
4882| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
4883| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
4884| [36225] XAMPP Apache Distribution 1.6.0a sql injection
4885| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
4886| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
4887| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
4888| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4889| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
4890| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
4891| [34252] Apache HTTP Server denial of service
4892| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
4893| [33877] Apache Opentaps 0.9.3 cross site scripting
4894| [33876] Apache Open For Business Project unknown vulnerability
4895| [33875] Apache Open For Business Project cross site scripting
4896| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
4897| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4898|
4899| MITRE CVE - https://cve.mitre.org:
4900| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
4901| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4902| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4903| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
4904| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4905| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
4906| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4907| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
4908| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
4909| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
4910| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
4911| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
4912| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
4913| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
4914| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
4915| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
4916| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4917| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4918| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
4919| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4920| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4921| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4922| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4923| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4924| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
4925| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4926| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4927| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
4928| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4929| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4930| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4931| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4932| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4933| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
4934| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
4935| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
4936| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
4937| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
4938| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
4939| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
4940| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4941| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4942| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4943| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4944| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4945| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
4946| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
4947| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
4948| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
4949| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4950| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4951| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4952| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4953| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4954| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4955| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
4956| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
4957| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
4958| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4959| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
4960| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
4961| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
4962| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
4963| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
4964| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4965| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
4966| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4967| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
4968| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
4969| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
4970| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4971| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
4972| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
4973| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4974| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4975| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
4976| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
4977| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4978| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
4979| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
4980| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
4981| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4982| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
4983| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
4984| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4985| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
4986| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
4987| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
4988| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
4989| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
4990| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
4991| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
4992| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
4993| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
4994| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4995| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
4996| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
4997| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
4998| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4999| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5000| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5001| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5002| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5003| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5004| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5005| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5006| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5007| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5008| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5009| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5010| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5011| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5012| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5013| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5014| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5015| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5016| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5017| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5018| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5019| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5020| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5021| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5022| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5023| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5024| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5025| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5026| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5027| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5028| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5029| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5030| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5031| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5032| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5033| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5034| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5035| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5036| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5037| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5038| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5039| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5040| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5041| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5042| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5043| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5044| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5045| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5046| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5047| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5048| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5049| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5050| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5051| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5052| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5053| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5054| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5055| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5056| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5057| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5058| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5059| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5060| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5061| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5062| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5063| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5064| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5065| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5066| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5067| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5068| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5069| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5070| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5071| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5072| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5073| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5074| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5075| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5076| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5077| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5078| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5079| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5080| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5081| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5082| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5083| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5084| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5085| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5086| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5087| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5088| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5089| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5090| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5091| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5092| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5093| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5094| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5095| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5096| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5097| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5098| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5099| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5100| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5101| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5102| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5103| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5104| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5105| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5106| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5107| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5108| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5109| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5110| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5111| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5112| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5113| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5114| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5115| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5116| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5117| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5118| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5119| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5120| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5121| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5122| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5123| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5124| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5125| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5126| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5127| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5128| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5129| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5130| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5131| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5132| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5133| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5134| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5135| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5136| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5137| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5138| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5139| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5140| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5141| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5142| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5143| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5144| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5145| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5146| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5147| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5148| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5149| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5150| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5151| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5152| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5153| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5154| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5155| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5156| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5157| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5158| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5159| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5160| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5161| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5162| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5163| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5164| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5165| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5166| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5167| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5168| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5169| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5170| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5171| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5172| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5173| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5174| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5175| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5176| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5177| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5178| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5179| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5180| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5181| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5182| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5183| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5184| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5185| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5186| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5187| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5188| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5189| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5190| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5191| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5192| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5193| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5194| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5195| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5196| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5197| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5198| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5199| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5200| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5201| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5202| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5203| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5204| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5205| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5206| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5207| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5208| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5209| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5210| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5211| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5212| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5213| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5214| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5215| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5216| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5217| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5218| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5219| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5220| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5221| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5222| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5223| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5224| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5225| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5226| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5227| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5228| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5229| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5230| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5231| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5232| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5233| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5234| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5235| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5236| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5237| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5238| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5239| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5240| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5241| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5242| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5243| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5244| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5245| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5246| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5247| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5248| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5249| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5250| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5251| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5252| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5253| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5254| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5255| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5256| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5257| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5258| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5259| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5260| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5261| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5262| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5263| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5264| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5265| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5266| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5267| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5268| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5269| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5270| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5271| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5272| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5273| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5274| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5275| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5276| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5277| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5278| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5279| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5280| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5281| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5282| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5283| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5284| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5285| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5286| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5287| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5288| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5289| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5290| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5291| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5292| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5293| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5294| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5295| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5296| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5297| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5298| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5299| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5300| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5301| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5302| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5303| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5304| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5305| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5306| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5307| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5308| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5309| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5310| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5311| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5312| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5313| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5314| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5315| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5316| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5317| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5318| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5319| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5320| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5321| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5322| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5323| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5324| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5325| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5326| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5327| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5328| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5329| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5330| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5331| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5332| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5333| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5334| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5335| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5336| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5337| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5338| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5339| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5340| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5341| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5342| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5343| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5344| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5345| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5346| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5347| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5348| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5349| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5350| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5351| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5352| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5353| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5354| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5355| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5356| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5357| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5358| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5359| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5360| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5361| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5362| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5363| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5364| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5365| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5366| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5367| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5368| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5369| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5370| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5371| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5372| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5373| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5374| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5375| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5376| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5377| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5378| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5379| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5380| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5381| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5382| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5383| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5384| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5385| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5386| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5387| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5388| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5389| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5390| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5391| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5392| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5393| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5394| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5395| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5396| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5397| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5398| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5399| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5400| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5401| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5402| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5403| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5404| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5405| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5406| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5407| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5408| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5409| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5410| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5411| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5412| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5413| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5414| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5415| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5416| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5417| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5418| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5419| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5420| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5421| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5422| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5423| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5424| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5425| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5426| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5427| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5428| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5429| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5430| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5431| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5432| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5433| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5434| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5435| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5436| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5437| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5438| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5439| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5440| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5441| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5442| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5443| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5444| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5445| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5446| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5447| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5448| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5449| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5450| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5451| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5452| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5453| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5454| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5455| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5456| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5457| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5458| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5459| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5460| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5461| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5462| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5463| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5464| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5465| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5466| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5467| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5468| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5469| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5470| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5471| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5472| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5473| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5474| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5475| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5476| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5477| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5478| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5479| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5480| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5481| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5482| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5483| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5484| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5485| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5486| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5487| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5488| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5489| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5490| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5491| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5492| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5493| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5494| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5495| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5496| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5497| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5498| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5499| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5500| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5501| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5502| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5503| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5504| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5505| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5506| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5507| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5508| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5509|
5510| SecurityFocus - https://www.securityfocus.com/bid/:
5511| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5512| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5513| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5514| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5515| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5516| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5517| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5518| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5519| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5520| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5521| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5522| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5523| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5524| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5525| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5526| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5527| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5528| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5529| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5530| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5531| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5532| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5533| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5534| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5535| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5536| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5537| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5538| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5539| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5540| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5541| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5542| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5543| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5544| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5545| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5546| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5547| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5548| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5549| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5550| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5551| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5552| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5553| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5554| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5555| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5556| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5557| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5558| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5559| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5560| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5561| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5562| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5563| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5564| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5565| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5566| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5567| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5568| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5569| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5570| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5571| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5572| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5573| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5574| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5575| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5576| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5577| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5578| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5579| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5580| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5581| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5582| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5583| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5584| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5585| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5586| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5587| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5588| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5589| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5590| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5591| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5592| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5593| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5594| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5595| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5596| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5597| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5598| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5599| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5600| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5601| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5602| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5603| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5604| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5605| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5606| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5607| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5608| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5609| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5610| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5611| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5612| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5613| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5614| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5615| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5616| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5617| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5618| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5619| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5620| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5621| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5622| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5623| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5624| [100447] Apache2Triad Multiple Security Vulnerabilities
5625| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5626| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5627| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5628| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5629| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5630| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5631| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5632| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5633| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5634| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5635| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5636| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5637| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5638| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5639| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5640| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5641| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5642| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5643| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5644| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5645| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5646| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5647| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5648| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5649| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5650| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5651| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5652| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5653| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5654| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5655| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5656| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5657| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5658| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5659| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5660| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5661| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5662| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5663| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5664| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5665| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5666| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5667| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5668| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5669| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5670| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5671| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5672| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5673| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5674| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5675| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5676| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5677| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5678| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5679| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5680| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5681| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5682| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5683| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5684| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5685| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5686| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5687| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5688| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5689| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5690| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5691| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5692| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5693| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5694| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5695| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5696| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5697| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5698| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5699| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5700| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5701| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5702| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5703| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5704| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5705| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5706| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5707| [95675] Apache Struts Remote Code Execution Vulnerability
5708| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5709| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5710| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5711| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5712| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5713| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5714| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5715| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5716| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5717| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5718| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5719| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5720| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5721| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5722| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5723| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5724| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5725| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5726| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5727| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5728| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5729| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5730| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5731| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5732| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5733| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5734| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5735| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5736| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5737| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5738| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5739| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5740| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5741| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5742| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5743| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5744| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5745| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5746| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5747| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5748| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5749| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5750| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5751| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5752| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5753| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5754| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5755| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5756| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5757| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5758| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5759| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5760| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5761| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5762| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5763| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5764| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5765| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5766| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5767| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5768| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5769| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5770| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5771| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5772| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5773| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5774| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5775| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5776| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5777| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5778| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5779| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5780| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5781| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5782| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5783| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5784| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5785| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5786| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5787| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5788| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5789| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5790| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5791| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5792| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5793| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5794| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5795| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5796| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5797| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5798| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5799| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5800| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5801| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5802| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5803| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5804| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5805| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5806| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5807| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5808| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5809| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5810| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5811| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5812| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5813| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5814| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5815| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5816| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5817| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5818| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5819| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5820| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5821| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5822| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5823| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5824| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5825| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5826| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5827| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5828| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5829| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5830| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5831| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5832| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5833| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5834| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5835| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5836| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5837| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5838| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5839| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
5840| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
5841| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
5842| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
5843| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
5844| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
5845| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
5846| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
5847| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
5848| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
5849| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
5850| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
5851| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
5852| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
5853| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
5854| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
5855| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
5856| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
5857| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
5858| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
5859| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
5860| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
5861| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
5862| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
5863| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
5864| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
5865| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
5866| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
5867| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
5868| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
5869| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
5870| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
5871| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
5872| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
5873| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
5874| [76933] Apache James Server Unspecified Command Execution Vulnerability
5875| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
5876| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
5877| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
5878| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
5879| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
5880| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
5881| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
5882| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
5883| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
5884| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
5885| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
5886| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
5887| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
5888| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
5889| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
5890| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
5891| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
5892| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
5893| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
5894| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
5895| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
5896| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
5897| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
5898| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
5899| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
5900| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
5901| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
5902| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
5903| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
5904| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
5905| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
5906| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
5907| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
5908| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
5909| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
5910| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
5911| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
5912| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
5913| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
5914| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
5915| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
5916| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
5917| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
5918| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
5919| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
5920| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
5921| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
5922| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
5923| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
5924| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
5925| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
5926| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
5927| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
5928| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
5929| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
5930| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
5931| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
5932| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
5933| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
5934| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
5935| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
5936| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
5937| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
5938| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
5939| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
5940| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
5941| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
5942| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
5943| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
5944| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
5945| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
5946| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
5947| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
5948| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
5949| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
5950| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
5951| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
5952| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
5953| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
5954| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
5955| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
5956| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
5957| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
5958| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
5959| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
5960| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
5961| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
5962| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
5963| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
5964| [68229] Apache Harmony PRNG Entropy Weakness
5965| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
5966| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
5967| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
5968| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
5969| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
5970| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
5971| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
5972| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
5973| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
5974| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
5975| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
5976| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
5977| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
5978| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
5979| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
5980| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
5981| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
5982| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
5983| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
5984| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
5985| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
5986| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
5987| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
5988| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
5989| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
5990| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
5991| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
5992| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
5993| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
5994| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
5995| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
5996| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
5997| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
5998| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
5999| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6000| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6001| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6002| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6003| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6004| [64780] Apache CloudStack Unauthorized Access Vulnerability
6005| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6006| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6007| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6008| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6009| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6010| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6011| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6012| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6013| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6014| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6015| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6016| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6017| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6018| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6019| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6020| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6021| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6022| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6023| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6024| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6025| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6026| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6027| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6028| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6029| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6030| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6031| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6032| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6033| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6034| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6035| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6036| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6037| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6038| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6039| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6040| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6041| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6042| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6043| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6044| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6045| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6046| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6047| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6048| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6049| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6050| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6051| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6052| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6053| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6054| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6055| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6056| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6057| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6058| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6059| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6060| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6061| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6062| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6063| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6064| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6065| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6066| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6067| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6068| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6069| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6070| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6071| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6072| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6073| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6074| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6075| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6076| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6077| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6078| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6079| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6080| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6081| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6082| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6083| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6084| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6085| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6086| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6087| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6088| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6089| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6090| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6091| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6092| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6093| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6094| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6095| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6096| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6097| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6098| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6099| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6100| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6101| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6102| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6103| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6104| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6105| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6106| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6107| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6108| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6109| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6110| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6111| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6112| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6113| [54798] Apache Libcloud Man In The Middle Vulnerability
6114| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6115| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6116| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6117| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6118| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6119| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6120| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6121| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6122| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6123| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6124| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6125| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6126| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6127| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6128| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6129| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6130| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6131| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6132| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6133| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6134| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6135| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6136| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6137| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6138| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6139| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6140| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6141| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6142| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6143| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6144| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6145| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6146| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6147| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6148| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6149| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6150| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6151| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6152| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6153| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6154| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6155| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6156| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6157| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6158| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6159| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6160| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6161| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6162| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6163| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6164| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6165| [49290] Apache Wicket Cross Site Scripting Vulnerability
6166| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6167| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6168| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6169| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6170| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6171| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6172| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6173| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6174| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6175| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6176| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6177| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6178| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6179| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6180| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6181| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6182| [46953] Apache MPM-ITK Module Security Weakness
6183| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6184| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6185| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6186| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6187| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6188| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6189| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6190| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6191| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6192| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6193| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6194| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6195| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6196| [44616] Apache Shiro Directory Traversal Vulnerability
6197| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6198| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6199| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6200| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6201| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6202| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6203| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6204| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6205| [42492] Apache CXF XML DTD Processing Security Vulnerability
6206| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6207| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6208| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6209| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6210| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6211| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6212| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6213| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6214| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6215| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6216| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6217| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6218| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6219| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6220| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6221| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6222| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6223| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6224| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6225| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6226| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6227| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6228| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6229| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6230| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6231| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6232| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6233| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6234| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6235| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6236| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6237| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6238| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6239| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6240| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6241| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6242| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6243| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6244| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6245| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6246| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6247| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6248| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6249| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6250| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6251| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6252| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6253| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6254| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6255| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6256| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6257| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6258| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6259| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6260| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6261| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6262| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6263| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6264| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6265| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6266| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6267| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6268| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6269| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6270| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6271| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6272| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6273| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6274| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6275| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6276| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6277| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6278| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6279| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6280| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6281| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6282| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6283| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6284| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6285| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6286| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6287| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6288| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6289| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6290| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6291| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6292| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6293| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6294| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6295| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6296| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6297| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6298| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6299| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6300| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6301| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6302| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6303| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6304| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6305| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6306| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6307| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6308| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6309| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6310| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6311| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6312| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6313| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6314| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6315| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6316| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6317| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6318| [20527] Apache Mod_TCL Remote Format String Vulnerability
6319| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6320| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6321| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6322| [19106] Apache Tomcat Information Disclosure Vulnerability
6323| [18138] Apache James SMTP Denial Of Service Vulnerability
6324| [17342] Apache Struts Multiple Remote Vulnerabilities
6325| [17095] Apache Log4Net Denial Of Service Vulnerability
6326| [16916] Apache mod_python FileSession Code Execution Vulnerability
6327| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6328| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6329| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6330| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6331| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6332| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6333| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6334| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6335| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6336| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6337| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6338| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6339| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6340| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6341| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6342| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6343| [14106] Apache HTTP Request Smuggling Vulnerability
6344| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6345| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6346| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6347| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6348| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6349| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6350| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6351| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6352| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6353| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6354| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6355| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6356| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6357| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6358| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6359| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6360| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6361| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6362| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6363| [11094] Apache mod_ssl Denial Of Service Vulnerability
6364| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6365| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6366| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6367| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6368| [10478] ClueCentral Apache Suexec Patch Security Weakness
6369| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6370| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6371| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6372| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6373| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6374| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6375| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6376| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6377| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6378| [9733] Apache Cygwin Directory Traversal Vulnerability
6379| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6380| [9590] Apache-SSL Client Certificate Forging Vulnerability
6381| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6382| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6383| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6384| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6385| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6386| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6387| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6388| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6389| [8898] Red Hat Apache Directory Index Default Configuration Error
6390| [8883] Apache Cocoon Directory Traversal Vulnerability
6391| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6392| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6393| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6394| [8707] Apache htpasswd Password Entropy Weakness
6395| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6396| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6397| [8226] Apache HTTP Server Multiple Vulnerabilities
6398| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6399| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6400| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6401| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6402| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6403| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6404| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6405| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6406| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6407| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6408| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6409| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6410| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6411| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6412| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6413| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6414| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6415| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6416| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6417| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6418| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6419| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6420| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6421| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6422| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6423| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6424| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6425| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6426| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6427| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6428| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6429| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6430| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6431| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6432| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6433| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6434| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6435| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6436| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6437| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6438| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6439| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6440| [5485] Apache 2.0 Path Disclosure Vulnerability
6441| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6442| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6443| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6444| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6445| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6446| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6447| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6448| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6449| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6450| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6451| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6452| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6453| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6454| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6455| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6456| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6457| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6458| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6459| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6460| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6461| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6462| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6463| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6464| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6465| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6466| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6467| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6468| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6469| [3596] Apache Split-Logfile File Append Vulnerability
6470| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6471| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6472| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6473| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6474| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6475| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6476| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6477| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6478| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6479| [3169] Apache Server Address Disclosure Vulnerability
6480| [3009] Apache Possible Directory Index Disclosure Vulnerability
6481| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6482| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6483| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6484| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6485| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6486| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6487| [2216] Apache Web Server DoS Vulnerability
6488| [2182] Apache /tmp File Race Vulnerability
6489| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6490| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6491| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6492| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6493| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6494| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6495| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6496| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6497| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6498| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6499| [1457] Apache::ASP source.asp Example Script Vulnerability
6500| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6501| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6502|
6503| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6504| [86258] Apache CloudStack text fields cross-site scripting
6505| [85983] Apache Subversion mod_dav_svn module denial of service
6506| [85875] Apache OFBiz UEL code execution
6507| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6508| [85871] Apache HTTP Server mod_session_dbd unspecified
6509| [85756] Apache Struts OGNL expression command execution
6510| [85755] Apache Struts DefaultActionMapper class open redirect
6511| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6512| [85574] Apache HTTP Server mod_dav denial of service
6513| [85573] Apache Struts Showcase App OGNL code execution
6514| [85496] Apache CXF denial of service
6515| [85423] Apache Geronimo RMI classloader code execution
6516| [85326] Apache Santuario XML Security for C++ buffer overflow
6517| [85323] Apache Santuario XML Security for Java spoofing
6518| [85319] Apache Qpid Python client SSL spoofing
6519| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6520| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6521| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6522| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6523| [84952] Apache Tomcat CVE-2012-3544 denial of service
6524| [84763] Apache Struts CVE-2013-2135 security bypass
6525| [84762] Apache Struts CVE-2013-2134 security bypass
6526| [84719] Apache Subversion CVE-2013-2088 command execution
6527| [84718] Apache Subversion CVE-2013-2112 denial of service
6528| [84717] Apache Subversion CVE-2013-1968 denial of service
6529| [84577] Apache Tomcat security bypass
6530| [84576] Apache Tomcat symlink
6531| [84543] Apache Struts CVE-2013-2115 security bypass
6532| [84542] Apache Struts CVE-2013-1966 security bypass
6533| [84154] Apache Tomcat session hijacking
6534| [84144] Apache Tomcat denial of service
6535| [84143] Apache Tomcat information disclosure
6536| [84111] Apache HTTP Server command execution
6537| [84043] Apache Virtual Computing Lab cross-site scripting
6538| [84042] Apache Virtual Computing Lab cross-site scripting
6539| [83782] Apache CloudStack information disclosure
6540| [83781] Apache CloudStack security bypass
6541| [83720] Apache ActiveMQ cross-site scripting
6542| [83719] Apache ActiveMQ denial of service
6543| [83718] Apache ActiveMQ denial of service
6544| [83263] Apache Subversion denial of service
6545| [83262] Apache Subversion denial of service
6546| [83261] Apache Subversion denial of service
6547| [83259] Apache Subversion denial of service
6548| [83035] Apache mod_ruid2 security bypass
6549| [82852] Apache Qpid federation_tag security bypass
6550| [82851] Apache Qpid qpid::framing::Buffer denial of service
6551| [82758] Apache Rave User RPC API information disclosure
6552| [82663] Apache Subversion svn_fs_file_length() denial of service
6553| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6554| [82641] Apache Qpid AMQP denial of service
6555| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6556| [82618] Apache Commons FileUpload symlink
6557| [82360] Apache HTTP Server manager interface cross-site scripting
6558| [82359] Apache HTTP Server hostnames cross-site scripting
6559| [82338] Apache Tomcat log/logdir information disclosure
6560| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6561| [82268] Apache OpenJPA deserialization command execution
6562| [81981] Apache CXF UsernameTokens security bypass
6563| [81980] Apache CXF WS-Security security bypass
6564| [81398] Apache OFBiz cross-site scripting
6565| [81240] Apache CouchDB directory traversal
6566| [81226] Apache CouchDB JSONP code execution
6567| [81225] Apache CouchDB Futon user interface cross-site scripting
6568| [81211] Apache Axis2/C SSL spoofing
6569| [81167] Apache CloudStack DeployVM information disclosure
6570| [81166] Apache CloudStack AddHost API information disclosure
6571| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6572| [80518] Apache Tomcat cross-site request forgery security bypass
6573| [80517] Apache Tomcat FormAuthenticator security bypass
6574| [80516] Apache Tomcat NIO denial of service
6575| [80408] Apache Tomcat replay-countermeasure security bypass
6576| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6577| [80317] Apache Tomcat slowloris denial of service
6578| [79984] Apache Commons HttpClient SSL spoofing
6579| [79983] Apache CXF SSL spoofing
6580| [79830] Apache Axis2/Java SSL spoofing
6581| [79829] Apache Axis SSL spoofing
6582| [79809] Apache Tomcat DIGEST security bypass
6583| [79806] Apache Tomcat parseHeaders() denial of service
6584| [79540] Apache OFBiz unspecified
6585| [79487] Apache Axis2 SAML security bypass
6586| [79212] Apache Cloudstack code execution
6587| [78734] Apache CXF SOAP Action security bypass
6588| [78730] Apache Qpid broker denial of service
6589| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6590| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6591| [78562] Apache mod_pagespeed module security bypass
6592| [78454] Apache Axis2 security bypass
6593| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6594| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6595| [78321] Apache Wicket unspecified cross-site scripting
6596| [78183] Apache Struts parameters denial of service
6597| [78182] Apache Struts cross-site request forgery
6598| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6599| [77987] mod_rpaf module for Apache denial of service
6600| [77958] Apache Struts skill name code execution
6601| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6602| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6603| [77568] Apache Qpid broker security bypass
6604| [77421] Apache Libcloud spoofing
6605| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6606| [77046] Oracle Solaris Apache HTTP Server information disclosure
6607| [76837] Apache Hadoop information disclosure
6608| [76802] Apache Sling CopyFrom denial of service
6609| [76692] Apache Hadoop symlink
6610| [76535] Apache Roller console cross-site request forgery
6611| [76534] Apache Roller weblog cross-site scripting
6612| [76152] Apache CXF elements security bypass
6613| [76151] Apache CXF child policies security bypass
6614| [75983] MapServer for Windows Apache file include
6615| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6616| [75558] Apache POI denial of service
6617| [75545] PHP apache_request_headers() buffer overflow
6618| [75302] Apache Qpid SASL security bypass
6619| [75211] Debian GNU/Linux apache 2 cross-site scripting
6620| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6621| [74871] Apache OFBiz FlexibleStringExpander code execution
6622| [74870] Apache OFBiz multiple cross-site scripting
6623| [74750] Apache Hadoop unspecified spoofing
6624| [74319] Apache Struts XSLTResult.java file upload
6625| [74313] Apache Traffic Server header buffer overflow
6626| [74276] Apache Wicket directory traversal
6627| [74273] Apache Wicket unspecified cross-site scripting
6628| [74181] Apache HTTP Server mod_fcgid module denial of service
6629| [73690] Apache Struts OGNL code execution
6630| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6631| [73100] Apache MyFaces in directory traversal
6632| [73096] Apache APR hash denial of service
6633| [73052] Apache Struts name cross-site scripting
6634| [73030] Apache CXF UsernameToken security bypass
6635| [72888] Apache Struts lastName cross-site scripting
6636| [72758] Apache HTTP Server httpOnly information disclosure
6637| [72757] Apache HTTP Server MPM denial of service
6638| [72585] Apache Struts ParameterInterceptor security bypass
6639| [72438] Apache Tomcat Digest security bypass
6640| [72437] Apache Tomcat Digest security bypass
6641| [72436] Apache Tomcat DIGEST security bypass
6642| [72425] Apache Tomcat parameter denial of service
6643| [72422] Apache Tomcat request object information disclosure
6644| [72377] Apache HTTP Server scoreboard security bypass
6645| [72345] Apache HTTP Server HTTP request denial of service
6646| [72229] Apache Struts ExceptionDelegator command execution
6647| [72089] Apache Struts ParameterInterceptor directory traversal
6648| [72088] Apache Struts CookieInterceptor command execution
6649| [72047] Apache Geronimo hash denial of service
6650| [72016] Apache Tomcat hash denial of service
6651| [71711] Apache Struts OGNL expression code execution
6652| [71654] Apache Struts interfaces security bypass
6653| [71620] Apache ActiveMQ failover denial of service
6654| [71617] Apache HTTP Server mod_proxy module information disclosure
6655| [71508] Apache MyFaces EL security bypass
6656| [71445] Apache HTTP Server mod_proxy security bypass
6657| [71203] Apache Tomcat servlets privilege escalation
6658| [71181] Apache HTTP Server ap_pregsub() denial of service
6659| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6660| [70336] Apache HTTP Server mod_proxy information disclosure
6661| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6662| [69472] Apache Tomcat AJP security bypass
6663| [69396] Apache HTTP Server ByteRange filter denial of service
6664| [69394] Apache Wicket multi window support cross-site scripting
6665| [69176] Apache Tomcat XML information disclosure
6666| [69161] Apache Tomcat jsvc information disclosure
6667| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6668| [68541] Apache Tomcat sendfile information disclosure
6669| [68420] Apache XML Security denial of service
6670| [68238] Apache Tomcat JMX information disclosure
6671| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6672| [67804] Apache Subversion control rules information disclosure
6673| [67803] Apache Subversion control rules denial of service
6674| [67802] Apache Subversion baselined denial of service
6675| [67672] Apache Archiva multiple cross-site scripting
6676| [67671] Apache Archiva multiple cross-site request forgery
6677| [67564] Apache APR apr_fnmatch() denial of service
6678| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6679| [67515] Apache Tomcat annotations security bypass
6680| [67480] Apache Struts s:submit information disclosure
6681| [67414] Apache APR apr_fnmatch() denial of service
6682| [67356] Apache Struts javatemplates cross-site scripting
6683| [67354] Apache Struts Xwork cross-site scripting
6684| [66676] Apache Tomcat HTTP BIO information disclosure
6685| [66675] Apache Tomcat web.xml security bypass
6686| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6687| [66241] Apache HttpComponents information disclosure
6688| [66154] Apache Tomcat ServletSecurity security bypass
6689| [65971] Apache Tomcat ServletSecurity security bypass
6690| [65876] Apache Subversion mod_dav_svn denial of service
6691| [65343] Apache Continuum unspecified cross-site scripting
6692| [65162] Apache Tomcat NIO connector denial of service
6693| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6694| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6695| [65159] Apache Tomcat ServletContect security bypass
6696| [65050] Apache CouchDB web-based administration UI cross-site scripting
6697| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6698| [64473] Apache Subversion blame -g denial of service
6699| [64472] Apache Subversion walk() denial of service
6700| [64407] Apache Axis2 CVE-2010-0219 code execution
6701| [63926] Apache Archiva password privilege escalation
6702| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6703| [63493] Apache Archiva credentials cross-site request forgery
6704| [63477] Apache Tomcat HttpOnly session hijacking
6705| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6706| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6707| [62959] Apache Shiro filters security bypass
6708| [62790] Apache Perl cgi module denial of service
6709| [62576] Apache Qpid exchange denial of service
6710| [62575] Apache Qpid AMQP denial of service
6711| [62354] Apache Qpid SSL denial of service
6712| [62235] Apache APR-util apr_brigade_split_line() denial of service
6713| [62181] Apache XML-RPC SAX Parser information disclosure
6714| [61721] Apache Traffic Server cache poisoning
6715| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6716| [61186] Apache CouchDB Futon cross-site request forgery
6717| [61169] Apache CXF DTD denial of service
6718| [61070] Apache Jackrabbit search.jsp SQL injection
6719| [61006] Apache SLMS Quoting cross-site request forgery
6720| [60962] Apache Tomcat time cross-site scripting
6721| [60883] Apache mod_proxy_http information disclosure
6722| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6723| [60264] Apache Tomcat Transfer-Encoding denial of service
6724| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6725| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6726| [59413] Apache mod_proxy_http timeout information disclosure
6727| [59058] Apache MyFaces unencrypted view state cross-site scripting
6728| [58827] Apache Axis2 xsd file include
6729| [58790] Apache Axis2 modules cross-site scripting
6730| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6731| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6732| [58056] Apache ActiveMQ .jsp source code disclosure
6733| [58055] Apache Tomcat realm name information disclosure
6734| [58046] Apache HTTP Server mod_auth_shadow security bypass
6735| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6736| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6737| [57429] Apache CouchDB algorithms information disclosure
6738| [57398] Apache ActiveMQ Web console cross-site request forgery
6739| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6740| [56653] Apache HTTP Server DNS spoofing
6741| [56652] Apache HTTP Server DNS cross-site scripting
6742| [56625] Apache HTTP Server request header information disclosure
6743| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6744| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6745| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6746| [55857] Apache Tomcat WAR files directory traversal
6747| [55856] Apache Tomcat autoDeploy attribute security bypass
6748| [55855] Apache Tomcat WAR directory traversal
6749| [55210] Intuit component for Joomla! Apache information disclosure
6750| [54533] Apache Tomcat 404 error page cross-site scripting
6751| [54182] Apache Tomcat admin default password
6752| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6753| [53666] Apache HTTP Server Solaris pollset support denial of service
6754| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6755| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6756| [53041] mod_proxy_ftp module for Apache denial of service
6757| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6758| [51953] Apache Tomcat Path Disclosure
6759| [51952] Apache Tomcat Path Traversal
6760| [51951] Apache stronghold-status Information Disclosure
6761| [51950] Apache stronghold-info Information Disclosure
6762| [51949] Apache PHP Source Code Disclosure
6763| [51948] Apache Multiviews Attack
6764| [51946] Apache JServ Environment Status Information Disclosure
6765| [51945] Apache error_log Information Disclosure
6766| [51944] Apache Default Installation Page Pattern Found
6767| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6768| [51942] Apache AXIS XML External Entity File Retrieval
6769| [51941] Apache AXIS Sample Servlet Information Leak
6770| [51940] Apache access_log Information Disclosure
6771| [51626] Apache mod_deflate denial of service
6772| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6773| [51365] Apache Tomcat RequestDispatcher security bypass
6774| [51273] Apache HTTP Server Incomplete Request denial of service
6775| [51195] Apache Tomcat XML information disclosure
6776| [50994] Apache APR-util xml/apr_xml.c denial of service
6777| [50993] Apache APR-util apr_brigade_vprintf denial of service
6778| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6779| [50930] Apache Tomcat j_security_check information disclosure
6780| [50928] Apache Tomcat AJP denial of service
6781| [50884] Apache HTTP Server XML ENTITY denial of service
6782| [50808] Apache HTTP Server AllowOverride privilege escalation
6783| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6784| [50059] Apache mod_proxy_ajp information disclosure
6785| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6786| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6787| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6788| [49921] Apache ActiveMQ Web interface cross-site scripting
6789| [49898] Apache Geronimo Services/Repository directory traversal
6790| [49725] Apache Tomcat mod_jk module information disclosure
6791| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6792| [49712] Apache Struts unspecified cross-site scripting
6793| [49213] Apache Tomcat cal2.jsp cross-site scripting
6794| [48934] Apache Tomcat POST doRead method information disclosure
6795| [48211] Apache Tomcat header HTTP request smuggling
6796| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6797| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6798| [47709] Apache Roller "
6799| [47104] Novell Netware ApacheAdmin console security bypass
6800| [47086] Apache HTTP Server OS fingerprinting unspecified
6801| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6802| [45791] Apache Tomcat RemoteFilterValve security bypass
6803| [44435] Oracle WebLogic Apache Connector buffer overflow
6804| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6805| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6806| [44156] Apache Tomcat RequestDispatcher directory traversal
6807| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6808| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6809| [42987] Apache HTTP Server mod_proxy module denial of service
6810| [42915] Apache Tomcat JSP files path disclosure
6811| [42914] Apache Tomcat MS-DOS path disclosure
6812| [42892] Apache Tomcat unspecified unauthorized access
6813| [42816] Apache Tomcat Host Manager cross-site scripting
6814| [42303] Apache 403 error cross-site scripting
6815| [41618] Apache-SSL ExpandCert() authentication bypass
6816| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6817| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6818| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6819| [40562] Apache Geronimo init information disclosure
6820| [40478] Novell Web Manager webadmin-apache.conf security bypass
6821| [40411] Apache Tomcat exception handling information disclosure
6822| [40409] Apache Tomcat native (APR based) connector weak security
6823| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6824| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6825| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6826| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6827| [39804] Apache Tomcat SingleSignOn information disclosure
6828| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6829| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6830| [39608] Apache HTTP Server balancer manager cross-site request forgery
6831| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6832| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6833| [39472] Apache HTTP Server mod_status cross-site scripting
6834| [39201] Apache Tomcat JULI logging weak security
6835| [39158] Apache HTTP Server Windows SMB shares information disclosure
6836| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6837| [38951] Apache::AuthCAS Perl module cookie SQL injection
6838| [38800] Apache HTTP Server 413 error page cross-site scripting
6839| [38211] Apache Geronimo SQLLoginModule authentication bypass
6840| [37243] Apache Tomcat WebDAV directory traversal
6841| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
6842| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
6843| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
6844| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
6845| [36782] Apache Geronimo MEJB unauthorized access
6846| [36586] Apache HTTP Server UTF-7 cross-site scripting
6847| [36468] Apache Geronimo LoginModule security bypass
6848| [36467] Apache Tomcat functions.jsp cross-site scripting
6849| [36402] Apache Tomcat calendar cross-site request forgery
6850| [36354] Apache HTTP Server mod_proxy module denial of service
6851| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
6852| [36336] Apache Derby lock table privilege escalation
6853| [36335] Apache Derby schema privilege escalation
6854| [36006] Apache Tomcat "
6855| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
6856| [35999] Apache Tomcat \"
6857| [35795] Apache Tomcat CookieExample cross-site scripting
6858| [35536] Apache Tomcat SendMailServlet example cross-site scripting
6859| [35384] Apache HTTP Server mod_cache module denial of service
6860| [35097] Apache HTTP Server mod_status module cross-site scripting
6861| [35095] Apache HTTP Server Prefork MPM module denial of service
6862| [34984] Apache HTTP Server recall_headers information disclosure
6863| [34966] Apache HTTP Server MPM content spoofing
6864| [34965] Apache HTTP Server MPM information disclosure
6865| [34963] Apache HTTP Server MPM multiple denial of service
6866| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
6867| [34869] Apache Tomcat JSP example Web application cross-site scripting
6868| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
6869| [34496] Apache Tomcat JK Connector security bypass
6870| [34377] Apache Tomcat hello.jsp cross-site scripting
6871| [34212] Apache Tomcat SSL configuration security bypass
6872| [34210] Apache Tomcat Accept-Language cross-site scripting
6873| [34209] Apache Tomcat calendar application cross-site scripting
6874| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
6875| [34167] Apache Axis WSDL file path disclosure
6876| [34068] Apache Tomcat AJP connector information disclosure
6877| [33584] Apache HTTP Server suEXEC privilege escalation
6878| [32988] Apache Tomcat proxy module directory traversal
6879| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
6880| [32708] Debian Apache tty privilege escalation
6881| [32441] ApacheStats extract() PHP call unspecified
6882| [32128] Apache Tomcat default account
6883| [31680] Apache Tomcat RequestParamExample cross-site scripting
6884| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
6885| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
6886| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
6887| [30456] Apache mod_auth_kerb off-by-one buffer overflow
6888| [29550] Apache mod_tcl set_var() format string
6889| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
6890| [28357] Apache HTTP Server mod_alias script source information disclosure
6891| [28063] Apache mod_rewrite off-by-one buffer overflow
6892| [27902] Apache Tomcat URL information disclosure
6893| [26786] Apache James SMTP server denial of service
6894| [25680] libapache2 /tmp/svn file upload
6895| [25614] Apache Struts lookupMap cross-site scripting
6896| [25613] Apache Struts ActionForm denial of service
6897| [25612] Apache Struts isCancelled() security bypass
6898| [24965] Apache mod_python FileSession command execution
6899| [24716] Apache James spooler memory leak denial of service
6900| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
6901| [24158] Apache Geronimo jsp-examples cross-site scripting
6902| [24030] Apache auth_ldap module multiple format strings
6903| [24008] Apache mod_ssl custom error message denial of service
6904| [24003] Apache mod_auth_pgsql module multiple syslog format strings
6905| [23612] Apache mod_imap referer field cross-site scripting
6906| [23173] Apache Struts error message cross-site scripting
6907| [22942] Apache Tomcat directory listing denial of service
6908| [22858] Apache Multi-Processing Module code allows denial of service
6909| [22602] RHSA-2005:582 updates for Apache httpd not installed
6910| [22520] Apache mod-auth-shadow "
6911| [22466] ApacheTop symlink
6912| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
6913| [22006] Apache HTTP Server byte-range filter denial of service
6914| [21567] Apache mod_ssl off-by-one buffer overflow
6915| [21195] Apache HTTP Server header HTTP request smuggling
6916| [20383] Apache HTTP Server htdigest buffer overflow
6917| [19681] Apache Tomcat AJP12 request denial of service
6918| [18993] Apache HTTP server check_forensic symlink attack
6919| [18790] Apache Tomcat Manager cross-site scripting
6920| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
6921| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
6922| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
6923| [17961] Apache Web server ServerTokens has not been set
6924| [17930] Apache HTTP Server HTTP GET request denial of service
6925| [17785] Apache mod_include module buffer overflow
6926| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
6927| [17473] Apache HTTP Server Satisfy directive allows access to resources
6928| [17413] Apache htpasswd buffer overflow
6929| [17384] Apache HTTP Server environment variable configuration file buffer overflow
6930| [17382] Apache HTTP Server IPv6 apr_util denial of service
6931| [17366] Apache HTTP Server mod_dav module LOCK denial of service
6932| [17273] Apache HTTP Server speculative mode denial of service
6933| [17200] Apache HTTP Server mod_ssl denial of service
6934| [16890] Apache HTTP Server server-info request has been detected
6935| [16889] Apache HTTP Server server-status request has been detected
6936| [16705] Apache mod_ssl format string attack
6937| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
6938| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
6939| [16230] Apache HTTP Server PHP denial of service
6940| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
6941| [15958] Apache HTTP Server authentication modules memory corruption
6942| [15547] Apache HTTP Server mod_disk_cache local information disclosure
6943| [15540] Apache HTTP Server socket starvation denial of service
6944| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
6945| [15422] Apache HTTP Server mod_access information disclosure
6946| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
6947| [15293] Apache for Cygwin "
6948| [15065] Apache-SSL has a default password
6949| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
6950| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
6951| [14751] Apache Mod_python output filter information disclosure
6952| [14125] Apache HTTP Server mod_userdir module information disclosure
6953| [14075] Apache HTTP Server mod_php file descriptor leak
6954| [13703] Apache HTTP Server account
6955| [13689] Apache HTTP Server configuration allows symlinks
6956| [13688] Apache HTTP Server configuration allows SSI
6957| [13687] Apache HTTP Server Server: header value
6958| [13685] Apache HTTP Server ServerTokens value
6959| [13684] Apache HTTP Server ServerSignature value
6960| [13672] Apache HTTP Server config allows directory autoindexing
6961| [13671] Apache HTTP Server default content
6962| [13670] Apache HTTP Server config file directive references outside content root
6963| [13668] Apache HTTP Server httpd not running in chroot environment
6964| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
6965| [13664] Apache HTTP Server config file contains ScriptAlias entry
6966| [13663] Apache HTTP Server CGI support modules loaded
6967| [13661] Apache HTTP Server config file contains AddHandler entry
6968| [13660] Apache HTTP Server 500 error page not CGI script
6969| [13659] Apache HTTP Server 413 error page not CGI script
6970| [13658] Apache HTTP Server 403 error page not CGI script
6971| [13657] Apache HTTP Server 401 error page not CGI script
6972| [13552] Apache HTTP Server mod_cgid module information disclosure
6973| [13550] Apache GET request directory traversal
6974| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
6975| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
6976| [13429] Apache Tomcat non-HTTP request denial of service
6977| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
6978| [13295] Apache weak password encryption
6979| [13254] Apache Tomcat .jsp cross-site scripting
6980| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
6981| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
6982| [12681] Apache HTTP Server mod_proxy could allow mail relaying
6983| [12662] Apache HTTP Server rotatelogs denial of service
6984| [12554] Apache Tomcat stores password in plain text
6985| [12553] Apache HTTP Server redirects and subrequests denial of service
6986| [12552] Apache HTTP Server FTP proxy server denial of service
6987| [12551] Apache HTTP Server prefork MPM denial of service
6988| [12550] Apache HTTP Server weaker than expected encryption
6989| [12549] Apache HTTP Server type-map file denial of service
6990| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
6991| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
6992| [12091] Apache HTTP Server apr_password_validate denial of service
6993| [12090] Apache HTTP Server apr_psprintf code execution
6994| [11804] Apache HTTP Server mod_access_referer denial of service
6995| [11750] Apache HTTP Server could leak sensitive file descriptors
6996| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
6997| [11703] Apache long slash path allows directory listing
6998| [11695] Apache HTTP Server LF (Line Feed) denial of service
6999| [11694] Apache HTTP Server filestat.c denial of service
7000| [11438] Apache HTTP Server MIME message boundaries information disclosure
7001| [11412] Apache HTTP Server error log terminal escape sequence injection
7002| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7003| [11195] Apache Tomcat web.xml could be used to read files
7004| [11194] Apache Tomcat URL appended with a null character could list directories
7005| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7006| [11126] Apache HTTP Server illegal character file disclosure
7007| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7008| [11124] Apache HTTP Server DOS device name denial of service
7009| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7010| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7011| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7012| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7013| [10499] Apache HTTP Server WebDAV HTTP POST view source
7014| [10457] Apache HTTP Server mod_ssl "
7015| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7016| [10414] Apache HTTP Server htdigest multiple buffer overflows
7017| [10413] Apache HTTP Server htdigest temporary file race condition
7018| [10412] Apache HTTP Server htpasswd temporary file race condition
7019| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7020| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7021| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7022| [10280] Apache HTTP Server shared memory scorecard overwrite
7023| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7024| [10241] Apache HTTP Server Host: header cross-site scripting
7025| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7026| [10208] Apache HTTP Server mod_dav denial of service
7027| [10206] HP VVOS Apache mod_ssl denial of service
7028| [10200] Apache HTTP Server stderr denial of service
7029| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7030| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7031| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7032| [10098] Slapper worm targets OpenSSL/Apache systems
7033| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7034| [9875] Apache HTTP Server .var file request could disclose installation path
7035| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7036| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7037| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7038| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7039| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7040| [9396] Apache Tomcat null character to threads denial of service
7041| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7042| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7043| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7044| [8932] Apache Tomcat example class information disclosure
7045| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7046| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7047| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7048| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7049| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7050| [8400] Apache HTTP Server mod_frontpage buffer overflows
7051| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7052| [8308] Apache "
7053| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7054| [8119] Apache and PHP OPTIONS request reveals "
7055| [8054] Apache is running on the system
7056| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7057| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7058| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7059| [7836] Apache HTTP Server log directory denial of service
7060| [7815] Apache for Windows "
7061| [7810] Apache HTTP request could result in unexpected behavior
7062| [7599] Apache Tomcat reveals installation path
7063| [7494] Apache "
7064| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7065| [7363] Apache Web Server hidden HTTP requests
7066| [7249] Apache mod_proxy denial of service
7067| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7068| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7069| [7059] Apache "
7070| [7057] Apache "
7071| [7056] Apache "
7072| [7055] Apache "
7073| [7054] Apache "
7074| [6997] Apache Jakarta Tomcat error message may reveal information
7075| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7076| [6970] Apache crafted HTTP request could reveal the internal IP address
7077| [6921] Apache long slash path allows directory listing
7078| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7079| [6527] Apache Web Server for Windows and OS2 denial of service
7080| [6316] Apache Jakarta Tomcat may reveal JSP source code
7081| [6305] Apache Jakarta Tomcat directory traversal
7082| [5926] Linux Apache symbolic link
7083| [5659] Apache Web server discloses files when used with php script
7084| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7085| [5204] Apache WebDAV directory listings
7086| [5197] Apache Web server reveals CGI script source code
7087| [5160] Apache Jakarta Tomcat default installation
7088| [5099] Trustix Secure Linux installs Apache with world writable access
7089| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7090| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7091| [4931] Apache source.asp example file allows users to write to files
7092| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7093| [4205] Apache Jakarta Tomcat delivers file contents
7094| [2084] Apache on Debian by default serves the /usr/doc directory
7095| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7096| [697] Apache HTTP server beck exploit
7097| [331] Apache cookies buffer overflow
7098|
7099| Exploit-DB - https://www.exploit-db.com:
7100| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7101| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7102| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7103| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7104| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7105| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7106| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7107| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7108| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7109| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7110| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7111| [29859] Apache Roller OGNL Injection
7112| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7113| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7114| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7115| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7116| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7117| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7118| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7119| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7120| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7121| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7122| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7123| [27096] Apache Geronimo 1.0 Error Page XSS
7124| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7125| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7126| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7127| [25986] Plesk Apache Zeroday Remote Exploit
7128| [25980] Apache Struts includeParams Remote Code Execution
7129| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7130| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7131| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7132| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7133| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7134| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7135| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7136| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7137| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7138| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7139| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7140| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7141| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7142| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7143| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7144| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7145| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7146| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7147| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7148| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7149| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7150| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7151| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7152| [21719] Apache 2.0 Path Disclosure Vulnerability
7153| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7154| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7155| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7156| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7157| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7158| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7159| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7160| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7161| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7162| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7163| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7164| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7165| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7166| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7167| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7168| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7169| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7170| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7171| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7172| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7173| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7174| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7175| [20558] Apache 1.2 Web Server DoS Vulnerability
7176| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7177| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7178| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7179| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7180| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7181| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7182| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7183| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7184| [19231] PHP apache_request_headers Function Buffer Overflow
7185| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7186| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7187| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7188| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7189| [18442] Apache httpOnly Cookie Disclosure
7190| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7191| [18221] Apache HTTP Server Denial of Service
7192| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7193| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7194| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7195| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7196| [16782] Apache Win32 Chunked Encoding
7197| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7198| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7199| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7200| [15319] Apache 2.2 (Windows) Local Denial of Service
7201| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7202| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7203| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7204| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7205| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7206| [12330] Apache OFBiz - Multiple XSS
7207| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7208| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7209| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7210| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7211| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7212| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7213| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7214| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7215| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7216| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7217| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7218| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7219| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7220| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7221| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7222| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7223| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7224| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7225| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7226| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7227| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7228| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7229| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7230| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7231| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7232| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7233| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7234| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7235| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7236| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7237| [466] htpasswd Apache 1.3.31 - Local Exploit
7238| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7239| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7240| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7241| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7242| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7243| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7244| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7245| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7246| [9] Apache HTTP Server 2.x Memory Leak Exploit
7247|
7248| OpenVAS (Nessus) - http://www.openvas.org:
7249| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7250| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7251| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7252| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7253| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7254| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7255| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7256| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7257| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7258| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7259| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7260| [900571] Apache APR-Utils Version Detection
7261| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7262| [900496] Apache Tiles Multiple XSS Vulnerability
7263| [900493] Apache Tiles Version Detection
7264| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7265| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7266| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7267| [870175] RedHat Update for apache RHSA-2008:0004-01
7268| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7269| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7270| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7271| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7272| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7273| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7274| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7275| [855821] Solaris Update for Apache 1.3 122912-19
7276| [855812] Solaris Update for Apache 1.3 122911-19
7277| [855737] Solaris Update for Apache 1.3 122911-17
7278| [855731] Solaris Update for Apache 1.3 122912-17
7279| [855695] Solaris Update for Apache 1.3 122911-16
7280| [855645] Solaris Update for Apache 1.3 122912-16
7281| [855587] Solaris Update for kernel update and Apache 108529-29
7282| [855566] Solaris Update for Apache 116973-07
7283| [855531] Solaris Update for Apache 116974-07
7284| [855524] Solaris Update for Apache 2 120544-14
7285| [855494] Solaris Update for Apache 1.3 122911-15
7286| [855478] Solaris Update for Apache Security 114145-11
7287| [855472] Solaris Update for Apache Security 113146-12
7288| [855179] Solaris Update for Apache 1.3 122912-15
7289| [855147] Solaris Update for kernel update and Apache 108528-29
7290| [855077] Solaris Update for Apache 2 120543-14
7291| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7292| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7293| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7294| [841209] Ubuntu Update for apache2 USN-1627-1
7295| [840900] Ubuntu Update for apache2 USN-1368-1
7296| [840798] Ubuntu Update for apache2 USN-1259-1
7297| [840734] Ubuntu Update for apache2 USN-1199-1
7298| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7299| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7300| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7301| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7302| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7303| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7304| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7305| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7306| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7307| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7308| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7309| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7310| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7311| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7312| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7313| [835188] HP-UX Update for Apache HPSBUX02308
7314| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7315| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7316| [835172] HP-UX Update for Apache HPSBUX02365
7317| [835168] HP-UX Update for Apache HPSBUX02313
7318| [835148] HP-UX Update for Apache HPSBUX01064
7319| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7320| [835131] HP-UX Update for Apache HPSBUX00256
7321| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7322| [835104] HP-UX Update for Apache HPSBUX00224
7323| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7324| [835101] HP-UX Update for Apache HPSBUX01232
7325| [835080] HP-UX Update for Apache HPSBUX02273
7326| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7327| [835044] HP-UX Update for Apache HPSBUX01019
7328| [835040] HP-UX Update for Apache PHP HPSBUX00207
7329| [835025] HP-UX Update for Apache HPSBUX00197
7330| [835023] HP-UX Update for Apache HPSBUX01022
7331| [835022] HP-UX Update for Apache HPSBUX02292
7332| [835005] HP-UX Update for Apache HPSBUX02262
7333| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7334| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7335| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7336| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7337| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7338| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7339| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7340| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7341| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7342| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7343| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7344| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7345| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7346| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7347| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7348| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7349| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7350| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7351| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7352| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7353| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7354| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7355| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7356| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7357| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7358| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7359| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7360| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7361| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7362| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7363| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7364| [801942] Apache Archiva Multiple Vulnerabilities
7365| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7366| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7367| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7368| [801284] Apache Derby Information Disclosure Vulnerability
7369| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7370| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7371| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7372| [800680] Apache APR Version Detection
7373| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7374| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7375| [800677] Apache Roller Version Detection
7376| [800279] Apache mod_jk Module Version Detection
7377| [800278] Apache Struts Cross Site Scripting Vulnerability
7378| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7379| [800276] Apache Struts Version Detection
7380| [800271] Apache Struts Directory Traversal Vulnerability
7381| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7382| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7383| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7384| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7385| [103074] Apache Continuum Cross Site Scripting Vulnerability
7386| [103073] Apache Continuum Detection
7387| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7388| [101023] Apache Open For Business Weak Password security check
7389| [101020] Apache Open For Business HTML injection vulnerability
7390| [101019] Apache Open For Business service detection
7391| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7392| [100923] Apache Archiva Detection
7393| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7394| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7395| [100813] Apache Axis2 Detection
7396| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7397| [100795] Apache Derby Detection
7398| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7399| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7400| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7401| [100514] Apache Multiple Security Vulnerabilities
7402| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7403| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7404| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7405| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7406| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7407| [72612] FreeBSD Ports: apache22
7408| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7409| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7410| [71512] FreeBSD Ports: apache
7411| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7412| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7413| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7414| [70737] FreeBSD Ports: apache
7415| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7416| [70600] FreeBSD Ports: apache
7417| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7418| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7419| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7420| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7421| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7422| [67868] FreeBSD Ports: apache
7423| [66816] FreeBSD Ports: apache
7424| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7425| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7426| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7427| [66081] SLES11: Security update for Apache 2
7428| [66074] SLES10: Security update for Apache 2
7429| [66070] SLES9: Security update for Apache 2
7430| [65998] SLES10: Security update for apache2-mod_python
7431| [65893] SLES10: Security update for Apache 2
7432| [65888] SLES10: Security update for Apache 2
7433| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7434| [65510] SLES9: Security update for Apache 2
7435| [65472] SLES9: Security update for Apache
7436| [65467] SLES9: Security update for Apache
7437| [65450] SLES9: Security update for apache2
7438| [65390] SLES9: Security update for Apache2
7439| [65363] SLES9: Security update for Apache2
7440| [65309] SLES9: Security update for Apache and mod_ssl
7441| [65296] SLES9: Security update for webdav apache module
7442| [65283] SLES9: Security update for Apache2
7443| [65249] SLES9: Security update for Apache 2
7444| [65230] SLES9: Security update for Apache 2
7445| [65228] SLES9: Security update for Apache 2
7446| [65212] SLES9: Security update for apache2-mod_python
7447| [65209] SLES9: Security update for apache2-worker
7448| [65207] SLES9: Security update for Apache 2
7449| [65168] SLES9: Security update for apache2-mod_python
7450| [65142] SLES9: Security update for Apache2
7451| [65136] SLES9: Security update for Apache 2
7452| [65132] SLES9: Security update for apache
7453| [65131] SLES9: Security update for Apache 2 oes/CORE
7454| [65113] SLES9: Security update for apache2
7455| [65072] SLES9: Security update for apache and mod_ssl
7456| [65017] SLES9: Security update for Apache 2
7457| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7458| [64783] FreeBSD Ports: apache
7459| [64774] Ubuntu USN-802-2 (apache2)
7460| [64653] Ubuntu USN-813-2 (apache2)
7461| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7462| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7463| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7464| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7465| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7466| [64443] Ubuntu USN-802-1 (apache2)
7467| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7468| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7469| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7470| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7471| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7472| [64201] Ubuntu USN-787-1 (apache2)
7473| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7474| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7475| [63565] FreeBSD Ports: apache
7476| [63562] Ubuntu USN-731-1 (apache2)
7477| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7478| [61185] FreeBSD Ports: apache
7479| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7480| [60387] Slackware Advisory SSA:2008-045-02 apache
7481| [58826] FreeBSD Ports: apache-tomcat
7482| [58825] FreeBSD Ports: apache-tomcat
7483| [58804] FreeBSD Ports: apache
7484| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7485| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7486| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7487| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7488| [57335] Debian Security Advisory DSA 1167-1 (apache)
7489| [57201] Debian Security Advisory DSA 1131-1 (apache)
7490| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7491| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7492| [57145] FreeBSD Ports: apache
7493| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7494| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7495| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7496| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7497| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7498| [56067] FreeBSD Ports: apache
7499| [55803] Slackware Advisory SSA:2005-310-04 apache
7500| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7501| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7502| [55355] FreeBSD Ports: apache
7503| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7504| [55261] Debian Security Advisory DSA 805-1 (apache2)
7505| [55259] Debian Security Advisory DSA 803-1 (apache)
7506| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7507| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7508| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7509| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7510| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7511| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7512| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7513| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7514| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7515| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7516| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7517| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7518| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7519| [54439] FreeBSD Ports: apache
7520| [53931] Slackware Advisory SSA:2004-133-01 apache
7521| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7522| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7523| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7524| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7525| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7526| [53848] Debian Security Advisory DSA 131-1 (apache)
7527| [53784] Debian Security Advisory DSA 021-1 (apache)
7528| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7529| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7530| [53735] Debian Security Advisory DSA 187-1 (apache)
7531| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7532| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7533| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7534| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7535| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7536| [53282] Debian Security Advisory DSA 594-1 (apache)
7537| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7538| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7539| [53215] Debian Security Advisory DSA 525-1 (apache)
7540| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7541| [52529] FreeBSD Ports: apache+ssl
7542| [52501] FreeBSD Ports: apache
7543| [52461] FreeBSD Ports: apache
7544| [52390] FreeBSD Ports: apache
7545| [52389] FreeBSD Ports: apache
7546| [52388] FreeBSD Ports: apache
7547| [52383] FreeBSD Ports: apache
7548| [52339] FreeBSD Ports: apache+mod_ssl
7549| [52331] FreeBSD Ports: apache
7550| [52329] FreeBSD Ports: ru-apache+mod_ssl
7551| [52314] FreeBSD Ports: apache
7552| [52310] FreeBSD Ports: apache
7553| [15588] Detect Apache HTTPS
7554| [15555] Apache mod_proxy content-length buffer overflow
7555| [15554] Apache mod_include priviledge escalation
7556| [14771] Apache <= 1.3.33 htpasswd local overflow
7557| [14177] Apache mod_access rule bypass
7558| [13644] Apache mod_rootme Backdoor
7559| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7560| [12280] Apache Connection Blocking Denial of Service
7561| [12239] Apache Error Log Escape Sequence Injection
7562| [12123] Apache Tomcat source.jsp malformed request information disclosure
7563| [12085] Apache Tomcat servlet/JSP container default files
7564| [11438] Apache Tomcat Directory Listing and File disclosure
7565| [11204] Apache Tomcat Default Accounts
7566| [11092] Apache 2.0.39 Win32 directory traversal
7567| [11046] Apache Tomcat TroubleShooter Servlet Installed
7568| [11042] Apache Tomcat DOS Device Name XSS
7569| [11041] Apache Tomcat /servlet Cross Site Scripting
7570| [10938] Apache Remote Command Execution via .bat files
7571| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7572| [10773] MacOS X Finder reveals contents of Apache Web files
7573| [10766] Apache UserDir Sensitive Information Disclosure
7574| [10756] MacOS X Finder reveals contents of Apache Web directories
7575| [10752] Apache Auth Module SQL Insertion Attack
7576| [10704] Apache Directory Listing
7577| [10678] Apache /server-info accessible
7578| [10677] Apache /server-status accessible
7579| [10440] Check for Apache Multiple / vulnerability
7580|
7581| SecurityTracker - https://www.securitytracker.com:
7582| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7583| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7584| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7585| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7586| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7587| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7588| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7589| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7590| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7591| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7592| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7593| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7594| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7595| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7596| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7597| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7598| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7599| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7600| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7601| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7602| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7603| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7604| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7605| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7606| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7607| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7608| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7609| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7610| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7611| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7612| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7613| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7614| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7615| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7616| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7617| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7618| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7619| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7620| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7621| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7622| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7623| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7624| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7625| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7626| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7627| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7628| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7629| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7630| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7631| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7632| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7633| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7634| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7635| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7636| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7637| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7638| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7639| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7640| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7641| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7642| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7643| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7644| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7645| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7646| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7647| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7648| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7649| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7650| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7651| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7652| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7653| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7654| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7655| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7656| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7657| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7658| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7659| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7660| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7661| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7662| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7663| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7664| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7665| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7666| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7667| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7668| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7669| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7670| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7671| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7672| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7673| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7674| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7675| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7676| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7677| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7678| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7679| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7680| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7681| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7682| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7683| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7684| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7685| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7686| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7687| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7688| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7689| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7690| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7691| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7692| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7693| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7694| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7695| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7696| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7697| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7698| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7699| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7700| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7701| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7702| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7703| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7704| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7705| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7706| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7707| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7708| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7709| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7710| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7711| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7712| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7713| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7714| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7715| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7716| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7717| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7718| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7719| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7720| [1008920] Apache mod_digest May Validate Replayed Client Responses
7721| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7722| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7723| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7724| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7725| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7726| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7727| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7728| [1008029] Apache mod_alias Contains a Buffer Overflow
7729| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7730| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7731| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7732| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7733| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7734| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7735| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7736| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7737| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7738| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7739| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7740| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7741| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7742| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7743| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7744| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7745| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7746| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7747| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7748| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7749| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7750| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7751| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7752| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7753| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7754| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7755| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7756| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7757| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7758| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7759| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7760| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7761| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7762| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7763| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7764| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7765| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7766| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7767| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7768| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7769| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7770| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7771| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7772| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7773| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7774| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7775| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7776| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7777| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7778| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7779| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7780| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7781| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7782| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7783| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7784| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7785|
7786| OSVDB - http://www.osvdb.org:
7787| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7788| [96077] Apache CloudStack Global Settings Multiple Field XSS
7789| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7790| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7791| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7792| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7793| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7794| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7795| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7796| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7797| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7798| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7799| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7800| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7801| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7802| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7803| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7804| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7805| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7806| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7807| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7808| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7809| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7810| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7811| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7812| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7813| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7814| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7815| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7816| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7817| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7818| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7819| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7820| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7821| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7822| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7823| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7824| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7825| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7826| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7827| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7828| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7829| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7830| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7831| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7832| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7833| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7834| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7835| [94279] Apache Qpid CA Certificate Validation Bypass
7836| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7837| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7838| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7839| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7840| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7841| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7842| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7843| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7844| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
7845| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
7846| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
7847| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
7848| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
7849| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
7850| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
7851| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
7852| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
7853| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7854| [93541] Apache Solr json.wrf Callback XSS
7855| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
7856| [93521] Apache jUDDI Security API Token Session Persistence Weakness
7857| [93520] Apache CloudStack Default SSL Key Weakness
7858| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
7859| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
7860| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
7861| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
7862| [93515] Apache HBase table.jsp name Parameter XSS
7863| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7864| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
7865| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
7866| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
7867| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
7868| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
7869| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7870| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
7871| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
7872| [93252] Apache Tomcat FORM Authenticator Session Fixation
7873| [93172] Apache Camel camel/endpoints/ Endpoint XSS
7874| [93171] Apache Sling HtmlResponse Error Message XSS
7875| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
7876| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
7877| [93168] Apache Click ErrorReport.java id Parameter XSS
7878| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
7879| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
7880| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
7881| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
7882| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
7883| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
7884| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
7885| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
7886| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
7887| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
7888| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
7889| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
7890| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
7891| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7892| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
7893| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
7894| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
7895| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
7896| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
7897| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7898| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
7899| [93144] Apache Solr Admin Command Execution CSRF
7900| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
7901| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
7902| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
7903| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
7904| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
7905| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
7906| [92748] Apache CloudStack VM Console Access Restriction Bypass
7907| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
7908| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
7909| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
7910| [92706] Apache ActiveMQ Debug Log Rendering XSS
7911| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
7912| [92270] Apache Tomcat Unspecified CSRF
7913| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7914| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7915| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7916| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7917| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7918| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
7919| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7920| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
7921| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
7922| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
7923| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
7924| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
7925| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
7926| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
7927| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
7928| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
7929| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
7930| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
7931| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7932| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
7933| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
7934| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
7935| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7936| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7937| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
7938| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
7939| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7940| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
7941| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
7942| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7943| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7944| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
7945| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
7946| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
7947| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
7948| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
7949| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
7950| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
7951| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
7952| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
7953| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7954| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
7955| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7956| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
7957| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
7958| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
7959| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
7960| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
7961| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
7962| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
7963| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
7964| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
7965| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
7966| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
7967| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
7968| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
7969| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
7970| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
7971| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
7972| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7973| [86901] Apache Tomcat Error Message Path Disclosure
7974| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
7975| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
7976| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
7977| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
7978| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
7979| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
7980| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
7981| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
7982| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
7983| [85430] Apache mod_pagespeed Module Unspecified XSS
7984| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
7985| [85249] Apache Wicket Unspecified XSS
7986| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
7987| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7988| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7989| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
7990| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
7991| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7992| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
7993| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7994| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7995| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
7996| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
7997| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
7998| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
7999| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8000| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8001| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8002| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8003| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8004| [83339] Apache Roller Blogger Roll Unspecified XSS
8005| [83270] Apache Roller Unspecified Admin Action CSRF
8006| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8007| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8008| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8009| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8010| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8011| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8012| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8013| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8014| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8015| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8016| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8017| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8018| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8019| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8020| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8021| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8022| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8023| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8024| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8025| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8026| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8027| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8028| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8029| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8030| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8031| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8032| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8033| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8034| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8035| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8036| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8037| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8038| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8039| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8040| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8041| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8042| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8043| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8044| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8045| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8046| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8047| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8048| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8049| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8050| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8051| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8052| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8053| [77593] Apache Struts Conversion Error OGNL Expression Injection
8054| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8055| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8056| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8057| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8058| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8059| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8060| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8061| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8062| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8063| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8064| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8065| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8066| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8067| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8068| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8069| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8070| [74725] Apache Wicket Multi Window Support Unspecified XSS
8071| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8072| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8073| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8074| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8075| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8076| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8077| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8078| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8079| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8080| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8081| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8082| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8083| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8084| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8085| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8086| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8087| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8088| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8089| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8090| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8091| [73154] Apache Archiva Multiple Unspecified CSRF
8092| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8093| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8094| [72238] Apache Struts Action / Method Names <
8095| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8096| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8097| [71557] Apache Tomcat HTML Manager Multiple XSS
8098| [71075] Apache Archiva User Management Page XSS
8099| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8100| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8101| [70924] Apache Continuum Multiple Admin Function CSRF
8102| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8103| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8104| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8105| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8106| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8107| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8108| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8109| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8110| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8111| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8112| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8113| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8114| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8115| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8116| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8117| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8118| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8119| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8120| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8121| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8122| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8123| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8124| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8125| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8126| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8127| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8128| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8129| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8130| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8131| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8132| [65054] Apache ActiveMQ Jetty Error Handler XSS
8133| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8134| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8135| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8136| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8137| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8138| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8139| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8140| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8141| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8142| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8143| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8144| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8145| [63895] Apache HTTP Server mod_headers Unspecified Issue
8146| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8147| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8148| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8149| [63140] Apache Thrift Service Malformed Data Remote DoS
8150| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8151| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8152| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8153| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8154| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8155| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8156| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8157| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8158| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8159| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8160| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8161| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8162| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8163| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8164| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8165| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8166| [60678] Apache Roller Comment Email Notification Manipulation DoS
8167| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8168| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8169| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8170| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8171| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8172| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8173| [60232] PHP on Apache php.exe Direct Request Remote DoS
8174| [60176] Apache Tomcat Windows Installer Admin Default Password
8175| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8176| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8177| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8178| [59944] Apache Hadoop jobhistory.jsp XSS
8179| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8180| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8181| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8182| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8183| [59019] Apache mod_python Cookie Salting Weakness
8184| [59018] Apache Harmony Error Message Handling Overflow
8185| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8186| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8187| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8188| [59010] Apache Solr get-file.jsp XSS
8189| [59009] Apache Solr action.jsp XSS
8190| [59008] Apache Solr analysis.jsp XSS
8191| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8192| [59006] Apache Beehive select / checkbox Tag XSS
8193| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8194| [59004] Apache Beehive Error Message XSS
8195| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8196| [59002] Apache Jetspeed default-page.psml URI XSS
8197| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8198| [59000] Apache CXF Unsigned Message Policy Bypass
8199| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8200| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8201| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8202| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8203| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8204| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8205| [58993] Apache Hadoop browseBlock.jsp XSS
8206| [58991] Apache Hadoop browseDirectory.jsp XSS
8207| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8208| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8209| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8210| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8211| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8212| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8213| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8214| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8215| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8216| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8217| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8218| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8219| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8220| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8221| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8222| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8223| [58974] Apache Sling /apps Script User Session Management Access Weakness
8224| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8225| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8226| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8227| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8228| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8229| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8230| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8231| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8232| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8233| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8234| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8235| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8236| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8237| [58805] Apache Derby Unauthenticated Database / Admin Access
8238| [58804] Apache Wicket Header Contribution Unspecified Issue
8239| [58803] Apache Wicket Session Fixation
8240| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8241| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8242| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8243| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8244| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8245| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8246| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8247| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8248| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8249| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8250| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8251| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8252| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8253| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8254| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8255| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8256| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8257| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8258| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8259| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8260| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8261| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8262| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8263| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8264| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8265| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8266| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8267| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8268| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8269| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8270| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8271| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8272| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8273| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8274| [58755] Apache Harmony DRLVM Non-public Class Member Access
8275| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8276| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8277| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8278| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8279| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8280| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8281| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8282| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8283| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8284| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8285| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8286| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8287| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8288| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8289| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8290| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8291| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8292| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8293| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8294| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8295| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8296| [58724] Apache Roller Logout Functionality Failure Session Persistence
8297| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8298| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8299| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8300| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8301| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8302| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8303| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8304| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8305| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8306| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8307| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8308| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8309| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8310| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8311| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8312| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8313| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8314| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8315| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8316| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8317| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8318| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8319| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8320| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8321| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8322| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8323| [58687] Apache Axis Invalid wsdl Request XSS
8324| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8325| [58685] Apache Velocity Template Designer Privileged Code Execution
8326| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8327| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8328| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8329| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8330| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8331| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8332| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8333| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8334| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8335| [58667] Apache Roller Database Cleartext Passwords Disclosure
8336| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8337| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8338| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8339| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8340| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8341| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8342| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8343| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8344| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8345| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8346| [56984] Apache Xerces2 Java Malformed XML Input DoS
8347| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8348| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8349| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8350| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8351| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8352| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8353| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8354| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8355| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8356| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8357| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8358| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8359| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8360| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8361| [55056] Apache Tomcat Cross-application TLD File Manipulation
8362| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8363| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8364| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8365| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8366| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8367| [54589] Apache Jserv Nonexistent JSP Request XSS
8368| [54122] Apache Struts s:a / s:url Tag href Element XSS
8369| [54093] Apache ActiveMQ Web Console JMS Message XSS
8370| [53932] Apache Geronimo Multiple Admin Function CSRF
8371| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8372| [53930] Apache Geronimo /console/portal/ URI XSS
8373| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8374| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8375| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8376| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8377| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8378| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8379| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8380| [53380] Apache Struts Unspecified XSS
8381| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8382| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8383| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8384| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8385| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8386| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8387| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8388| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8389| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8390| [51151] Apache Roller Search Function q Parameter XSS
8391| [50482] PHP with Apache php_value Order Unspecified Issue
8392| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8393| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8394| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8395| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8396| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8397| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8398| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8399| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8400| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8401| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8402| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8403| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8404| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8405| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8406| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8407| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8408| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8409| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8410| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8411| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8412| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8413| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8414| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8415| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8416| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8417| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8418| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8419| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8420| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8421| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8422| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8423| [43452] Apache Tomcat HTTP Request Smuggling
8424| [43309] Apache Geronimo LoginModule Login Method Bypass
8425| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8426| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8427| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8428| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8429| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8430| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8431| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8432| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8433| [42091] Apache Maven Site Plugin Installation Permission Weakness
8434| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8435| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8436| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8437| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8438| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8439| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8440| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8441| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8442| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8443| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8444| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8445| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8446| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8447| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8448| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8449| [40262] Apache HTTP Server mod_status refresh XSS
8450| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8451| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8452| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8453| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8454| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8455| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8456| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8457| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8458| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8459| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8460| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8461| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8462| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8463| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8464| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8465| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8466| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8467| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8468| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8469| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8470| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8471| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8472| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8473| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8474| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8475| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8476| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8477| [36079] Apache Tomcat Manager Uploaded Filename XSS
8478| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8479| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8480| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8481| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8482| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8483| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8484| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8485| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8486| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8487| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8488| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8489| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8490| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8491| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8492| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8493| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8494| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8495| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8496| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8497| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8498| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8499| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8500| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8501| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8502| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8503| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8504| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8505| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8506| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8507| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8508| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8509| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8510| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8511| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8512| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8513| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8514| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8515| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8516| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8517| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8518| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8519| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8520| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8521| [24365] Apache Struts Multiple Function Error Message XSS
8522| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8523| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8524| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8525| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8526| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8527| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8528| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8529| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8530| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8531| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8532| [22459] Apache Geronimo Error Page XSS
8533| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8534| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8535| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8536| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8537| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8538| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8539| [21021] Apache Struts Error Message XSS
8540| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8541| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8542| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8543| [20439] Apache Tomcat Directory Listing Saturation DoS
8544| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8545| [20285] Apache HTTP Server Log File Control Character Injection
8546| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8547| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8548| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8549| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8550| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8551| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8552| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8553| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8554| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8555| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8556| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8557| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8558| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8559| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8560| [18233] Apache HTTP Server htdigest user Variable Overfow
8561| [17738] Apache HTTP Server HTTP Request Smuggling
8562| [16586] Apache HTTP Server Win32 GET Overflow DoS
8563| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8564| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8565| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8566| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8567| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8568| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8569| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8570| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8571| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8572| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8573| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8574| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8575| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8576| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8577| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8578| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8579| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8580| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8581| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8582| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8583| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8584| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8585| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8586| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8587| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8588| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8589| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8590| [13304] Apache Tomcat realPath.jsp Path Disclosure
8591| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8592| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8593| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8594| [12848] Apache HTTP Server htdigest realm Variable Overflow
8595| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8596| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8597| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8598| [12557] Apache HTTP Server prefork MPM accept Error DoS
8599| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8600| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8601| [12231] Apache Tomcat web.xml Arbitrary File Access
8602| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8603| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8604| [12178] Apache Jakarta Lucene results.jsp XSS
8605| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8606| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8607| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8608| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8609| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8610| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8611| [10471] Apache Xerces-C++ XML Parser DoS
8612| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8613| [10068] Apache HTTP Server htpasswd Local Overflow
8614| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8615| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8616| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8617| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8618| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8619| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8620| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8621| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8622| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8623| [9714] Apache Authentication Module Threaded MPM DoS
8624| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8625| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8626| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8627| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8628| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8629| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8630| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8631| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8632| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8633| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8634| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8635| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8636| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8637| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8638| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8639| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8640| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8641| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8642| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8643| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8644| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8645| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8646| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8647| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8648| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8649| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8650| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8651| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8652| [9208] Apache Tomcat .jsp Encoded Newline XSS
8653| [9204] Apache Tomcat ROOT Application XSS
8654| [9203] Apache Tomcat examples Application XSS
8655| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8656| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8657| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8658| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8659| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8660| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8661| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8662| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8663| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8664| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8665| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8666| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8667| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8668| [7611] Apache HTTP Server mod_alias Local Overflow
8669| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8670| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8671| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8672| [6882] Apache mod_python Malformed Query String Variant DoS
8673| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8674| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8675| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8676| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8677| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8678| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8679| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8680| [5278] Apache Tomcat web.xml Restriction Bypass
8681| [5051] Apache Tomcat Null Character DoS
8682| [4973] Apache Tomcat servlet Mapping XSS
8683| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8684| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8685| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8686| [4568] mod_survey For Apache ENV Tags SQL Injection
8687| [4553] Apache HTTP Server ApacheBench Overflow DoS
8688| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8689| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8690| [4383] Apache HTTP Server Socket Race Condition DoS
8691| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8692| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8693| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8694| [4231] Apache Cocoon Error Page Server Path Disclosure
8695| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8696| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8697| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8698| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8699| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8700| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8701| [3322] mod_php for Apache HTTP Server Process Hijack
8702| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8703| [2885] Apache mod_python Malformed Query String DoS
8704| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8705| [2733] Apache HTTP Server mod_rewrite Local Overflow
8706| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8707| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8708| [2149] Apache::Gallery Privilege Escalation
8709| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8710| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8711| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8712| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8713| [872] Apache Tomcat Multiple Default Accounts
8714| [862] Apache HTTP Server SSI Error Page XSS
8715| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8716| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8717| [845] Apache Tomcat MSDOS Device XSS
8718| [844] Apache Tomcat Java Servlet Error Page XSS
8719| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8720| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8721| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8722| [775] Apache mod_python Module Importing Privilege Function Execution
8723| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8724| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8725| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8726| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8727| [637] Apache HTTP Server UserDir Directive Username Enumeration
8728| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8729| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8730| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8731| [561] Apache Web Servers mod_status /server-status Information Disclosure
8732| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8733| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8734| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8735| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8736| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8737| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8738| [376] Apache Tomcat contextAdmin Arbitrary File Access
8739| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8740| [222] Apache HTTP Server test-cgi Arbitrary File Access
8741| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8742| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8743|_
8744110/tcp open pop3 Dovecot pop3d
8745| vulscan: VulDB - https://vuldb.com:
8746| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8747| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
8748| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
8749| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
8750| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
8751| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
8752| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
8753| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
8754| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
8755| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
8756| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
8757| [69835] Dovecot 2.2.0/2.2.1 denial of service
8758| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
8759| [65684] Dovecot up to 2.2.6 unknown vulnerability
8760| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
8761| [63692] Dovecot up to 2.0.15 spoofing
8762| [7062] Dovecot 2.1.10 mail-search.c denial of service
8763| [57517] Dovecot up to 2.0.12 Login directory traversal
8764| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
8765| [57515] Dovecot up to 2.0.12 Crash denial of service
8766| [54944] Dovecot up to 1.2.14 denial of service
8767| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
8768| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
8769| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
8770| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
8771| [53277] Dovecot up to 1.2.10 denial of service
8772| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
8773| [45256] Dovecot up to 1.1.5 directory traversal
8774| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
8775| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8776| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8777| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
8778| [40356] Dovecot 1.0.9 Cache unknown vulnerability
8779| [38222] Dovecot 1.0.2 directory traversal
8780| [36376] Dovecot up to 1.0.x directory traversal
8781| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
8782|
8783| MITRE CVE - https://cve.mitre.org:
8784| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
8785| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
8786| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
8787| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
8788| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
8789| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
8790| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
8791| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8792| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8793| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
8794| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
8795| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
8796| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
8797| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
8798| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
8799| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
8800| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
8801| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
8802| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
8803| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
8804| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
8805| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
8806| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
8807| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
8808| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
8809| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
8810| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
8811| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
8812| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
8813| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
8814| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
8815| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
8816| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
8817| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
8818| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
8819| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
8820| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
8821|
8822| SecurityFocus - https://www.securityfocus.com/bid/:
8823| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
8824| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
8825| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
8826| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
8827| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
8828| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
8829| [67306] Dovecot Denial of Service Vulnerability
8830| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
8831| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
8832| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
8833| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8834| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
8835| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
8836| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
8837| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
8838| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
8839| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
8840| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
8841| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
8842| [39838] tpop3d Remote Denial of Service Vulnerability
8843| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
8844| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
8845| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
8846| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
8847| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
8848| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
8849| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
8850| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
8851| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
8852| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
8853| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
8854| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
8855| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
8856| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
8857| [17961] Dovecot Remote Information Disclosure Vulnerability
8858| [16672] Dovecot Double Free Denial of Service Vulnerability
8859| [8495] akpop3d User Name SQL Injection Vulnerability
8860| [8473] Vpop3d Remote Denial Of Service Vulnerability
8861| [3990] ZPop3D Bad Login Logging Failure Vulnerability
8862| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
8863|
8864| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8865| [86382] Dovecot POP3 Service denial of service
8866| [84396] Dovecot IMAP APPEND denial of service
8867| [80453] Dovecot mail-search.c denial of service
8868| [71354] Dovecot SSL Common Name (CN) weak security
8869| [67675] Dovecot script-login security bypass
8870| [67674] Dovecot script-login directory traversal
8871| [67589] Dovecot header name denial of service
8872| [63267] Apple Mac OS X Dovecot information disclosure
8873| [62340] Dovecot mailbox security bypass
8874| [62339] Dovecot IMAP or POP3 denial of service
8875| [62256] Dovecot mailbox security bypass
8876| [62255] Dovecot ACL entry security bypass
8877| [60639] Dovecot ACL plugin weak security
8878| [57267] Apple Mac OS X Dovecot Kerberos security bypass
8879| [56763] Dovecot header denial of service
8880| [54363] Dovecot base_dir privilege escalation
8881| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
8882| [46323] Dovecot dovecot.conf information disclosure
8883| [46227] Dovecot message parsing denial of service
8884| [45669] Dovecot ACL mailbox security bypass
8885| [45667] Dovecot ACL plugin rights security bypass
8886| [41085] Dovecot TAB characters authentication bypass
8887| [41009] Dovecot mail_extra_groups option unauthorized access
8888| [39342] Dovecot LDAP auth cache configuration security bypass
8889| [35767] Dovecot ACL plugin security bypass
8890| [34082] Dovecot mbox-storage.c directory traversal
8891| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
8892| [26578] Cyrus IMAP pop3d buffer overflow
8893| [26536] Dovecot IMAP LIST information disclosure
8894| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
8895| [24709] Dovecot APPEND command denial of service
8896| [13018] akpop3d authentication code SQL injection
8897| [7345] Slackware Linux imapd and ipop3d core dump
8898| [6269] imap, ipop2d and ipop3d buffer overflows
8899| [5923] Linuxconf vpop3d symbolic link
8900| [4918] IPOP3D, Buffer overflow attack
8901| [1560] IPOP3D, user login successful
8902| [1559] IPOP3D user login to remote host successful
8903| [1525] IPOP3D, user logout
8904| [1524] IPOP3D, user auto-logout
8905| [1523] IPOP3D, user login failure
8906| [1522] IPOP3D, brute force attack
8907| [1521] IPOP3D, user kiss of death logout
8908| [418] pop3d mktemp creates insecure temporary files
8909|
8910| Exploit-DB - https://www.exploit-db.com:
8911| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
8912| [23053] Vpop3d Remote Denial of Service Vulnerability
8913| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
8914| [11893] tPop3d 1.5.3 DoS
8915| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
8916| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
8917| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
8918| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
8919|
8920| OpenVAS (Nessus) - http://www.openvas.org:
8921| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
8922| [901025] Dovecot Version Detection
8923| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
8924| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
8925| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
8926| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
8927| [870607] RedHat Update for dovecot RHSA-2011:0600-01
8928| [870471] RedHat Update for dovecot RHSA-2011:1187-01
8929| [870153] RedHat Update for dovecot RHSA-2008:0297-02
8930| [863272] Fedora Update for dovecot FEDORA-2011-7612
8931| [863115] Fedora Update for dovecot FEDORA-2011-7258
8932| [861525] Fedora Update for dovecot FEDORA-2007-664
8933| [861394] Fedora Update for dovecot FEDORA-2007-493
8934| [861333] Fedora Update for dovecot FEDORA-2007-1485
8935| [860845] Fedora Update for dovecot FEDORA-2008-9202
8936| [860663] Fedora Update for dovecot FEDORA-2008-2475
8937| [860169] Fedora Update for dovecot FEDORA-2008-2464
8938| [860089] Fedora Update for dovecot FEDORA-2008-9232
8939| [840950] Ubuntu Update for dovecot USN-1295-1
8940| [840668] Ubuntu Update for dovecot USN-1143-1
8941| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
8942| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
8943| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
8944| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
8945| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
8946| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
8947| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
8948| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
8949| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
8950| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
8951| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
8952| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
8953| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
8954| [70259] FreeBSD Ports: dovecot
8955| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
8956| [66522] FreeBSD Ports: dovecot
8957| [65010] Ubuntu USN-838-1 (dovecot)
8958| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
8959| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
8960| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
8961| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
8962| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
8963| [62854] FreeBSD Ports: dovecot-managesieve
8964| [61916] FreeBSD Ports: dovecot
8965| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
8966| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
8967| [60528] FreeBSD Ports: dovecot
8968| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
8969| [60089] FreeBSD Ports: dovecot
8970| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
8971| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
8972|
8973| SecurityTracker - https://www.securitytracker.com:
8974| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
8975| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
8976| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
8977|
8978| OSVDB - http://www.osvdb.org:
8979| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
8980| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
8981| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8982| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
8983| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
8984| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
8985| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
8986| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
8987| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
8988| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
8989| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
8990| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
8991| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
8992| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
8993| [66113] Dovecot Mail Root Directory Creation Permission Weakness
8994| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
8995| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
8996| [66110] Dovecot Multiple Unspecified Buffer Overflows
8997| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
8998| [64783] Dovecot E-mail Message Header Unspecified DoS
8999| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9000| [62796] Dovecot mbox Format Email Header Handling DoS
9001| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9002| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9003| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9004| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9005| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9006| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9007| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9008| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9009| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9010| [39876] Dovecot LDAP Auth Cache Security Bypass
9011| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9012| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9013| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9014| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9015| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9016| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9017| [23280] Dovecot Malformed APPEND Command DoS
9018| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
9019| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9020| [5857] Linux pop3d Arbitrary Mail File Access
9021| [2471] akpop3d username SQL Injection
9022|_
9023143/tcp open imap Dovecot imapd
9024| vulscan: VulDB - https://vuldb.com:
9025| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
9026| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
9027| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
9028| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
9029| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
9030| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
9031| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
9032| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
9033| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
9034| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
9035| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
9036| [69835] Dovecot 2.2.0/2.2.1 denial of service
9037| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
9038| [65684] Dovecot up to 2.2.6 unknown vulnerability
9039| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
9040| [63692] Dovecot up to 2.0.15 spoofing
9041| [7062] Dovecot 2.1.10 mail-search.c denial of service
9042| [59792] Cyrus IMAPd 2.4.11 weak authentication
9043| [57517] Dovecot up to 2.0.12 Login directory traversal
9044| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
9045| [57515] Dovecot up to 2.0.12 Crash denial of service
9046| [54944] Dovecot up to 1.2.14 denial of service
9047| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
9048| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
9049| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
9050| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
9051| [53277] Dovecot up to 1.2.10 denial of service
9052| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
9053| [45256] Dovecot up to 1.1.5 directory traversal
9054| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
9055| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9056| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9057| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
9058| [40356] Dovecot 1.0.9 Cache unknown vulnerability
9059| [38222] Dovecot 1.0.2 directory traversal
9060| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
9061| [36376] Dovecot up to 1.0.x directory traversal
9062| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
9063| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
9064|
9065| MITRE CVE - https://cve.mitre.org:
9066| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
9067| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
9068| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
9069| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
9070| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
9071| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
9072| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
9073| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
9074| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
9075| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
9076| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9077| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9078| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
9079| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
9080| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
9081| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
9082| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
9083| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9084| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
9085| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
9086| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
9087| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
9088| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
9089| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
9090| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
9091| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
9092| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
9093| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
9094| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
9095| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
9096| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
9097| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
9098| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
9099| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
9100| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
9101| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
9102| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
9103| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
9104| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
9105| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
9106| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
9107| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
9108| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
9109| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
9110| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
9111| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
9112| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
9113| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
9114| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
9115| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
9116| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
9117| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
9118| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
9119| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
9120| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
9121| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
9122| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
9123| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
9124| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
9125|
9126| SecurityFocus - https://www.securityfocus.com/bid/:
9127| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
9128| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
9129| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
9130| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
9131| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
9132| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
9133| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
9134| [67306] Dovecot Denial of Service Vulnerability
9135| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
9136| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
9137| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
9138| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9139| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
9140| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9141| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
9142| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9143| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
9144| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9145| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9146| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9147| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9148| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9149| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9150| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9151| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9152| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9153| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9154| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9155| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9156| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9157| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9158| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
9159| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
9160| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9161| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9162| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
9163| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9164| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9165| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9166| [17961] Dovecot Remote Information Disclosure Vulnerability
9167| [16672] Dovecot Double Free Denial of Service Vulnerability
9168| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
9169| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
9170| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
9171| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
9172| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
9173| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
9174| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
9175| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
9176| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
9177| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
9178| [130] imapd Buffer Overflow Vulnerability
9179|
9180| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9181| [86382] Dovecot POP3 Service denial of service
9182| [84396] Dovecot IMAP APPEND denial of service
9183| [80453] Dovecot mail-search.c denial of service
9184| [71354] Dovecot SSL Common Name (CN) weak security
9185| [70325] Cyrus IMAPd NNTP security bypass
9186| [67675] Dovecot script-login security bypass
9187| [67674] Dovecot script-login directory traversal
9188| [67589] Dovecot header name denial of service
9189| [63267] Apple Mac OS X Dovecot information disclosure
9190| [62340] Dovecot mailbox security bypass
9191| [62339] Dovecot IMAP or POP3 denial of service
9192| [62256] Dovecot mailbox security bypass
9193| [62255] Dovecot ACL entry security bypass
9194| [60639] Dovecot ACL plugin weak security
9195| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9196| [56763] Dovecot header denial of service
9197| [54363] Dovecot base_dir privilege escalation
9198| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9199| [47526] UW-imapd rfc822_output_char() denial of service
9200| [46323] Dovecot dovecot.conf information disclosure
9201| [46227] Dovecot message parsing denial of service
9202| [45669] Dovecot ACL mailbox security bypass
9203| [45667] Dovecot ACL plugin rights security bypass
9204| [41085] Dovecot TAB characters authentication bypass
9205| [41009] Dovecot mail_extra_groups option unauthorized access
9206| [39342] Dovecot LDAP auth cache configuration security bypass
9207| [35767] Dovecot ACL plugin security bypass
9208| [34082] Dovecot mbox-storage.c directory traversal
9209| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9210| [26536] Dovecot IMAP LIST information disclosure
9211| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9212| [24709] Dovecot APPEND command denial of service
9213| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
9214| [19460] Cyrus IMAP imapd buffer overflow
9215| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
9216| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
9217| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
9218| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
9219| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
9220| [7345] Slackware Linux imapd and ipop3d core dump
9221| [573] Imapd denial of service
9222|
9223| Exploit-DB - https://www.exploit-db.com:
9224| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
9225| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9226| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
9227| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
9228| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
9229| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
9230| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
9231| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
9232| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
9233| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
9234| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
9235| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9236| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
9237| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
9238| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
9239| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
9240| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
9241| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
9242| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9243| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
9244| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
9245| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
9246| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9247| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9248| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9249| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
9250| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
9251| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
9252| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
9253| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
9254| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
9255| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
9256| [340] Linux imapd Remote Overflow File Retrieve Exploit
9257|
9258| OpenVAS (Nessus) - http://www.openvas.org:
9259| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9260| [901025] Dovecot Version Detection
9261| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
9262| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
9263| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9264| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
9265| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
9266| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9267| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
9268| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
9269| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
9270| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
9271| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
9272| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9273| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
9274| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9275| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
9276| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
9277| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
9278| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
9279| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
9280| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9281| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
9282| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
9283| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9284| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
9285| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9286| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
9287| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
9288| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
9289| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
9290| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
9291| [863272] Fedora Update for dovecot FEDORA-2011-7612
9292| [863115] Fedora Update for dovecot FEDORA-2011-7258
9293| [861525] Fedora Update for dovecot FEDORA-2007-664
9294| [861394] Fedora Update for dovecot FEDORA-2007-493
9295| [861333] Fedora Update for dovecot FEDORA-2007-1485
9296| [860845] Fedora Update for dovecot FEDORA-2008-9202
9297| [860663] Fedora Update for dovecot FEDORA-2008-2475
9298| [860169] Fedora Update for dovecot FEDORA-2008-2464
9299| [860089] Fedora Update for dovecot FEDORA-2008-9232
9300| [840950] Ubuntu Update for dovecot USN-1295-1
9301| [840668] Ubuntu Update for dovecot USN-1143-1
9302| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9303| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9304| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9305| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9306| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9307| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
9308| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
9309| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
9310| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9311| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9312| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
9313| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9314| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9315| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9316| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9317| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
9318| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9319| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9320| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
9321| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
9322| [70259] FreeBSD Ports: dovecot
9323| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
9324| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9325| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
9326| [66522] FreeBSD Ports: dovecot
9327| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
9328| [66233] SLES10: Security update for Cyrus IMAPD
9329| [66226] SLES11: Security update for Cyrus IMAPD
9330| [66222] SLES9: Security update for Cyrus IMAPD
9331| [65938] SLES10: Security update for Cyrus IMAPD
9332| [65723] SLES11: Security update for Cyrus IMAPD
9333| [65523] SLES9: Security update for Cyrus IMAPD
9334| [65479] SLES9: Security update for cyrus-imapd
9335| [65094] SLES9: Security update for cyrus-imapd
9336| [65010] Ubuntu USN-838-1 (dovecot)
9337| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
9338| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9339| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
9340| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
9341| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
9342| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9343| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9344| [64898] FreeBSD Ports: cyrus-imapd
9345| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
9346| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9347| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
9348| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
9349| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
9350| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
9351| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9352| [62854] FreeBSD Ports: dovecot-managesieve
9353| [61916] FreeBSD Ports: dovecot
9354| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9355| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9356| [60528] FreeBSD Ports: dovecot
9357| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9358| [60089] FreeBSD Ports: dovecot
9359| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9360| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9361| [55807] Slackware Advisory SSA:2005-310-06 imapd
9362| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
9363| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
9364| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
9365| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
9366| [52297] FreeBSD Ports: cyrus-imapd
9367| [52296] FreeBSD Ports: cyrus-imapd
9368| [52295] FreeBSD Ports: cyrus-imapd
9369| [52294] FreeBSD Ports: cyrus-imapd
9370| [52172] FreeBSD Ports: cyrus-imapd
9371|
9372| SecurityTracker - https://www.securitytracker.com:
9373| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9374| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9375| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9376| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
9377|
9378| OSVDB - http://www.osvdb.org:
9379| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9380| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9381| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9382| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9383| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
9384| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9385| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
9386| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9387| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9388| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9389| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9390| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9391| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9392| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9393| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9394| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9395| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9396| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9397| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9398| [66110] Dovecot Multiple Unspecified Buffer Overflows
9399| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9400| [64783] Dovecot E-mail Message Header Unspecified DoS
9401| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9402| [62796] Dovecot mbox Format Email Header Handling DoS
9403| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9404| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9405| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
9406| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
9407| [52906] UW-imapd c-client Initial Request Remote Format String
9408| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
9409| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
9410| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9411| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9412| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
9413| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
9414| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9415| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9416| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9417| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9418| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9419| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
9420| [39876] Dovecot LDAP Auth Cache Security Bypass
9421| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
9422| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9423| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9424| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
9425| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
9426| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
9427| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9428| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9429| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9430| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9431| [23280] Dovecot Malformed APPEND Command DoS
9432| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
9433| [13242] UW-imapd CRAM-MD5 Authentication Bypass
9434| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
9435| [12042] UoW imapd Multiple Unspecified Overflows
9436| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
9437| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9438| [911] UoW imapd AUTHENTICATE Command Remote Overflow
9439| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
9440| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
9441|_
9442443/tcp open ssl/http Apache httpd (PHP 5.6.40)
9443| vulscan: VulDB - https://vuldb.com:
9444| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
9445| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
9446| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
9447| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
9448| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
9449| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
9450| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
9451| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
9452| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
9453| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
9454| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
9455| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
9456| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
9457| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
9458| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
9459| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
9460| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
9461| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
9462| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
9463| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
9464| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
9465| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
9466| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
9467| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
9468| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
9469| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
9470| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
9471| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
9472| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
9473| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
9474| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
9475| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
9476| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9477| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9478| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
9479| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9480| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
9481| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
9482| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
9483| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
9484| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9485| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9486| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
9487| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
9488| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
9489| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9490| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9491| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
9492| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
9493| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9494| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9495| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
9496| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
9497| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
9498| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
9499| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
9500| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
9501| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
9502| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
9503| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
9504| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
9505| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9506| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9507| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
9508| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
9509| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9510| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
9511| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
9512| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
9513| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
9514| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
9515| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
9516| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
9517| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
9518| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
9519| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
9520| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
9521| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
9522| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
9523| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
9524| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
9525| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
9526| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
9527| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
9528| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
9529| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
9530| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
9531| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
9532| [136370] Apache Fineract up to 1.2.x sql injection
9533| [136369] Apache Fineract up to 1.2.x sql injection
9534| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
9535| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
9536| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
9537| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
9538| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
9539| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9540| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9541| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9542| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9543| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9544| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9545| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9546| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9547| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9548| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9549| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9550| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9551| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9552| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9553| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9554| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9555| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9556| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9557| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9558| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9559| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9560| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9561| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9562| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9563| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9564| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9565| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9566| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9567| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9568| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9569| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9570| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9571| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9572| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9573| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9574| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9575| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9576| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9577| [130629] Apache Guacamole Cookie Flag weak encryption
9578| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9579| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9580| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9581| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9582| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9583| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9584| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9585| [130123] Apache Airflow up to 1.8.2 information disclosure
9586| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9587| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9588| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9589| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9590| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9591| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9592| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9593| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9594| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9595| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9596| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9597| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9598| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9599| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9600| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9601| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9602| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9603| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9604| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9605| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9606| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9607| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9608| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9609| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9610| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9611| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9612| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9613| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9614| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9615| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9616| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9617| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9618| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9619| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9620| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9621| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9622| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9623| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9624| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9625| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9626| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9627| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9628| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9629| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9630| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9631| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9632| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9633| [127007] Apache Spark Request Code Execution
9634| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9635| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9636| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9637| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9638| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9639| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9640| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9641| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9642| [126346] Apache Tomcat Path privilege escalation
9643| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9644| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9645| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9646| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9647| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9648| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9649| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9650| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9651| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9652| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9653| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9654| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9655| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9656| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9657| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9658| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9659| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9660| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9661| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9662| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9663| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9664| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9665| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9666| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9667| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9668| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9669| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9670| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9671| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9672| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9673| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9674| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9675| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9676| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9677| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9678| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9679| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9680| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9681| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9682| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9683| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9684| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9685| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9686| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9687| [123197] Apache Sentry up to 2.0.0 privilege escalation
9688| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9689| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9690| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9691| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9692| [122800] Apache Spark 1.3.0 REST API weak authentication
9693| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9694| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9695| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9696| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9697| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9698| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9699| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9700| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9701| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9702| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9703| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9704| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9705| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9706| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9707| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9708| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9709| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9710| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9711| [121354] Apache CouchDB HTTP API Code Execution
9712| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9713| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9714| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9715| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9716| [120168] Apache CXF weak authentication
9717| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9718| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9719| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9720| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9721| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9722| [119306] Apache MXNet Network Interface privilege escalation
9723| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9724| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9725| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9726| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9727| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9728| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9729| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9730| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9731| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9732| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9733| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9734| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9735| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9736| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9737| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9738| [117115] Apache Tika up to 1.17 tika-server command injection
9739| [116929] Apache Fineract getReportType Parameter privilege escalation
9740| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9741| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9742| [116926] Apache Fineract REST Parameter privilege escalation
9743| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9744| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9745| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9746| [115883] Apache Hive up to 2.3.2 privilege escalation
9747| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9748| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9749| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9750| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9751| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9752| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9753| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9754| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9755| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9756| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9757| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9758| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9759| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9760| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9761| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9762| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9763| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9764| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9765| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9766| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9767| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9768| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9769| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9770| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9771| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9772| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9773| [113895] Apache Geode up to 1.3.x Code Execution
9774| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9775| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9776| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9777| [113747] Apache Tomcat Servlets privilege escalation
9778| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9779| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9780| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9781| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9782| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9783| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9784| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9785| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9786| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9787| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9788| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9789| [112885] Apache Allura up to 1.8.0 File information disclosure
9790| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9791| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9792| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9793| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9794| [112625] Apache POI up to 3.16 Loop denial of service
9795| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9796| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9797| [112339] Apache NiFi 1.5.0 Header privilege escalation
9798| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9799| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9800| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9801| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9802| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9803| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9804| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9805| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9806| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9807| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9808| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9809| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9810| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9811| [112114] Oracle 9.1 Apache Log4j privilege escalation
9812| [112113] Oracle 9.1 Apache Log4j privilege escalation
9813| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9814| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9815| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9816| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9817| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9818| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9819| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9820| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9821| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9822| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9823| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9824| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9825| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9826| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9827| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9828| [110701] Apache Fineract Query Parameter sql injection
9829| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9830| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9831| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9832| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9833| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
9834| [110106] Apache CXF Fediz Spring cross site request forgery
9835| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
9836| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
9837| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
9838| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
9839| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
9840| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
9841| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
9842| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
9843| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
9844| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
9845| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
9846| [108938] Apple macOS up to 10.13.1 apache denial of service
9847| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
9848| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
9849| [108935] Apple macOS up to 10.13.1 apache denial of service
9850| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
9851| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
9852| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
9853| [108931] Apple macOS up to 10.13.1 apache denial of service
9854| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
9855| [108929] Apple macOS up to 10.13.1 apache denial of service
9856| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
9857| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
9858| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
9859| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
9860| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
9861| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
9862| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
9863| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
9864| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
9865| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
9866| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
9867| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
9868| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
9869| [108782] Apache Xerces2 XML Service denial of service
9870| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
9871| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
9872| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
9873| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
9874| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
9875| [108629] Apache OFBiz up to 10.04.01 privilege escalation
9876| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
9877| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
9878| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
9879| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
9880| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
9881| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
9882| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
9883| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
9884| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
9885| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
9886| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
9887| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
9888| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
9889| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
9890| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9891| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
9892| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
9893| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9894| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
9895| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
9896| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
9897| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
9898| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
9899| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
9900| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
9901| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
9902| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
9903| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
9904| [107639] Apache NiFi 1.4.0 XML External Entity
9905| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9906| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9907| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9908| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9909| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9910| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9911| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9912| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9913| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9914| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9915| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9916| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9917| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9918| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9919| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9920| [107084] Apache Struts up to 2.3.19 cross site scripting
9921| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9922| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9923| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9924| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9925| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9926| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9927| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9928| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9929| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9930| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9931| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9932| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9933| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9934| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9935| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9936| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9937| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9938| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9939| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9940| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9941| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9942| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9943| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9944| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9945| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9946| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9947| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9948| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9949| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9950| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9951| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9952| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9953| [105643] Apache Pony Mail up to 0.8b weak authentication
9954| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9955| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9956| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9957| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9958| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9959| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9960| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9961| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9962| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9963| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9964| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9965| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9966| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9967| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9968| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9969| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9970| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9971| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9972| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9973| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9974| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9975| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9976| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9977| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9978| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9979| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9980| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9981| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9982| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9983| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9984| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9985| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9986| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9987| [103690] Apache OpenMeetings 1.0.0 sql injection
9988| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9989| [103688] Apache OpenMeetings 1.0.0 weak encryption
9990| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9991| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9992| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9993| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9994| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9995| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9996| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9997| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9998| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9999| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
10000| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
10001| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
10002| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
10003| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
10004| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
10005| [103352] Apache Solr Node weak authentication
10006| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
10007| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
10008| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
10009| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
10010| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
10011| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
10012| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
10013| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
10014| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
10015| [102536] Apache Ranger up to 0.6 Stored cross site scripting
10016| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
10017| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
10018| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
10019| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
10020| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
10021| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
10022| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
10023| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
10024| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
10025| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
10026| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
10027| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
10028| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
10029| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
10030| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
10031| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
10032| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
10033| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
10034| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
10035| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
10036| [99937] Apache Batik up to 1.8 privilege escalation
10037| [99936] Apache FOP up to 2.1 privilege escalation
10038| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
10039| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
10040| [99930] Apache Traffic Server up to 6.2.0 denial of service
10041| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
10042| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
10043| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
10044| [117569] Apache Hadoop up to 2.7.3 privilege escalation
10045| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
10046| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
10047| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
10048| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
10049| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
10050| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
10051| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
10052| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
10053| [99014] Apache Camel Jackson/JacksonXML privilege escalation
10054| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10055| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
10056| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
10057| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
10058| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
10059| [98605] Apple macOS up to 10.12.3 Apache denial of service
10060| [98604] Apple macOS up to 10.12.3 Apache denial of service
10061| [98603] Apple macOS up to 10.12.3 Apache denial of service
10062| [98602] Apple macOS up to 10.12.3 Apache denial of service
10063| [98601] Apple macOS up to 10.12.3 Apache denial of service
10064| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
10065| [98405] Apache Hadoop up to 0.23.10 privilege escalation
10066| [98199] Apache Camel Validation XML External Entity
10067| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
10068| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
10069| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
10070| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
10071| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
10072| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
10073| [97081] Apache Tomcat HTTPS Request denial of service
10074| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
10075| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
10076| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
10077| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
10078| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
10079| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
10080| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
10081| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
10082| [95311] Apache Storm UI Daemon privilege escalation
10083| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
10084| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
10085| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
10086| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
10087| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
10088| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
10089| [94540] Apache Tika 1.9 tika-server File information disclosure
10090| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
10091| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
10092| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
10093| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
10094| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
10095| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
10096| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10097| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
10098| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
10099| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
10100| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
10101| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
10102| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
10103| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
10104| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10105| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
10106| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
10107| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
10108| [93532] Apache Commons Collections Library Java privilege escalation
10109| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
10110| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
10111| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
10112| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
10113| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
10114| [93098] Apache Commons FileUpload privilege escalation
10115| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
10116| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
10117| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
10118| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
10119| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
10120| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
10121| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
10122| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
10123| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
10124| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
10125| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
10126| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
10127| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
10128| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
10129| [92549] Apache Tomcat on Red Hat privilege escalation
10130| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
10131| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
10132| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
10133| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
10134| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
10135| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
10136| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
10137| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
10138| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
10139| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
10140| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
10141| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
10142| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
10143| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
10144| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
10145| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
10146| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
10147| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
10148| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
10149| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
10150| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
10151| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
10152| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
10153| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
10154| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
10155| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
10156| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
10157| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
10158| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
10159| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
10160| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
10161| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
10162| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
10163| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
10164| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
10165| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
10166| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
10167| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
10168| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
10169| [90263] Apache Archiva Header denial of service
10170| [90262] Apache Archiva Deserialize privilege escalation
10171| [90261] Apache Archiva XML DTD Connection privilege escalation
10172| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
10173| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
10174| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
10175| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
10176| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10177| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
10178| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
10179| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
10180| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
10181| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
10182| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
10183| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
10184| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
10185| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
10186| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
10187| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
10188| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
10189| [87765] Apache James Server 2.3.2 Command privilege escalation
10190| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
10191| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
10192| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
10193| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
10194| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
10195| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
10196| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
10197| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
10198| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
10199| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10200| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10201| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
10202| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
10203| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
10204| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10205| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
10206| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
10207| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
10208| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
10209| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
10210| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
10211| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
10212| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
10213| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
10214| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
10215| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
10216| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
10217| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
10218| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
10219| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
10220| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
10221| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
10222| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
10223| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
10224| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
10225| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
10226| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
10227| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
10228| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
10229| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
10230| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
10231| [82076] Apache Ranger up to 0.5.1 privilege escalation
10232| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
10233| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
10234| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
10235| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
10236| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
10237| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
10238| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
10239| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
10240| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
10241| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
10242| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
10243| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
10244| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10245| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
10246| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
10247| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
10248| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
10249| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
10250| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
10251| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
10252| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
10253| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
10254| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
10255| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
10256| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
10257| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
10258| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
10259| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
10260| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
10261| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
10262| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
10263| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
10264| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
10265| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
10266| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
10267| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
10268| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
10269| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
10270| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
10271| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
10272| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
10273| [79791] Cisco Products Apache Commons Collections Library privilege escalation
10274| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10275| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
10276| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
10277| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
10278| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
10279| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
10280| [78989] Apache Ambari up to 2.1.1 Open Redirect
10281| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
10282| [78987] Apache Ambari up to 2.0.x cross site scripting
10283| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
10284| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10285| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
10286| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10287| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10288| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10289| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10290| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
10291| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
10292| [77406] Apache Flex BlazeDS AMF Message XML External Entity
10293| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
10294| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
10295| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
10296| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
10297| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
10298| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
10299| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
10300| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
10301| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
10302| [76567] Apache Struts 2.3.20 unknown vulnerability
10303| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
10304| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
10305| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
10306| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
10307| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
10308| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
10309| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
10310| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
10311| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
10312| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
10313| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
10314| [74793] Apache Tomcat File Upload denial of service
10315| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
10316| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
10317| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
10318| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
10319| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
10320| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
10321| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
10322| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
10323| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
10324| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
10325| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
10326| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
10327| [74468] Apache Batik up to 1.6 denial of service
10328| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
10329| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
10330| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
10331| [74174] Apache WSS4J up to 2.0.0 privilege escalation
10332| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
10333| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
10334| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
10335| [73731] Apache XML Security unknown vulnerability
10336| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
10337| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
10338| [73593] Apache Traffic Server up to 5.1.0 denial of service
10339| [73511] Apache POI up to 3.10 Deadlock denial of service
10340| [73510] Apache Solr up to 4.3.0 cross site scripting
10341| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
10342| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
10343| [73173] Apache CloudStack Stack-Based unknown vulnerability
10344| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
10345| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
10346| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
10347| [72890] Apache Qpid 0.30 unknown vulnerability
10348| [72887] Apache Hive 0.13.0 File Permission privilege escalation
10349| [72878] Apache Cordova 3.5.0 cross site request forgery
10350| [72877] Apache Cordova 3.5.0 cross site request forgery
10351| [72876] Apache Cordova 3.5.0 cross site request forgery
10352| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
10353| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
10354| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
10355| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
10356| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10357| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
10358| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
10359| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
10360| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
10361| [71629] Apache Axis2/C spoofing
10362| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
10363| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
10364| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
10365| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
10366| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
10367| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
10368| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
10369| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
10370| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
10371| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
10372| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
10373| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
10374| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
10375| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
10376| [70809] Apache POI up to 3.11 Crash denial of service
10377| [70808] Apache POI up to 3.10 unknown vulnerability
10378| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
10379| [70749] Apache Axis up to 1.4 getCN spoofing
10380| [70701] Apache Traffic Server up to 3.3.5 denial of service
10381| [70700] Apache OFBiz up to 12.04.03 cross site scripting
10382| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
10383| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
10384| [70661] Apache Subversion up to 1.6.17 denial of service
10385| [70660] Apache Subversion up to 1.6.17 spoofing
10386| [70659] Apache Subversion up to 1.6.17 spoofing
10387| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
10388| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
10389| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
10390| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
10391| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
10392| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
10393| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
10394| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
10395| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
10396| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
10397| [69846] Apache HBase up to 0.94.8 information disclosure
10398| [69783] Apache CouchDB up to 1.2.0 memory corruption
10399| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
10400| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
10401| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
10402| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
10403| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
10404| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
10405| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
10406| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
10407| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
10408| [69431] Apache Archiva up to 1.3.6 cross site scripting
10409| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
10410| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
10411| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
10412| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
10413| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
10414| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
10415| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
10416| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
10417| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
10418| [66739] Apache Camel up to 2.12.2 unknown vulnerability
10419| [66738] Apache Camel up to 2.12.2 unknown vulnerability
10420| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
10421| [66695] Apache CouchDB up to 1.2.0 cross site scripting
10422| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
10423| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
10424| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
10425| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
10426| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
10427| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
10428| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
10429| [66356] Apache Wicket up to 6.8.0 information disclosure
10430| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
10431| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
10432| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10433| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
10434| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
10435| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10436| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
10437| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
10438| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
10439| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
10440| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
10441| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
10442| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
10443| [65668] Apache Solr 4.0.0 Updater denial of service
10444| [65665] Apache Solr up to 4.3.0 denial of service
10445| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
10446| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
10447| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
10448| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
10449| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
10450| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
10451| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
10452| [65410] Apache Struts 2.3.15.3 cross site scripting
10453| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
10454| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
10455| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
10456| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
10457| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
10458| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
10459| [65340] Apache Shindig 2.5.0 information disclosure
10460| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
10461| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
10462| [10826] Apache Struts 2 File privilege escalation
10463| [65204] Apache Camel up to 2.10.1 unknown vulnerability
10464| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
10465| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
10466| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
10467| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
10468| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
10469| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
10470| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
10471| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
10472| [64722] Apache XML Security for C++ Heap-based memory corruption
10473| [64719] Apache XML Security for C++ Heap-based memory corruption
10474| [64718] Apache XML Security for C++ verify denial of service
10475| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
10476| [64716] Apache XML Security for C++ spoofing
10477| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10478| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10479| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10480| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10481| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10482| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10483| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10484| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10485| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10486| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10487| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10488| [64467] Apache Geronimo 3.0 memory corruption
10489| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10490| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10491| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10492| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10493| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10494| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10495| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10496| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10497| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10498| [8873] Apache Struts 2.3.14 privilege escalation
10499| [8872] Apache Struts 2.3.14 privilege escalation
10500| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10501| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10502| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10503| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10504| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10505| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10506| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10507| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10508| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10509| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10510| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10511| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10512| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10513| [8427] Apache Tomcat Session Transaction weak authentication
10514| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10515| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10516| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10517| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10518| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10519| [63747] Apache Rave up to 0.20 User Account information disclosure
10520| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10521| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10522| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10523| [7687] Apache CXF up to 2.7.2 Token weak authentication
10524| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10525| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10526| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10527| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10528| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10529| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10530| [63090] Apache Tomcat up to 4.1.24 denial of service
10531| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10532| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10533| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10534| [62833] Apache CXF -/2.6.0 spoofing
10535| [62832] Apache Axis2 up to 1.6.2 spoofing
10536| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10537| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10538| [62826] Apache Libcloud up to 0.11.0 spoofing
10539| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10540| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10541| [62661] Apache Axis2 unknown vulnerability
10542| [62658] Apache Axis2 unknown vulnerability
10543| [62467] Apache Qpid up to 0.17 denial of service
10544| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10545| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10546| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10547| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10548| [62035] Apache Struts up to 2.3.4 denial of service
10549| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
10550| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10551| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10552| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10553| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10554| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10555| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10556| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10557| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10558| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10559| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10560| [61229] Apache Sling up to 2.1.1 denial of service
10561| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10562| [61094] Apache Roller up to 5.0 cross site scripting
10563| [61093] Apache Roller up to 5.0 cross site request forgery
10564| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10565| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10566| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
10567| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10568| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10569| [60708] Apache Qpid 0.12 unknown vulnerability
10570| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10571| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10572| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10573| [4882] Apache Wicket up to 1.5.4 directory traversal
10574| [4881] Apache Wicket up to 1.4.19 cross site scripting
10575| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10576| [60352] Apache Struts up to 2.2.3 memory corruption
10577| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10578| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10579| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10580| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10581| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10582| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10583| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10584| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10585| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10586| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10587| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10588| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10589| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10590| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10591| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10592| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10593| [59888] Apache Tomcat up to 6.0.6 denial of service
10594| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10595| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10596| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
10597| [59850] Apache Geronimo up to 2.2.1 denial of service
10598| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10599| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10600| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10601| [58413] Apache Tomcat up to 6.0.10 spoofing
10602| [58381] Apache Wicket up to 1.4.17 cross site scripting
10603| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10604| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10605| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10606| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10607| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10608| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10609| [57568] Apache Archiva up to 1.3.4 cross site scripting
10610| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10611| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10612| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10613| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10614| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10615| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10616| [57025] Apache Tomcat up to 7.0.11 information disclosure
10617| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10618| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10619| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10620| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10621| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10622| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10623| [56512] Apache Continuum up to 1.4.0 cross site scripting
10624| [4285] Apache Tomcat 5.x JVM getLocale denial of service
10625| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
10626| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10627| [56441] Apache Tomcat up to 7.0.6 denial of service
10628| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10629| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10630| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10631| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10632| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10633| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10634| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10635| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10636| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10637| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10638| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10639| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10640| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10641| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10642| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10643| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10644| [54012] Apache Tomcat up to 6.0.10 denial of service
10645| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10646| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10647| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10648| [52894] Apache Tomcat up to 6.0.7 information disclosure
10649| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10650| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10651| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10652| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10653| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10654| [52584] Apache CouchDB up to 0.10.1 information disclosure
10655| [51757] Apache HTTP Server 2.0.44 cross site scripting
10656| [51756] Apache HTTP Server 2.0.44 spoofing
10657| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10658| [51690] Apache Tomcat up to 6.0 directory traversal
10659| [51689] Apache Tomcat up to 6.0 information disclosure
10660| [51688] Apache Tomcat up to 6.0 directory traversal
10661| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10662| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10663| [50626] Apache Solr 1.0.0 cross site scripting
10664| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10665| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10666| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10667| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10668| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10669| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10670| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10671| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10672| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10673| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10674| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10675| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10676| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10677| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10678| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10679| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10680| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10681| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10682| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10683| [47214] Apachefriends xampp 1.6.8 spoofing
10684| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10685| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10686| [47065] Apache Tomcat 4.1.23 cross site scripting
10687| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10688| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10689| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10690| [86625] Apache Struts directory traversal
10691| [44461] Apache Tomcat up to 5.5.0 information disclosure
10692| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10693| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10694| [43663] Apache Tomcat up to 6.0.16 directory traversal
10695| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10696| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10697| [43516] Apache Tomcat up to 4.1.20 directory traversal
10698| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10699| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10700| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10701| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10702| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10703| [40924] Apache Tomcat up to 6.0.15 information disclosure
10704| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10705| [40922] Apache Tomcat up to 6.0 information disclosure
10706| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10707| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10708| [40656] Apache Tomcat 5.5.20 information disclosure
10709| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10710| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10711| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10712| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10713| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10714| [40234] Apache Tomcat up to 6.0.15 directory traversal
10715| [40221] Apache HTTP Server 2.2.6 information disclosure
10716| [40027] David Castro Apache Authcas 0.4 sql injection
10717| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
10718| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10719| [3414] Apache Tomcat WebDAV Stored privilege escalation
10720| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10721| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10722| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10723| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10724| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10725| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10726| [38524] Apache Geronimo 2.0 unknown vulnerability
10727| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10728| [38331] Apache Tomcat 4.1.24 information disclosure
10729| [38330] Apache Tomcat 4.1.24 information disclosure
10730| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10731| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10732| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10733| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10734| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10735| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10736| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10737| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10738| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10739| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10740| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10741| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10742| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10743| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10744| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10745| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10746| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10747| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10748| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10749| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10750| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10751| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10752| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10753| [34252] Apache HTTP Server denial of service
10754| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10755| [33877] Apache Opentaps 0.9.3 cross site scripting
10756| [33876] Apache Open For Business Project unknown vulnerability
10757| [33875] Apache Open For Business Project cross site scripting
10758| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
10759| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10760|
10761| MITRE CVE - https://cve.mitre.org:
10762| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10763| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10764| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10765| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10766| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10767| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10768| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10769| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10770| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10771| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10772| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10773| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10774| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10775| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10776| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10777| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10778| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10779| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10780| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10781| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10782| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10783| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10784| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10785| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10786| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10787| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10788| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10789| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10790| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10791| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10792| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10793| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10794| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10795| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10796| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10797| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10798| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10799| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10800| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10801| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10802| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10803| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10804| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10805| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10806| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10807| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10808| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10809| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10810| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10811| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10812| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10813| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10814| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10815| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10816| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10817| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10818| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10819| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10820| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10821| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10822| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10823| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10824| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10825| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10826| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10827| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10828| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10829| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10830| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10831| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10832| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10833| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
10834| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
10835| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
10836| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
10837| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
10838| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
10839| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
10840| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
10841| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
10842| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
10843| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10844| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
10845| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
10846| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
10847| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
10848| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
10849| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
10850| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
10851| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
10852| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
10853| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
10854| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
10855| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
10856| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
10857| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
10858| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
10859| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
10860| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
10861| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
10862| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
10863| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
10864| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
10865| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
10866| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
10867| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
10868| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
10869| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
10870| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
10871| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
10872| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
10873| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
10874| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
10875| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
10876| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
10877| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
10878| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
10879| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
10880| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
10881| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
10882| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
10883| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
10884| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
10885| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
10886| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10887| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10888| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
10889| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
10890| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
10891| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
10892| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
10893| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
10894| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
10895| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
10896| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
10897| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
10898| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
10899| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
10900| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
10901| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
10902| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
10903| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
10904| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10905| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10906| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10907| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10908| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10909| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10910| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10911| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10912| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10913| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10914| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10915| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10916| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10917| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10918| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10919| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10920| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10921| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10922| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10923| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10924| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10925| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10926| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10927| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10928| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10929| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10930| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10931| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10932| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10933| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10934| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10935| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10936| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10937| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10938| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10939| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10940| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10941| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10942| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10943| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10944| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10945| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10946| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10947| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10948| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10949| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10950| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10951| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10952| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10953| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10954| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10955| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10956| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10957| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10958| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10959| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10960| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10961| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10962| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10963| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10964| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10965| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10966| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10967| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10968| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10969| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10970| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10971| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10972| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10973| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10974| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10975| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10976| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10977| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10978| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10979| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10980| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10981| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10982| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10983| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10984| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10985| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10986| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10987| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10988| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10989| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10990| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10991| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10992| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10993| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10994| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10995| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10996| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10997| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10998| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10999| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
11000| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
11001| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
11002| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
11003| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
11004| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
11005| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
11006| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
11007| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
11008| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
11009| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
11010| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
11011| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
11012| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
11013| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
11014| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
11015| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
11016| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
11017| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
11018| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
11019| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
11020| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
11021| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
11022| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
11023| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
11024| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
11025| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
11026| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
11027| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
11028| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
11029| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
11030| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
11031| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11032| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
11033| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
11034| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
11035| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
11036| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
11037| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
11038| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
11039| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
11040| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
11041| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
11042| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
11043| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
11044| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
11045| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
11046| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
11047| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
11048| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
11049| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
11050| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
11051| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
11052| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
11053| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
11054| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
11055| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11056| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
11057| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
11058| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
11059| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
11060| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
11061| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
11062| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
11063| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
11064| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
11065| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
11066| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
11067| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11068| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11069| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
11070| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
11071| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
11072| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
11073| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
11074| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
11075| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
11076| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
11077| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
11078| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
11079| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
11080| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
11081| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11082| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
11083| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
11084| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
11085| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
11086| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
11087| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
11088| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
11089| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
11090| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
11091| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
11092| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
11093| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
11094| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
11095| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
11096| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
11097| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
11098| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
11099| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
11100| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
11101| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
11102| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
11103| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
11104| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
11105| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
11106| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
11107| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
11108| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
11109| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11110| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
11111| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
11112| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
11113| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
11114| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11115| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
11116| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
11117| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
11118| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
11119| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
11120| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
11121| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
11122| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
11123| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
11124| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
11125| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
11126| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
11127| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
11128| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11129| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11130| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
11131| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
11132| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
11133| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
11134| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
11135| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
11136| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
11137| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11138| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
11139| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
11140| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
11141| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
11142| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
11143| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11144| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
11145| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11146| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
11147| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
11148| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
11149| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
11150| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
11151| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
11152| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
11153| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
11154| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
11155| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
11156| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
11157| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
11158| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
11159| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
11160| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
11161| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
11162| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
11163| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
11164| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
11165| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
11166| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
11167| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
11168| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
11169| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
11170| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
11171| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
11172| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
11173| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
11174| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
11175| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
11176| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
11177| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
11178| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
11179| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11180| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
11181| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
11182| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
11183| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
11184| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
11185| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
11186| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
11187| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
11188| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
11189| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
11190| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
11191| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
11192| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
11193| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
11194| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
11195| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
11196| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
11197| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
11198| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
11199| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
11200| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
11201| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
11202| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
11203| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
11204| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11205| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
11206| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11207| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
11208| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
11209| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
11210| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
11211| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
11212| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
11213| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
11214| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
11215| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
11216| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
11217| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
11218| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
11219| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
11220| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
11221| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
11222| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11223| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
11224| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
11225| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
11226| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
11227| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
11228| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
11229| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
11230| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
11231| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
11232| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
11233| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
11234| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
11235| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
11236| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
11237| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
11238| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
11239| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
11240| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
11241| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
11242| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
11243| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
11244| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
11245| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
11246| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
11247| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
11248| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
11249| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11250| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
11251| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
11252| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
11253| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
11254| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
11255| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
11256| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
11257| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
11258| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
11259| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
11260| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
11261| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
11262| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
11263| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
11264| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
11265| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
11266| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
11267| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
11268| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
11269| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
11270| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
11271| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
11272| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
11273| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
11274| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
11275| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
11276| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
11277| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
11278| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
11279| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
11280| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
11281| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
11282| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
11283| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
11284| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
11285| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
11286| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
11287| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
11288| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
11289| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
11290| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
11291| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
11292| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
11293| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
11294| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
11295| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
11296| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
11297| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
11298| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
11299| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
11300| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
11301| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
11302| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
11303| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
11304| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
11305| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
11306| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
11307| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
11308| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
11309| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
11310| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
11311| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
11312| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
11313| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
11314| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
11315| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
11316| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
11317| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
11318| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
11319| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
11320| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
11321| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
11322| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
11323| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
11324| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
11325| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
11326| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
11327| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
11328| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
11329| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
11330| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
11331| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
11332| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
11333| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
11334| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
11335| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
11336| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
11337| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
11338| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
11339| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
11340| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
11341| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
11342| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
11343| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
11344| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
11345| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
11346| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
11347| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
11348| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
11349| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
11350| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
11351| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
11352| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
11353| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
11354| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
11355| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
11356| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
11357| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
11358| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11359| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
11360| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
11361| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
11362| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
11363| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
11364| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
11365| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
11366| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
11367| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
11368| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
11369| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
11370| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
11371|
11372| SecurityFocus - https://www.securityfocus.com/bid/:
11373| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
11374| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
11375| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
11376| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
11377| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
11378| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
11379| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
11380| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
11381| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
11382| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
11383| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
11384| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
11385| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
11386| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
11387| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
11388| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
11389| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
11390| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
11391| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
11392| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
11393| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
11394| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
11395| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
11396| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
11397| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
11398| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
11399| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
11400| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
11401| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
11402| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
11403| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
11404| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
11405| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
11406| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
11407| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
11408| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
11409| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
11410| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
11411| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
11412| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
11413| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
11414| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
11415| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
11416| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
11417| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
11418| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
11419| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
11420| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
11421| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
11422| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
11423| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
11424| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
11425| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
11426| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
11427| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
11428| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
11429| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
11430| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
11431| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
11432| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
11433| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
11434| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
11435| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
11436| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
11437| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
11438| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
11439| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
11440| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
11441| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
11442| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
11443| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
11444| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
11445| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
11446| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
11447| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
11448| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
11449| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
11450| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
11451| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
11452| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
11453| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
11454| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
11455| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
11456| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
11457| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
11458| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
11459| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
11460| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
11461| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
11462| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
11463| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
11464| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
11465| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
11466| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
11467| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
11468| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
11469| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
11470| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
11471| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
11472| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
11473| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
11474| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
11475| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
11476| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11477| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11478| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11479| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11480| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11481| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11482| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11483| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11484| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11485| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11486| [100447] Apache2Triad Multiple Security Vulnerabilities
11487| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11488| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11489| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11490| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11491| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11492| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11493| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11494| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11495| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11496| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11497| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11498| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11499| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11500| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11501| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11502| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11503| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11504| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11505| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11506| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11507| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11508| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11509| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11510| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11511| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11512| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11513| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11514| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11515| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11516| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11517| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11518| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11519| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11520| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11521| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11522| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11523| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11524| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11525| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11526| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11527| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11528| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11529| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11530| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11531| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11532| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11533| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11534| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11535| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11536| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11537| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11538| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11539| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11540| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11541| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11542| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11543| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11544| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11545| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11546| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11547| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11548| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11549| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11550| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11551| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11552| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11553| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11554| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11555| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11556| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11557| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11558| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11559| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11560| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11561| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11562| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11563| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11564| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11565| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11566| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11567| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11568| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11569| [95675] Apache Struts Remote Code Execution Vulnerability
11570| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11571| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11572| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11573| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11574| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11575| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11576| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11577| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11578| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11579| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11580| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11581| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11582| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11583| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11584| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11585| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11586| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11587| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11588| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11589| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11590| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11591| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11592| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11593| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11594| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11595| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11596| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11597| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11598| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11599| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11600| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11601| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11602| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11603| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11604| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11605| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11606| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11607| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11608| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11609| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11610| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11611| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11612| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11613| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11614| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11615| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11616| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11617| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11618| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11619| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11620| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11621| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11622| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11623| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11624| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11625| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11626| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11627| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11628| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11629| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11630| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11631| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11632| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11633| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11634| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11635| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11636| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11637| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11638| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11639| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11640| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11641| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11642| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11643| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11644| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11645| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11646| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11647| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11648| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11649| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11650| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11651| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11652| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11653| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11654| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11655| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11656| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11657| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11658| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11659| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11660| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11661| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11662| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11663| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11664| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11665| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11666| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11667| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11668| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11669| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11670| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11671| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11672| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11673| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11674| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11675| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11676| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11677| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11678| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11679| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11680| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11681| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11682| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11683| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11684| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11685| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11686| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11687| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11688| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11689| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11690| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11691| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11692| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11693| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11694| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11695| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11696| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11697| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11698| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11699| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11700| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11701| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11702| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11703| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11704| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11705| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11706| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11707| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11708| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11709| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11710| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11711| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11712| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11713| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11714| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11715| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11716| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11717| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11718| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11719| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11720| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11721| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11722| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11723| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11724| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11725| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11726| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11727| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11728| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11729| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11730| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11731| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11732| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11733| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11734| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11735| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11736| [76933] Apache James Server Unspecified Command Execution Vulnerability
11737| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11738| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11739| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11740| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11741| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11742| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11743| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11744| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11745| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11746| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11747| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11748| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11749| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11750| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11751| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11752| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11753| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11754| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11755| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11756| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11757| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11758| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11759| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11760| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11761| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11762| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11763| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11764| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11765| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11766| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11767| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11768| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11769| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11770| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11771| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11772| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11773| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11774| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11775| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11776| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11777| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11778| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11779| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11780| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11781| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11782| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11783| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11784| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11785| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11786| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11787| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11788| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11789| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11790| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11791| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11792| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11793| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11794| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11795| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11796| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11797| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11798| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11799| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11800| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11801| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11802| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11803| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11804| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11805| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11806| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11807| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11808| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11809| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11810| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11811| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11812| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11813| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11814| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11815| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11816| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11817| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11818| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11819| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11820| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11821| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11822| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11823| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11824| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11825| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11826| [68229] Apache Harmony PRNG Entropy Weakness
11827| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11828| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11829| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11830| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11831| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11832| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11833| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
11834| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
11835| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
11836| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
11837| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
11838| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
11839| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
11840| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
11841| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
11842| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
11843| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
11844| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
11845| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
11846| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
11847| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
11848| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
11849| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
11850| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
11851| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
11852| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
11853| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
11854| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
11855| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
11856| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
11857| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
11858| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
11859| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
11860| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
11861| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
11862| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
11863| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
11864| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
11865| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
11866| [64780] Apache CloudStack Unauthorized Access Vulnerability
11867| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
11868| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
11869| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
11870| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
11871| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
11872| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
11873| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
11874| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
11875| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
11876| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
11877| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
11878| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11879| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
11880| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
11881| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
11882| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
11883| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
11884| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
11885| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
11886| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
11887| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
11888| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
11889| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
11890| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
11891| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
11892| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
11893| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
11894| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
11895| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
11896| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
11897| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
11898| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
11899| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
11900| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
11901| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
11902| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
11903| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
11904| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11905| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11906| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11907| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11908| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11909| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11910| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11911| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11912| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11913| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11914| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11915| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11916| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11917| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11918| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11919| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11920| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11921| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11922| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11923| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11924| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11925| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11926| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11927| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11928| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11929| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11930| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11931| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11932| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11933| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11934| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11935| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11936| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11937| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11938| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11939| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11940| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11941| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11942| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11943| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11944| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11945| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11946| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11947| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11948| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11949| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11950| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11951| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11952| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11953| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11954| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11955| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11956| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11957| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11958| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11959| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11960| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11961| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11962| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11963| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11964| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11965| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11966| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11967| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11968| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11969| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11970| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11971| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11972| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11973| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11974| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11975| [54798] Apache Libcloud Man In The Middle Vulnerability
11976| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11977| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11978| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11979| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11980| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11981| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11982| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11983| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11984| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11985| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11986| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11987| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11988| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11989| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11990| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11991| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11992| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11993| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11994| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11995| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11996| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11997| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11998| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11999| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
12000| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
12001| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
12002| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12003| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12004| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
12005| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
12006| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
12007| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
12008| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
12009| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
12010| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
12011| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12012| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
12013| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
12014| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
12015| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
12016| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
12017| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12018| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
12019| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
12020| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12021| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
12022| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
12023| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
12024| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
12025| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
12026| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
12027| [49290] Apache Wicket Cross Site Scripting Vulnerability
12028| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
12029| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
12030| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
12031| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
12032| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
12033| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
12034| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
12035| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12036| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
12037| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
12038| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
12039| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
12040| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
12041| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
12042| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
12043| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
12044| [46953] Apache MPM-ITK Module Security Weakness
12045| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
12046| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
12047| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
12048| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
12049| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
12050| [46166] Apache Tomcat JVM Denial of Service Vulnerability
12051| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
12052| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12053| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
12054| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
12055| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
12056| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
12057| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
12058| [44616] Apache Shiro Directory Traversal Vulnerability
12059| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
12060| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
12061| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
12062| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
12063| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
12064| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12065| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
12066| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
12067| [42492] Apache CXF XML DTD Processing Security Vulnerability
12068| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
12069| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12070| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12071| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
12072| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
12073| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12074| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
12075| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
12076| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
12077| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12078| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12079| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
12080| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
12081| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
12082| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
12083| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
12084| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
12085| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
12086| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
12087| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
12088| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
12089| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
12090| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
12091| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
12092| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
12093| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
12094| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
12095| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
12096| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
12097| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
12098| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12099| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
12100| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
12101| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
12102| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
12103| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12104| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
12105| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
12106| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
12107| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
12108| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
12109| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12110| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
12111| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
12112| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
12113| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
12114| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
12115| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
12116| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
12117| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12118| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
12119| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
12120| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12121| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
12122| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
12123| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
12124| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
12125| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
12126| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
12127| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
12128| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
12129| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
12130| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
12131| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
12132| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
12133| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
12134| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
12135| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
12136| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
12137| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
12138| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12139| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
12140| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12141| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
12142| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
12143| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
12144| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
12145| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
12146| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12147| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
12148| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
12149| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
12150| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
12151| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
12152| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
12153| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
12154| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
12155| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
12156| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
12157| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
12158| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
12159| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
12160| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
12161| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
12162| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
12163| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
12164| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
12165| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
12166| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
12167| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
12168| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
12169| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
12170| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12171| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
12172| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
12173| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
12174| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
12175| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
12176| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
12177| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
12178| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
12179| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
12180| [20527] Apache Mod_TCL Remote Format String Vulnerability
12181| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
12182| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
12183| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
12184| [19106] Apache Tomcat Information Disclosure Vulnerability
12185| [18138] Apache James SMTP Denial Of Service Vulnerability
12186| [17342] Apache Struts Multiple Remote Vulnerabilities
12187| [17095] Apache Log4Net Denial Of Service Vulnerability
12188| [16916] Apache mod_python FileSession Code Execution Vulnerability
12189| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
12190| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
12191| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
12192| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
12193| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
12194| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
12195| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
12196| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
12197| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
12198| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
12199| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
12200| [15177] PHP Apache 2 Local Denial of Service Vulnerability
12201| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
12202| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
12203| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
12204| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
12205| [14106] Apache HTTP Request Smuggling Vulnerability
12206| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
12207| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
12208| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
12209| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
12210| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
12211| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
12212| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
12213| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
12214| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
12215| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
12216| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
12217| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
12218| [11471] Apache mod_include Local Buffer Overflow Vulnerability
12219| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
12220| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
12221| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
12222| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
12223| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12224| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
12225| [11094] Apache mod_ssl Denial Of Service Vulnerability
12226| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
12227| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
12228| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
12229| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
12230| [10478] ClueCentral Apache Suexec Patch Security Weakness
12231| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
12232| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
12233| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
12234| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
12235| [9921] Apache Connection Blocking Denial Of Service Vulnerability
12236| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
12237| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
12238| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
12239| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
12240| [9733] Apache Cygwin Directory Traversal Vulnerability
12241| [9599] Apache mod_php Global Variables Information Disclosure Weakness
12242| [9590] Apache-SSL Client Certificate Forging Vulnerability
12243| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
12244| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
12245| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
12246| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
12247| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
12248| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
12249| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
12250| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
12251| [8898] Red Hat Apache Directory Index Default Configuration Error
12252| [8883] Apache Cocoon Directory Traversal Vulnerability
12253| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
12254| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
12255| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
12256| [8707] Apache htpasswd Password Entropy Weakness
12257| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
12258| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
12259| [8226] Apache HTTP Server Multiple Vulnerabilities
12260| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
12261| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
12262| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
12263| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
12264| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
12265| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
12266| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
12267| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
12268| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
12269| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
12270| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
12271| [7255] Apache Web Server File Descriptor Leakage Vulnerability
12272| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12273| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
12274| [6939] Apache Web Server ETag Header Information Disclosure Weakness
12275| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
12276| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
12277| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
12278| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
12279| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
12280| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
12281| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
12282| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
12283| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
12284| [6117] Apache mod_php File Descriptor Leakage Vulnerability
12285| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
12286| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
12287| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
12288| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
12289| [5992] Apache HTDigest Insecure Temporary File Vulnerability
12290| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
12291| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
12292| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
12293| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
12294| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
12295| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12296| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
12297| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
12298| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
12299| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
12300| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12301| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
12302| [5485] Apache 2.0 Path Disclosure Vulnerability
12303| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12304| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
12305| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
12306| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
12307| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
12308| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
12309| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
12310| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
12311| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
12312| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
12313| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
12314| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
12315| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
12316| [4437] Apache Error Message Cross-Site Scripting Vulnerability
12317| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
12318| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
12319| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
12320| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
12321| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
12322| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
12323| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
12324| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
12325| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
12326| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
12327| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
12328| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
12329| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
12330| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
12331| [3596] Apache Split-Logfile File Append Vulnerability
12332| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
12333| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
12334| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
12335| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
12336| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
12337| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
12338| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
12339| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
12340| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
12341| [3169] Apache Server Address Disclosure Vulnerability
12342| [3009] Apache Possible Directory Index Disclosure Vulnerability
12343| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
12344| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
12345| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
12346| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
12347| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
12348| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
12349| [2216] Apache Web Server DoS Vulnerability
12350| [2182] Apache /tmp File Race Vulnerability
12351| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
12352| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
12353| [1821] Apache mod_cookies Buffer Overflow Vulnerability
12354| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
12355| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
12356| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
12357| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
12358| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
12359| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12360| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
12361| [1457] Apache::ASP source.asp Example Script Vulnerability
12362| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
12363| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
12364|
12365| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12366| [86258] Apache CloudStack text fields cross-site scripting
12367| [85983] Apache Subversion mod_dav_svn module denial of service
12368| [85875] Apache OFBiz UEL code execution
12369| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
12370| [85871] Apache HTTP Server mod_session_dbd unspecified
12371| [85756] Apache Struts OGNL expression command execution
12372| [85755] Apache Struts DefaultActionMapper class open redirect
12373| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
12374| [85574] Apache HTTP Server mod_dav denial of service
12375| [85573] Apache Struts Showcase App OGNL code execution
12376| [85496] Apache CXF denial of service
12377| [85423] Apache Geronimo RMI classloader code execution
12378| [85326] Apache Santuario XML Security for C++ buffer overflow
12379| [85323] Apache Santuario XML Security for Java spoofing
12380| [85319] Apache Qpid Python client SSL spoofing
12381| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
12382| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
12383| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
12384| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
12385| [84952] Apache Tomcat CVE-2012-3544 denial of service
12386| [84763] Apache Struts CVE-2013-2135 security bypass
12387| [84762] Apache Struts CVE-2013-2134 security bypass
12388| [84719] Apache Subversion CVE-2013-2088 command execution
12389| [84718] Apache Subversion CVE-2013-2112 denial of service
12390| [84717] Apache Subversion CVE-2013-1968 denial of service
12391| [84577] Apache Tomcat security bypass
12392| [84576] Apache Tomcat symlink
12393| [84543] Apache Struts CVE-2013-2115 security bypass
12394| [84542] Apache Struts CVE-2013-1966 security bypass
12395| [84154] Apache Tomcat session hijacking
12396| [84144] Apache Tomcat denial of service
12397| [84143] Apache Tomcat information disclosure
12398| [84111] Apache HTTP Server command execution
12399| [84043] Apache Virtual Computing Lab cross-site scripting
12400| [84042] Apache Virtual Computing Lab cross-site scripting
12401| [83782] Apache CloudStack information disclosure
12402| [83781] Apache CloudStack security bypass
12403| [83720] Apache ActiveMQ cross-site scripting
12404| [83719] Apache ActiveMQ denial of service
12405| [83718] Apache ActiveMQ denial of service
12406| [83263] Apache Subversion denial of service
12407| [83262] Apache Subversion denial of service
12408| [83261] Apache Subversion denial of service
12409| [83259] Apache Subversion denial of service
12410| [83035] Apache mod_ruid2 security bypass
12411| [82852] Apache Qpid federation_tag security bypass
12412| [82851] Apache Qpid qpid::framing::Buffer denial of service
12413| [82758] Apache Rave User RPC API information disclosure
12414| [82663] Apache Subversion svn_fs_file_length() denial of service
12415| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
12416| [82641] Apache Qpid AMQP denial of service
12417| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
12418| [82618] Apache Commons FileUpload symlink
12419| [82360] Apache HTTP Server manager interface cross-site scripting
12420| [82359] Apache HTTP Server hostnames cross-site scripting
12421| [82338] Apache Tomcat log/logdir information disclosure
12422| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
12423| [82268] Apache OpenJPA deserialization command execution
12424| [81981] Apache CXF UsernameTokens security bypass
12425| [81980] Apache CXF WS-Security security bypass
12426| [81398] Apache OFBiz cross-site scripting
12427| [81240] Apache CouchDB directory traversal
12428| [81226] Apache CouchDB JSONP code execution
12429| [81225] Apache CouchDB Futon user interface cross-site scripting
12430| [81211] Apache Axis2/C SSL spoofing
12431| [81167] Apache CloudStack DeployVM information disclosure
12432| [81166] Apache CloudStack AddHost API information disclosure
12433| [81165] Apache CloudStack createSSHKeyPair API information disclosure
12434| [80518] Apache Tomcat cross-site request forgery security bypass
12435| [80517] Apache Tomcat FormAuthenticator security bypass
12436| [80516] Apache Tomcat NIO denial of service
12437| [80408] Apache Tomcat replay-countermeasure security bypass
12438| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
12439| [80317] Apache Tomcat slowloris denial of service
12440| [79984] Apache Commons HttpClient SSL spoofing
12441| [79983] Apache CXF SSL spoofing
12442| [79830] Apache Axis2/Java SSL spoofing
12443| [79829] Apache Axis SSL spoofing
12444| [79809] Apache Tomcat DIGEST security bypass
12445| [79806] Apache Tomcat parseHeaders() denial of service
12446| [79540] Apache OFBiz unspecified
12447| [79487] Apache Axis2 SAML security bypass
12448| [79212] Apache Cloudstack code execution
12449| [78734] Apache CXF SOAP Action security bypass
12450| [78730] Apache Qpid broker denial of service
12451| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
12452| [78563] Apache mod_pagespeed module unspecified cross-site scripting
12453| [78562] Apache mod_pagespeed module security bypass
12454| [78454] Apache Axis2 security bypass
12455| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
12456| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
12457| [78321] Apache Wicket unspecified cross-site scripting
12458| [78183] Apache Struts parameters denial of service
12459| [78182] Apache Struts cross-site request forgery
12460| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
12461| [77987] mod_rpaf module for Apache denial of service
12462| [77958] Apache Struts skill name code execution
12463| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
12464| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
12465| [77568] Apache Qpid broker security bypass
12466| [77421] Apache Libcloud spoofing
12467| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
12468| [77046] Oracle Solaris Apache HTTP Server information disclosure
12469| [76837] Apache Hadoop information disclosure
12470| [76802] Apache Sling CopyFrom denial of service
12471| [76692] Apache Hadoop symlink
12472| [76535] Apache Roller console cross-site request forgery
12473| [76534] Apache Roller weblog cross-site scripting
12474| [76152] Apache CXF elements security bypass
12475| [76151] Apache CXF child policies security bypass
12476| [75983] MapServer for Windows Apache file include
12477| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12478| [75558] Apache POI denial of service
12479| [75545] PHP apache_request_headers() buffer overflow
12480| [75302] Apache Qpid SASL security bypass
12481| [75211] Debian GNU/Linux apache 2 cross-site scripting
12482| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12483| [74871] Apache OFBiz FlexibleStringExpander code execution
12484| [74870] Apache OFBiz multiple cross-site scripting
12485| [74750] Apache Hadoop unspecified spoofing
12486| [74319] Apache Struts XSLTResult.java file upload
12487| [74313] Apache Traffic Server header buffer overflow
12488| [74276] Apache Wicket directory traversal
12489| [74273] Apache Wicket unspecified cross-site scripting
12490| [74181] Apache HTTP Server mod_fcgid module denial of service
12491| [73690] Apache Struts OGNL code execution
12492| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12493| [73100] Apache MyFaces in directory traversal
12494| [73096] Apache APR hash denial of service
12495| [73052] Apache Struts name cross-site scripting
12496| [73030] Apache CXF UsernameToken security bypass
12497| [72888] Apache Struts lastName cross-site scripting
12498| [72758] Apache HTTP Server httpOnly information disclosure
12499| [72757] Apache HTTP Server MPM denial of service
12500| [72585] Apache Struts ParameterInterceptor security bypass
12501| [72438] Apache Tomcat Digest security bypass
12502| [72437] Apache Tomcat Digest security bypass
12503| [72436] Apache Tomcat DIGEST security bypass
12504| [72425] Apache Tomcat parameter denial of service
12505| [72422] Apache Tomcat request object information disclosure
12506| [72377] Apache HTTP Server scoreboard security bypass
12507| [72345] Apache HTTP Server HTTP request denial of service
12508| [72229] Apache Struts ExceptionDelegator command execution
12509| [72089] Apache Struts ParameterInterceptor directory traversal
12510| [72088] Apache Struts CookieInterceptor command execution
12511| [72047] Apache Geronimo hash denial of service
12512| [72016] Apache Tomcat hash denial of service
12513| [71711] Apache Struts OGNL expression code execution
12514| [71654] Apache Struts interfaces security bypass
12515| [71620] Apache ActiveMQ failover denial of service
12516| [71617] Apache HTTP Server mod_proxy module information disclosure
12517| [71508] Apache MyFaces EL security bypass
12518| [71445] Apache HTTP Server mod_proxy security bypass
12519| [71203] Apache Tomcat servlets privilege escalation
12520| [71181] Apache HTTP Server ap_pregsub() denial of service
12521| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12522| [70336] Apache HTTP Server mod_proxy information disclosure
12523| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12524| [69472] Apache Tomcat AJP security bypass
12525| [69396] Apache HTTP Server ByteRange filter denial of service
12526| [69394] Apache Wicket multi window support cross-site scripting
12527| [69176] Apache Tomcat XML information disclosure
12528| [69161] Apache Tomcat jsvc information disclosure
12529| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12530| [68541] Apache Tomcat sendfile information disclosure
12531| [68420] Apache XML Security denial of service
12532| [68238] Apache Tomcat JMX information disclosure
12533| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12534| [67804] Apache Subversion control rules information disclosure
12535| [67803] Apache Subversion control rules denial of service
12536| [67802] Apache Subversion baselined denial of service
12537| [67672] Apache Archiva multiple cross-site scripting
12538| [67671] Apache Archiva multiple cross-site request forgery
12539| [67564] Apache APR apr_fnmatch() denial of service
12540| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12541| [67515] Apache Tomcat annotations security bypass
12542| [67480] Apache Struts s:submit information disclosure
12543| [67414] Apache APR apr_fnmatch() denial of service
12544| [67356] Apache Struts javatemplates cross-site scripting
12545| [67354] Apache Struts Xwork cross-site scripting
12546| [66676] Apache Tomcat HTTP BIO information disclosure
12547| [66675] Apache Tomcat web.xml security bypass
12548| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12549| [66241] Apache HttpComponents information disclosure
12550| [66154] Apache Tomcat ServletSecurity security bypass
12551| [65971] Apache Tomcat ServletSecurity security bypass
12552| [65876] Apache Subversion mod_dav_svn denial of service
12553| [65343] Apache Continuum unspecified cross-site scripting
12554| [65162] Apache Tomcat NIO connector denial of service
12555| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12556| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12557| [65159] Apache Tomcat ServletContect security bypass
12558| [65050] Apache CouchDB web-based administration UI cross-site scripting
12559| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12560| [64473] Apache Subversion blame -g denial of service
12561| [64472] Apache Subversion walk() denial of service
12562| [64407] Apache Axis2 CVE-2010-0219 code execution
12563| [63926] Apache Archiva password privilege escalation
12564| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12565| [63493] Apache Archiva credentials cross-site request forgery
12566| [63477] Apache Tomcat HttpOnly session hijacking
12567| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12568| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12569| [62959] Apache Shiro filters security bypass
12570| [62790] Apache Perl cgi module denial of service
12571| [62576] Apache Qpid exchange denial of service
12572| [62575] Apache Qpid AMQP denial of service
12573| [62354] Apache Qpid SSL denial of service
12574| [62235] Apache APR-util apr_brigade_split_line() denial of service
12575| [62181] Apache XML-RPC SAX Parser information disclosure
12576| [61721] Apache Traffic Server cache poisoning
12577| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12578| [61186] Apache CouchDB Futon cross-site request forgery
12579| [61169] Apache CXF DTD denial of service
12580| [61070] Apache Jackrabbit search.jsp SQL injection
12581| [61006] Apache SLMS Quoting cross-site request forgery
12582| [60962] Apache Tomcat time cross-site scripting
12583| [60883] Apache mod_proxy_http information disclosure
12584| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12585| [60264] Apache Tomcat Transfer-Encoding denial of service
12586| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12587| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12588| [59413] Apache mod_proxy_http timeout information disclosure
12589| [59058] Apache MyFaces unencrypted view state cross-site scripting
12590| [58827] Apache Axis2 xsd file include
12591| [58790] Apache Axis2 modules cross-site scripting
12592| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12593| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12594| [58056] Apache ActiveMQ .jsp source code disclosure
12595| [58055] Apache Tomcat realm name information disclosure
12596| [58046] Apache HTTP Server mod_auth_shadow security bypass
12597| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12598| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12599| [57429] Apache CouchDB algorithms information disclosure
12600| [57398] Apache ActiveMQ Web console cross-site request forgery
12601| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12602| [56653] Apache HTTP Server DNS spoofing
12603| [56652] Apache HTTP Server DNS cross-site scripting
12604| [56625] Apache HTTP Server request header information disclosure
12605| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12606| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12607| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12608| [55857] Apache Tomcat WAR files directory traversal
12609| [55856] Apache Tomcat autoDeploy attribute security bypass
12610| [55855] Apache Tomcat WAR directory traversal
12611| [55210] Intuit component for Joomla! Apache information disclosure
12612| [54533] Apache Tomcat 404 error page cross-site scripting
12613| [54182] Apache Tomcat admin default password
12614| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12615| [53666] Apache HTTP Server Solaris pollset support denial of service
12616| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12617| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12618| [53041] mod_proxy_ftp module for Apache denial of service
12619| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12620| [51953] Apache Tomcat Path Disclosure
12621| [51952] Apache Tomcat Path Traversal
12622| [51951] Apache stronghold-status Information Disclosure
12623| [51950] Apache stronghold-info Information Disclosure
12624| [51949] Apache PHP Source Code Disclosure
12625| [51948] Apache Multiviews Attack
12626| [51946] Apache JServ Environment Status Information Disclosure
12627| [51945] Apache error_log Information Disclosure
12628| [51944] Apache Default Installation Page Pattern Found
12629| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12630| [51942] Apache AXIS XML External Entity File Retrieval
12631| [51941] Apache AXIS Sample Servlet Information Leak
12632| [51940] Apache access_log Information Disclosure
12633| [51626] Apache mod_deflate denial of service
12634| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12635| [51365] Apache Tomcat RequestDispatcher security bypass
12636| [51273] Apache HTTP Server Incomplete Request denial of service
12637| [51195] Apache Tomcat XML information disclosure
12638| [50994] Apache APR-util xml/apr_xml.c denial of service
12639| [50993] Apache APR-util apr_brigade_vprintf denial of service
12640| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12641| [50930] Apache Tomcat j_security_check information disclosure
12642| [50928] Apache Tomcat AJP denial of service
12643| [50884] Apache HTTP Server XML ENTITY denial of service
12644| [50808] Apache HTTP Server AllowOverride privilege escalation
12645| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12646| [50059] Apache mod_proxy_ajp information disclosure
12647| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12648| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12649| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12650| [49921] Apache ActiveMQ Web interface cross-site scripting
12651| [49898] Apache Geronimo Services/Repository directory traversal
12652| [49725] Apache Tomcat mod_jk module information disclosure
12653| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12654| [49712] Apache Struts unspecified cross-site scripting
12655| [49213] Apache Tomcat cal2.jsp cross-site scripting
12656| [48934] Apache Tomcat POST doRead method information disclosure
12657| [48211] Apache Tomcat header HTTP request smuggling
12658| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12659| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12660| [47709] Apache Roller "
12661| [47104] Novell Netware ApacheAdmin console security bypass
12662| [47086] Apache HTTP Server OS fingerprinting unspecified
12663| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12664| [45791] Apache Tomcat RemoteFilterValve security bypass
12665| [44435] Oracle WebLogic Apache Connector buffer overflow
12666| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12667| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12668| [44156] Apache Tomcat RequestDispatcher directory traversal
12669| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12670| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12671| [42987] Apache HTTP Server mod_proxy module denial of service
12672| [42915] Apache Tomcat JSP files path disclosure
12673| [42914] Apache Tomcat MS-DOS path disclosure
12674| [42892] Apache Tomcat unspecified unauthorized access
12675| [42816] Apache Tomcat Host Manager cross-site scripting
12676| [42303] Apache 403 error cross-site scripting
12677| [41618] Apache-SSL ExpandCert() authentication bypass
12678| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12679| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12680| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12681| [40562] Apache Geronimo init information disclosure
12682| [40478] Novell Web Manager webadmin-apache.conf security bypass
12683| [40411] Apache Tomcat exception handling information disclosure
12684| [40409] Apache Tomcat native (APR based) connector weak security
12685| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12686| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12687| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12688| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12689| [39804] Apache Tomcat SingleSignOn information disclosure
12690| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12691| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12692| [39608] Apache HTTP Server balancer manager cross-site request forgery
12693| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12694| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12695| [39472] Apache HTTP Server mod_status cross-site scripting
12696| [39201] Apache Tomcat JULI logging weak security
12697| [39158] Apache HTTP Server Windows SMB shares information disclosure
12698| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12699| [38951] Apache::AuthCAS Perl module cookie SQL injection
12700| [38800] Apache HTTP Server 413 error page cross-site scripting
12701| [38211] Apache Geronimo SQLLoginModule authentication bypass
12702| [37243] Apache Tomcat WebDAV directory traversal
12703| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12704| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12705| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12706| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12707| [36782] Apache Geronimo MEJB unauthorized access
12708| [36586] Apache HTTP Server UTF-7 cross-site scripting
12709| [36468] Apache Geronimo LoginModule security bypass
12710| [36467] Apache Tomcat functions.jsp cross-site scripting
12711| [36402] Apache Tomcat calendar cross-site request forgery
12712| [36354] Apache HTTP Server mod_proxy module denial of service
12713| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12714| [36336] Apache Derby lock table privilege escalation
12715| [36335] Apache Derby schema privilege escalation
12716| [36006] Apache Tomcat "
12717| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12718| [35999] Apache Tomcat \"
12719| [35795] Apache Tomcat CookieExample cross-site scripting
12720| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12721| [35384] Apache HTTP Server mod_cache module denial of service
12722| [35097] Apache HTTP Server mod_status module cross-site scripting
12723| [35095] Apache HTTP Server Prefork MPM module denial of service
12724| [34984] Apache HTTP Server recall_headers information disclosure
12725| [34966] Apache HTTP Server MPM content spoofing
12726| [34965] Apache HTTP Server MPM information disclosure
12727| [34963] Apache HTTP Server MPM multiple denial of service
12728| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12729| [34869] Apache Tomcat JSP example Web application cross-site scripting
12730| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12731| [34496] Apache Tomcat JK Connector security bypass
12732| [34377] Apache Tomcat hello.jsp cross-site scripting
12733| [34212] Apache Tomcat SSL configuration security bypass
12734| [34210] Apache Tomcat Accept-Language cross-site scripting
12735| [34209] Apache Tomcat calendar application cross-site scripting
12736| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12737| [34167] Apache Axis WSDL file path disclosure
12738| [34068] Apache Tomcat AJP connector information disclosure
12739| [33584] Apache HTTP Server suEXEC privilege escalation
12740| [32988] Apache Tomcat proxy module directory traversal
12741| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12742| [32708] Debian Apache tty privilege escalation
12743| [32441] ApacheStats extract() PHP call unspecified
12744| [32128] Apache Tomcat default account
12745| [31680] Apache Tomcat RequestParamExample cross-site scripting
12746| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12747| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12748| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12749| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12750| [29550] Apache mod_tcl set_var() format string
12751| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12752| [28357] Apache HTTP Server mod_alias script source information disclosure
12753| [28063] Apache mod_rewrite off-by-one buffer overflow
12754| [27902] Apache Tomcat URL information disclosure
12755| [26786] Apache James SMTP server denial of service
12756| [25680] libapache2 /tmp/svn file upload
12757| [25614] Apache Struts lookupMap cross-site scripting
12758| [25613] Apache Struts ActionForm denial of service
12759| [25612] Apache Struts isCancelled() security bypass
12760| [24965] Apache mod_python FileSession command execution
12761| [24716] Apache James spooler memory leak denial of service
12762| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12763| [24158] Apache Geronimo jsp-examples cross-site scripting
12764| [24030] Apache auth_ldap module multiple format strings
12765| [24008] Apache mod_ssl custom error message denial of service
12766| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12767| [23612] Apache mod_imap referer field cross-site scripting
12768| [23173] Apache Struts error message cross-site scripting
12769| [22942] Apache Tomcat directory listing denial of service
12770| [22858] Apache Multi-Processing Module code allows denial of service
12771| [22602] RHSA-2005:582 updates for Apache httpd not installed
12772| [22520] Apache mod-auth-shadow "
12773| [22466] ApacheTop symlink
12774| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12775| [22006] Apache HTTP Server byte-range filter denial of service
12776| [21567] Apache mod_ssl off-by-one buffer overflow
12777| [21195] Apache HTTP Server header HTTP request smuggling
12778| [20383] Apache HTTP Server htdigest buffer overflow
12779| [19681] Apache Tomcat AJP12 request denial of service
12780| [18993] Apache HTTP server check_forensic symlink attack
12781| [18790] Apache Tomcat Manager cross-site scripting
12782| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12783| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12784| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12785| [17961] Apache Web server ServerTokens has not been set
12786| [17930] Apache HTTP Server HTTP GET request denial of service
12787| [17785] Apache mod_include module buffer overflow
12788| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12789| [17473] Apache HTTP Server Satisfy directive allows access to resources
12790| [17413] Apache htpasswd buffer overflow
12791| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12792| [17382] Apache HTTP Server IPv6 apr_util denial of service
12793| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12794| [17273] Apache HTTP Server speculative mode denial of service
12795| [17200] Apache HTTP Server mod_ssl denial of service
12796| [16890] Apache HTTP Server server-info request has been detected
12797| [16889] Apache HTTP Server server-status request has been detected
12798| [16705] Apache mod_ssl format string attack
12799| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12800| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12801| [16230] Apache HTTP Server PHP denial of service
12802| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12803| [15958] Apache HTTP Server authentication modules memory corruption
12804| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12805| [15540] Apache HTTP Server socket starvation denial of service
12806| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12807| [15422] Apache HTTP Server mod_access information disclosure
12808| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12809| [15293] Apache for Cygwin "
12810| [15065] Apache-SSL has a default password
12811| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12812| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12813| [14751] Apache Mod_python output filter information disclosure
12814| [14125] Apache HTTP Server mod_userdir module information disclosure
12815| [14075] Apache HTTP Server mod_php file descriptor leak
12816| [13703] Apache HTTP Server account
12817| [13689] Apache HTTP Server configuration allows symlinks
12818| [13688] Apache HTTP Server configuration allows SSI
12819| [13687] Apache HTTP Server Server: header value
12820| [13685] Apache HTTP Server ServerTokens value
12821| [13684] Apache HTTP Server ServerSignature value
12822| [13672] Apache HTTP Server config allows directory autoindexing
12823| [13671] Apache HTTP Server default content
12824| [13670] Apache HTTP Server config file directive references outside content root
12825| [13668] Apache HTTP Server httpd not running in chroot environment
12826| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12827| [13664] Apache HTTP Server config file contains ScriptAlias entry
12828| [13663] Apache HTTP Server CGI support modules loaded
12829| [13661] Apache HTTP Server config file contains AddHandler entry
12830| [13660] Apache HTTP Server 500 error page not CGI script
12831| [13659] Apache HTTP Server 413 error page not CGI script
12832| [13658] Apache HTTP Server 403 error page not CGI script
12833| [13657] Apache HTTP Server 401 error page not CGI script
12834| [13552] Apache HTTP Server mod_cgid module information disclosure
12835| [13550] Apache GET request directory traversal
12836| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
12837| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
12838| [13429] Apache Tomcat non-HTTP request denial of service
12839| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
12840| [13295] Apache weak password encryption
12841| [13254] Apache Tomcat .jsp cross-site scripting
12842| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
12843| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
12844| [12681] Apache HTTP Server mod_proxy could allow mail relaying
12845| [12662] Apache HTTP Server rotatelogs denial of service
12846| [12554] Apache Tomcat stores password in plain text
12847| [12553] Apache HTTP Server redirects and subrequests denial of service
12848| [12552] Apache HTTP Server FTP proxy server denial of service
12849| [12551] Apache HTTP Server prefork MPM denial of service
12850| [12550] Apache HTTP Server weaker than expected encryption
12851| [12549] Apache HTTP Server type-map file denial of service
12852| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
12853| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
12854| [12091] Apache HTTP Server apr_password_validate denial of service
12855| [12090] Apache HTTP Server apr_psprintf code execution
12856| [11804] Apache HTTP Server mod_access_referer denial of service
12857| [11750] Apache HTTP Server could leak sensitive file descriptors
12858| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
12859| [11703] Apache long slash path allows directory listing
12860| [11695] Apache HTTP Server LF (Line Feed) denial of service
12861| [11694] Apache HTTP Server filestat.c denial of service
12862| [11438] Apache HTTP Server MIME message boundaries information disclosure
12863| [11412] Apache HTTP Server error log terminal escape sequence injection
12864| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
12865| [11195] Apache Tomcat web.xml could be used to read files
12866| [11194] Apache Tomcat URL appended with a null character could list directories
12867| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
12868| [11126] Apache HTTP Server illegal character file disclosure
12869| [11125] Apache HTTP Server DOS device name HTTP POST code execution
12870| [11124] Apache HTTP Server DOS device name denial of service
12871| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
12872| [10938] Apache HTTP Server printenv test CGI cross-site scripting
12873| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
12874| [10575] Apache mod_php module could allow an attacker to take over the httpd process
12875| [10499] Apache HTTP Server WebDAV HTTP POST view source
12876| [10457] Apache HTTP Server mod_ssl "
12877| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
12878| [10414] Apache HTTP Server htdigest multiple buffer overflows
12879| [10413] Apache HTTP Server htdigest temporary file race condition
12880| [10412] Apache HTTP Server htpasswd temporary file race condition
12881| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
12882| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
12883| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
12884| [10280] Apache HTTP Server shared memory scorecard overwrite
12885| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
12886| [10241] Apache HTTP Server Host: header cross-site scripting
12887| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
12888| [10208] Apache HTTP Server mod_dav denial of service
12889| [10206] HP VVOS Apache mod_ssl denial of service
12890| [10200] Apache HTTP Server stderr denial of service
12891| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
12892| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
12893| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
12894| [10098] Slapper worm targets OpenSSL/Apache systems
12895| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
12896| [9875] Apache HTTP Server .var file request could disclose installation path
12897| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
12898| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
12899| [9623] Apache HTTP Server ap_log_rerror() path disclosure
12900| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
12901| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
12902| [9396] Apache Tomcat null character to threads denial of service
12903| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
12904| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12905| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12906| [8932] Apache Tomcat example class information disclosure
12907| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12908| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12909| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12910| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12911| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12912| [8400] Apache HTTP Server mod_frontpage buffer overflows
12913| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12914| [8308] Apache "
12915| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12916| [8119] Apache and PHP OPTIONS request reveals "
12917| [8054] Apache is running on the system
12918| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12919| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12920| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12921| [7836] Apache HTTP Server log directory denial of service
12922| [7815] Apache for Windows "
12923| [7810] Apache HTTP request could result in unexpected behavior
12924| [7599] Apache Tomcat reveals installation path
12925| [7494] Apache "
12926| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12927| [7363] Apache Web Server hidden HTTP requests
12928| [7249] Apache mod_proxy denial of service
12929| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12930| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12931| [7059] Apache "
12932| [7057] Apache "
12933| [7056] Apache "
12934| [7055] Apache "
12935| [7054] Apache "
12936| [6997] Apache Jakarta Tomcat error message may reveal information
12937| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12938| [6970] Apache crafted HTTP request could reveal the internal IP address
12939| [6921] Apache long slash path allows directory listing
12940| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12941| [6527] Apache Web Server for Windows and OS2 denial of service
12942| [6316] Apache Jakarta Tomcat may reveal JSP source code
12943| [6305] Apache Jakarta Tomcat directory traversal
12944| [5926] Linux Apache symbolic link
12945| [5659] Apache Web server discloses files when used with php script
12946| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12947| [5204] Apache WebDAV directory listings
12948| [5197] Apache Web server reveals CGI script source code
12949| [5160] Apache Jakarta Tomcat default installation
12950| [5099] Trustix Secure Linux installs Apache with world writable access
12951| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12952| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12953| [4931] Apache source.asp example file allows users to write to files
12954| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12955| [4205] Apache Jakarta Tomcat delivers file contents
12956| [2084] Apache on Debian by default serves the /usr/doc directory
12957| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12958| [697] Apache HTTP server beck exploit
12959| [331] Apache cookies buffer overflow
12960|
12961| Exploit-DB - https://www.exploit-db.com:
12962| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12963| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12964| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12965| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12966| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12967| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12968| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12969| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12970| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12971| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12972| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12973| [29859] Apache Roller OGNL Injection
12974| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12975| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12976| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12977| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12978| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12979| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12980| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12981| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12982| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12983| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12984| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12985| [27096] Apache Geronimo 1.0 Error Page XSS
12986| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12987| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12988| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12989| [25986] Plesk Apache Zeroday Remote Exploit
12990| [25980] Apache Struts includeParams Remote Code Execution
12991| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12992| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12993| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12994| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12995| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12996| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12997| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12998| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12999| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
13000| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
13001| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
13002| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
13003| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
13004| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
13005| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
13006| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
13007| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
13008| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
13009| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
13010| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
13011| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
13012| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
13013| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
13014| [21719] Apache 2.0 Path Disclosure Vulnerability
13015| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
13016| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
13017| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
13018| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
13019| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
13020| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
13021| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
13022| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
13023| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
13024| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
13025| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
13026| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
13027| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
13028| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
13029| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
13030| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
13031| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
13032| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
13033| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
13034| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
13035| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
13036| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
13037| [20558] Apache 1.2 Web Server DoS Vulnerability
13038| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
13039| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
13040| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
13041| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
13042| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
13043| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
13044| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
13045| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
13046| [19231] PHP apache_request_headers Function Buffer Overflow
13047| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
13048| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
13049| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
13050| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
13051| [18442] Apache httpOnly Cookie Disclosure
13052| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
13053| [18221] Apache HTTP Server Denial of Service
13054| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
13055| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
13056| [17691] Apache Struts < 2.2.0 - Remote Command Execution
13057| [16798] Apache mod_jk 1.2.20 Buffer Overflow
13058| [16782] Apache Win32 Chunked Encoding
13059| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
13060| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
13061| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
13062| [15319] Apache 2.2 (Windows) Local Denial of Service
13063| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
13064| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13065| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
13066| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
13067| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
13068| [12330] Apache OFBiz - Multiple XSS
13069| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
13070| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
13071| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
13072| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
13073| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
13074| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
13075| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
13076| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
13077| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13078| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
13079| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
13080| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
13081| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
13082| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
13083| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
13084| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
13085| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
13086| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
13087| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
13088| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
13089| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
13090| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
13091| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
13092| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
13093| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
13094| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
13095| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
13096| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
13097| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
13098| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
13099| [466] htpasswd Apache 1.3.31 - Local Exploit
13100| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
13101| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
13102| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
13103| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
13104| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
13105| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
13106| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
13107| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
13108| [9] Apache HTTP Server 2.x Memory Leak Exploit
13109|
13110| OpenVAS (Nessus) - http://www.openvas.org:
13111| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
13112| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
13113| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
13114| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
13115| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
13116| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
13117| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
13118| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
13119| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
13120| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
13121| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
13122| [900571] Apache APR-Utils Version Detection
13123| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
13124| [900496] Apache Tiles Multiple XSS Vulnerability
13125| [900493] Apache Tiles Version Detection
13126| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
13127| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
13128| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
13129| [870175] RedHat Update for apache RHSA-2008:0004-01
13130| [864591] Fedora Update for apache-poi FEDORA-2012-10835
13131| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
13132| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
13133| [864250] Fedora Update for apache-poi FEDORA-2012-7683
13134| [864249] Fedora Update for apache-poi FEDORA-2012-7686
13135| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
13136| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
13137| [855821] Solaris Update for Apache 1.3 122912-19
13138| [855812] Solaris Update for Apache 1.3 122911-19
13139| [855737] Solaris Update for Apache 1.3 122911-17
13140| [855731] Solaris Update for Apache 1.3 122912-17
13141| [855695] Solaris Update for Apache 1.3 122911-16
13142| [855645] Solaris Update for Apache 1.3 122912-16
13143| [855587] Solaris Update for kernel update and Apache 108529-29
13144| [855566] Solaris Update for Apache 116973-07
13145| [855531] Solaris Update for Apache 116974-07
13146| [855524] Solaris Update for Apache 2 120544-14
13147| [855494] Solaris Update for Apache 1.3 122911-15
13148| [855478] Solaris Update for Apache Security 114145-11
13149| [855472] Solaris Update for Apache Security 113146-12
13150| [855179] Solaris Update for Apache 1.3 122912-15
13151| [855147] Solaris Update for kernel update and Apache 108528-29
13152| [855077] Solaris Update for Apache 2 120543-14
13153| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
13154| [850088] SuSE Update for apache2 SUSE-SA:2007:061
13155| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
13156| [841209] Ubuntu Update for apache2 USN-1627-1
13157| [840900] Ubuntu Update for apache2 USN-1368-1
13158| [840798] Ubuntu Update for apache2 USN-1259-1
13159| [840734] Ubuntu Update for apache2 USN-1199-1
13160| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
13161| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
13162| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
13163| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
13164| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
13165| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
13166| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
13167| [835253] HP-UX Update for Apache Web Server HPSBUX02645
13168| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
13169| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
13170| [835236] HP-UX Update for Apache with PHP HPSBUX02543
13171| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
13172| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
13173| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
13174| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
13175| [835188] HP-UX Update for Apache HPSBUX02308
13176| [835181] HP-UX Update for Apache With PHP HPSBUX02332
13177| [835180] HP-UX Update for Apache with PHP HPSBUX02342
13178| [835172] HP-UX Update for Apache HPSBUX02365
13179| [835168] HP-UX Update for Apache HPSBUX02313
13180| [835148] HP-UX Update for Apache HPSBUX01064
13181| [835139] HP-UX Update for Apache with PHP HPSBUX01090
13182| [835131] HP-UX Update for Apache HPSBUX00256
13183| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
13184| [835104] HP-UX Update for Apache HPSBUX00224
13185| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
13186| [835101] HP-UX Update for Apache HPSBUX01232
13187| [835080] HP-UX Update for Apache HPSBUX02273
13188| [835078] HP-UX Update for ApacheStrong HPSBUX00255
13189| [835044] HP-UX Update for Apache HPSBUX01019
13190| [835040] HP-UX Update for Apache PHP HPSBUX00207
13191| [835025] HP-UX Update for Apache HPSBUX00197
13192| [835023] HP-UX Update for Apache HPSBUX01022
13193| [835022] HP-UX Update for Apache HPSBUX02292
13194| [835005] HP-UX Update for Apache HPSBUX02262
13195| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
13196| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
13197| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
13198| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
13199| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
13200| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
13201| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
13202| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
13203| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
13204| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
13205| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
13206| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
13207| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
13208| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
13209| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
13210| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
13211| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
13212| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
13213| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
13214| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
13215| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
13216| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
13217| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
13218| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
13219| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
13220| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
13221| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
13222| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
13223| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
13224| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
13225| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
13226| [801942] Apache Archiva Multiple Vulnerabilities
13227| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
13228| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
13229| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
13230| [801284] Apache Derby Information Disclosure Vulnerability
13231| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
13232| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
13233| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
13234| [800680] Apache APR Version Detection
13235| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
13236| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
13237| [800677] Apache Roller Version Detection
13238| [800279] Apache mod_jk Module Version Detection
13239| [800278] Apache Struts Cross Site Scripting Vulnerability
13240| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
13241| [800276] Apache Struts Version Detection
13242| [800271] Apache Struts Directory Traversal Vulnerability
13243| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
13244| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
13245| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
13246| [103122] Apache Web Server ETag Header Information Disclosure Weakness
13247| [103074] Apache Continuum Cross Site Scripting Vulnerability
13248| [103073] Apache Continuum Detection
13249| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
13250| [101023] Apache Open For Business Weak Password security check
13251| [101020] Apache Open For Business HTML injection vulnerability
13252| [101019] Apache Open For Business service detection
13253| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
13254| [100923] Apache Archiva Detection
13255| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
13256| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
13257| [100813] Apache Axis2 Detection
13258| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
13259| [100795] Apache Derby Detection
13260| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
13261| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
13262| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
13263| [100514] Apache Multiple Security Vulnerabilities
13264| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
13265| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
13266| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
13267| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13268| [72626] Debian Security Advisory DSA 2579-1 (apache2)
13269| [72612] FreeBSD Ports: apache22
13270| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
13271| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
13272| [71512] FreeBSD Ports: apache
13273| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
13274| [71256] Debian Security Advisory DSA 2452-1 (apache2)
13275| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
13276| [70737] FreeBSD Ports: apache
13277| [70724] Debian Security Advisory DSA 2405-1 (apache2)
13278| [70600] FreeBSD Ports: apache
13279| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
13280| [70235] Debian Security Advisory DSA 2298-2 (apache2)
13281| [70233] Debian Security Advisory DSA 2298-1 (apache2)
13282| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
13283| [69338] Debian Security Advisory DSA 2202-1 (apache2)
13284| [67868] FreeBSD Ports: apache
13285| [66816] FreeBSD Ports: apache
13286| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
13287| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
13288| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
13289| [66081] SLES11: Security update for Apache 2
13290| [66074] SLES10: Security update for Apache 2
13291| [66070] SLES9: Security update for Apache 2
13292| [65998] SLES10: Security update for apache2-mod_python
13293| [65893] SLES10: Security update for Apache 2
13294| [65888] SLES10: Security update for Apache 2
13295| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
13296| [65510] SLES9: Security update for Apache 2
13297| [65472] SLES9: Security update for Apache
13298| [65467] SLES9: Security update for Apache
13299| [65450] SLES9: Security update for apache2
13300| [65390] SLES9: Security update for Apache2
13301| [65363] SLES9: Security update for Apache2
13302| [65309] SLES9: Security update for Apache and mod_ssl
13303| [65296] SLES9: Security update for webdav apache module
13304| [65283] SLES9: Security update for Apache2
13305| [65249] SLES9: Security update for Apache 2
13306| [65230] SLES9: Security update for Apache 2
13307| [65228] SLES9: Security update for Apache 2
13308| [65212] SLES9: Security update for apache2-mod_python
13309| [65209] SLES9: Security update for apache2-worker
13310| [65207] SLES9: Security update for Apache 2
13311| [65168] SLES9: Security update for apache2-mod_python
13312| [65142] SLES9: Security update for Apache2
13313| [65136] SLES9: Security update for Apache 2
13314| [65132] SLES9: Security update for apache
13315| [65131] SLES9: Security update for Apache 2 oes/CORE
13316| [65113] SLES9: Security update for apache2
13317| [65072] SLES9: Security update for apache and mod_ssl
13318| [65017] SLES9: Security update for Apache 2
13319| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
13320| [64783] FreeBSD Ports: apache
13321| [64774] Ubuntu USN-802-2 (apache2)
13322| [64653] Ubuntu USN-813-2 (apache2)
13323| [64559] Debian Security Advisory DSA 1834-2 (apache2)
13324| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
13325| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
13326| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
13327| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
13328| [64443] Ubuntu USN-802-1 (apache2)
13329| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
13330| [64423] Debian Security Advisory DSA 1834-1 (apache2)
13331| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
13332| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
13333| [64251] Debian Security Advisory DSA 1816-1 (apache2)
13334| [64201] Ubuntu USN-787-1 (apache2)
13335| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
13336| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
13337| [63565] FreeBSD Ports: apache
13338| [63562] Ubuntu USN-731-1 (apache2)
13339| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
13340| [61185] FreeBSD Ports: apache
13341| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
13342| [60387] Slackware Advisory SSA:2008-045-02 apache
13343| [58826] FreeBSD Ports: apache-tomcat
13344| [58825] FreeBSD Ports: apache-tomcat
13345| [58804] FreeBSD Ports: apache
13346| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
13347| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
13348| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
13349| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
13350| [57335] Debian Security Advisory DSA 1167-1 (apache)
13351| [57201] Debian Security Advisory DSA 1131-1 (apache)
13352| [57200] Debian Security Advisory DSA 1132-1 (apache2)
13353| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
13354| [57145] FreeBSD Ports: apache
13355| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
13356| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
13357| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
13358| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
13359| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
13360| [56067] FreeBSD Ports: apache
13361| [55803] Slackware Advisory SSA:2005-310-04 apache
13362| [55519] Debian Security Advisory DSA 839-1 (apachetop)
13363| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
13364| [55355] FreeBSD Ports: apache
13365| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
13366| [55261] Debian Security Advisory DSA 805-1 (apache2)
13367| [55259] Debian Security Advisory DSA 803-1 (apache)
13368| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
13369| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
13370| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
13371| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
13372| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
13373| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
13374| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
13375| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
13376| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
13377| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
13378| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
13379| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
13380| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
13381| [54439] FreeBSD Ports: apache
13382| [53931] Slackware Advisory SSA:2004-133-01 apache
13383| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
13384| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
13385| [53878] Slackware Advisory SSA:2003-308-01 apache security update
13386| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
13387| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
13388| [53848] Debian Security Advisory DSA 131-1 (apache)
13389| [53784] Debian Security Advisory DSA 021-1 (apache)
13390| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
13391| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
13392| [53735] Debian Security Advisory DSA 187-1 (apache)
13393| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
13394| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
13395| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
13396| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
13397| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
13398| [53282] Debian Security Advisory DSA 594-1 (apache)
13399| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
13400| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
13401| [53215] Debian Security Advisory DSA 525-1 (apache)
13402| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
13403| [52529] FreeBSD Ports: apache+ssl
13404| [52501] FreeBSD Ports: apache
13405| [52461] FreeBSD Ports: apache
13406| [52390] FreeBSD Ports: apache
13407| [52389] FreeBSD Ports: apache
13408| [52388] FreeBSD Ports: apache
13409| [52383] FreeBSD Ports: apache
13410| [52339] FreeBSD Ports: apache+mod_ssl
13411| [52331] FreeBSD Ports: apache
13412| [52329] FreeBSD Ports: ru-apache+mod_ssl
13413| [52314] FreeBSD Ports: apache
13414| [52310] FreeBSD Ports: apache
13415| [15588] Detect Apache HTTPS
13416| [15555] Apache mod_proxy content-length buffer overflow
13417| [15554] Apache mod_include priviledge escalation
13418| [14771] Apache <= 1.3.33 htpasswd local overflow
13419| [14177] Apache mod_access rule bypass
13420| [13644] Apache mod_rootme Backdoor
13421| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
13422| [12280] Apache Connection Blocking Denial of Service
13423| [12239] Apache Error Log Escape Sequence Injection
13424| [12123] Apache Tomcat source.jsp malformed request information disclosure
13425| [12085] Apache Tomcat servlet/JSP container default files
13426| [11438] Apache Tomcat Directory Listing and File disclosure
13427| [11204] Apache Tomcat Default Accounts
13428| [11092] Apache 2.0.39 Win32 directory traversal
13429| [11046] Apache Tomcat TroubleShooter Servlet Installed
13430| [11042] Apache Tomcat DOS Device Name XSS
13431| [11041] Apache Tomcat /servlet Cross Site Scripting
13432| [10938] Apache Remote Command Execution via .bat files
13433| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
13434| [10773] MacOS X Finder reveals contents of Apache Web files
13435| [10766] Apache UserDir Sensitive Information Disclosure
13436| [10756] MacOS X Finder reveals contents of Apache Web directories
13437| [10752] Apache Auth Module SQL Insertion Attack
13438| [10704] Apache Directory Listing
13439| [10678] Apache /server-info accessible
13440| [10677] Apache /server-status accessible
13441| [10440] Check for Apache Multiple / vulnerability
13442|
13443| SecurityTracker - https://www.securitytracker.com:
13444| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
13445| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13446| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
13447| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
13448| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13449| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13450| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13451| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
13452| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
13453| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
13454| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
13455| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
13456| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
13457| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
13458| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
13459| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
13460| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
13461| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
13462| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
13463| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
13464| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
13465| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
13466| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
13467| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
13468| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
13469| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13470| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
13471| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
13472| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
13473| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
13474| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
13475| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
13476| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13477| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13478| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13479| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13480| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13481| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13482| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13483| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13484| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13485| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13486| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13487| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13488| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13489| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13490| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13491| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13492| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13493| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13494| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13495| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13496| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13497| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13498| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13499| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13500| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13501| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13502| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13503| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13504| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13505| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13506| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13507| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13508| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13509| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13510| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13511| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13512| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13513| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13514| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13515| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13516| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13517| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13518| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13519| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13520| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13521| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13522| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13523| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13524| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13525| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13526| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13527| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13528| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13529| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13530| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13531| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13532| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13533| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13534| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13535| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13536| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13537| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13538| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13539| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13540| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13541| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13542| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13543| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13544| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13545| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13546| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13547| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13548| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13549| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13550| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13551| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13552| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13553| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13554| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13555| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13556| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13557| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13558| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13559| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13560| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13561| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13562| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13563| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13564| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13565| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13566| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13567| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13568| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13569| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13570| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13571| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13572| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13573| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13574| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13575| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13576| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13577| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13578| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13579| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13580| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13581| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13582| [1008920] Apache mod_digest May Validate Replayed Client Responses
13583| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13584| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13585| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13586| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13587| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13588| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13589| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13590| [1008029] Apache mod_alias Contains a Buffer Overflow
13591| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13592| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13593| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13594| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13595| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13596| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13597| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13598| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13599| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13600| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13601| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13602| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13603| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13604| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13605| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13606| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13607| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13608| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13609| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13610| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13611| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13612| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13613| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13614| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13615| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13616| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13617| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13618| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13619| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13620| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13621| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13622| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13623| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13624| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13625| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13626| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13627| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13628| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13629| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13630| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13631| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13632| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13633| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13634| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13635| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13636| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13637| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13638| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13639| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13640| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13641| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13642| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13643| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13644| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13645| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13646| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13647|
13648| OSVDB - http://www.osvdb.org:
13649| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13650| [96077] Apache CloudStack Global Settings Multiple Field XSS
13651| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13652| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13653| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13654| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13655| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13656| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13657| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13658| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13659| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13660| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13661| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13662| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13663| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13664| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13665| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13666| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13667| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13668| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13669| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13670| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13671| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13672| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13673| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13674| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13675| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13676| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13677| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13678| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13679| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13680| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13681| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13682| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13683| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13684| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13685| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13686| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13687| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13688| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13689| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13690| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13691| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13692| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13693| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13694| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13695| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13696| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13697| [94279] Apache Qpid CA Certificate Validation Bypass
13698| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13699| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13700| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13701| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13702| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13703| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13704| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13705| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13706| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13707| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13708| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13709| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13710| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13711| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13712| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13713| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13714| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13715| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13716| [93541] Apache Solr json.wrf Callback XSS
13717| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13718| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13719| [93520] Apache CloudStack Default SSL Key Weakness
13720| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13721| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13722| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13723| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13724| [93515] Apache HBase table.jsp name Parameter XSS
13725| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13726| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13727| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13728| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13729| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13730| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13731| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13732| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13733| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13734| [93252] Apache Tomcat FORM Authenticator Session Fixation
13735| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13736| [93171] Apache Sling HtmlResponse Error Message XSS
13737| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13738| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13739| [93168] Apache Click ErrorReport.java id Parameter XSS
13740| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13741| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13742| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13743| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13744| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13745| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13746| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13747| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13748| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13749| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13750| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13751| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13752| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13753| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13754| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13755| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13756| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13757| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13758| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13759| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13760| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13761| [93144] Apache Solr Admin Command Execution CSRF
13762| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13763| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13764| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13765| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13766| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13767| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13768| [92748] Apache CloudStack VM Console Access Restriction Bypass
13769| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13770| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13771| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13772| [92706] Apache ActiveMQ Debug Log Rendering XSS
13773| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13774| [92270] Apache Tomcat Unspecified CSRF
13775| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13776| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13777| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13778| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13779| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13780| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13781| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13782| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13783| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13784| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13785| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13786| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13787| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13788| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13789| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13790| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13791| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13792| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13793| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13794| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13795| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13796| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13797| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13798| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13799| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13800| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13801| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13802| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13803| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13804| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13805| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13806| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13807| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13808| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13809| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13810| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13811| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13812| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13813| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13814| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13815| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13816| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13817| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13818| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13819| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13820| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13821| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13822| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13823| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13824| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13825| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13826| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13827| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13828| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13829| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13830| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13831| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13832| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13833| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
13834| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
13835| [86901] Apache Tomcat Error Message Path Disclosure
13836| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
13837| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
13838| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
13839| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
13840| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
13841| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
13842| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
13843| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
13844| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
13845| [85430] Apache mod_pagespeed Module Unspecified XSS
13846| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
13847| [85249] Apache Wicket Unspecified XSS
13848| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
13849| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
13850| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
13851| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
13852| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
13853| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
13854| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
13855| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
13856| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
13857| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
13858| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
13859| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
13860| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
13861| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
13862| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
13863| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
13864| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
13865| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
13866| [83339] Apache Roller Blogger Roll Unspecified XSS
13867| [83270] Apache Roller Unspecified Admin Action CSRF
13868| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
13869| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
13870| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
13871| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
13872| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
13873| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
13874| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
13875| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
13876| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
13877| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
13878| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
13879| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
13880| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
13881| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
13882| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
13883| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
13884| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
13885| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
13886| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
13887| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
13888| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
13889| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
13890| [80300] Apache Wicket wicket:pageMapName Parameter XSS
13891| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
13892| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
13893| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
13894| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
13895| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
13896| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
13897| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
13898| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
13899| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
13900| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
13901| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
13902| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
13903| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
13904| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13905| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13906| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13907| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13908| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13909| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13910| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13911| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13912| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13913| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13914| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13915| [77593] Apache Struts Conversion Error OGNL Expression Injection
13916| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13917| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13918| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13919| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13920| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13921| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13922| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13923| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13924| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13925| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13926| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13927| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13928| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13929| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13930| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13931| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13932| [74725] Apache Wicket Multi Window Support Unspecified XSS
13933| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13934| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13935| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13936| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13937| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13938| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13939| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13940| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13941| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13942| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13943| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13944| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13945| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13946| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13947| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13948| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13949| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13950| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13951| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13952| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13953| [73154] Apache Archiva Multiple Unspecified CSRF
13954| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13955| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13956| [72238] Apache Struts Action / Method Names <
13957| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13958| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13959| [71557] Apache Tomcat HTML Manager Multiple XSS
13960| [71075] Apache Archiva User Management Page XSS
13961| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13962| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13963| [70924] Apache Continuum Multiple Admin Function CSRF
13964| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13965| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13966| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13967| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13968| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13969| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13970| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13971| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13972| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13973| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13974| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13975| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13976| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13977| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13978| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13979| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13980| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13981| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13982| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13983| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13984| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13985| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13986| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13987| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13988| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13989| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13990| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13991| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13992| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13993| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13994| [65054] Apache ActiveMQ Jetty Error Handler XSS
13995| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13996| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13997| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13998| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13999| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
14000| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
14001| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
14002| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
14003| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
14004| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
14005| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
14006| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
14007| [63895] Apache HTTP Server mod_headers Unspecified Issue
14008| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
14009| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
14010| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
14011| [63140] Apache Thrift Service Malformed Data Remote DoS
14012| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
14013| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
14014| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
14015| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
14016| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
14017| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
14018| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
14019| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
14020| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
14021| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
14022| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
14023| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
14024| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
14025| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
14026| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
14027| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
14028| [60678] Apache Roller Comment Email Notification Manipulation DoS
14029| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
14030| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
14031| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
14032| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
14033| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
14034| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
14035| [60232] PHP on Apache php.exe Direct Request Remote DoS
14036| [60176] Apache Tomcat Windows Installer Admin Default Password
14037| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
14038| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
14039| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
14040| [59944] Apache Hadoop jobhistory.jsp XSS
14041| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
14042| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
14043| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
14044| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
14045| [59019] Apache mod_python Cookie Salting Weakness
14046| [59018] Apache Harmony Error Message Handling Overflow
14047| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
14048| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
14049| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
14050| [59010] Apache Solr get-file.jsp XSS
14051| [59009] Apache Solr action.jsp XSS
14052| [59008] Apache Solr analysis.jsp XSS
14053| [59007] Apache Solr schema.jsp Multiple Parameter XSS
14054| [59006] Apache Beehive select / checkbox Tag XSS
14055| [59005] Apache Beehive jpfScopeID Global Parameter XSS
14056| [59004] Apache Beehive Error Message XSS
14057| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
14058| [59002] Apache Jetspeed default-page.psml URI XSS
14059| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
14060| [59000] Apache CXF Unsigned Message Policy Bypass
14061| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
14062| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
14063| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
14064| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
14065| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
14066| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
14067| [58993] Apache Hadoop browseBlock.jsp XSS
14068| [58991] Apache Hadoop browseDirectory.jsp XSS
14069| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
14070| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
14071| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
14072| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
14073| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
14074| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
14075| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
14076| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
14077| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
14078| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
14079| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
14080| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
14081| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
14082| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
14083| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
14084| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
14085| [58974] Apache Sling /apps Script User Session Management Access Weakness
14086| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
14087| [58931] Apache Geronimo Cookie Parameters Validation Weakness
14088| [58930] Apache Xalan-C++ XPath Handling Remote DoS
14089| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
14090| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
14091| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
14092| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
14093| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
14094| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
14095| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
14096| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
14097| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
14098| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
14099| [58805] Apache Derby Unauthenticated Database / Admin Access
14100| [58804] Apache Wicket Header Contribution Unspecified Issue
14101| [58803] Apache Wicket Session Fixation
14102| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
14103| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
14104| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
14105| [58799] Apache Tapestry Logging Cleartext Password Disclosure
14106| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
14107| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
14108| [58796] Apache Jetspeed Unsalted Password Storage Weakness
14109| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
14110| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
14111| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
14112| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
14113| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
14114| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
14115| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
14116| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
14117| [58775] Apache JSPWiki preview.jsp action Parameter XSS
14118| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14119| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
14120| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
14121| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
14122| [58770] Apache JSPWiki Group.jsp group Parameter XSS
14123| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
14124| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
14125| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
14126| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
14127| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
14128| [58763] Apache JSPWiki Include Tag Multiple Script XSS
14129| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
14130| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
14131| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
14132| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
14133| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
14134| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
14135| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
14136| [58755] Apache Harmony DRLVM Non-public Class Member Access
14137| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
14138| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
14139| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
14140| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
14141| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
14142| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
14143| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
14144| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
14145| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
14146| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
14147| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
14148| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
14149| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
14150| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
14151| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
14152| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
14153| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
14154| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
14155| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
14156| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
14157| [58725] Apache Tapestry Basic String ACL Bypass Weakness
14158| [58724] Apache Roller Logout Functionality Failure Session Persistence
14159| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
14160| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
14161| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
14162| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
14163| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
14164| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
14165| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
14166| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
14167| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
14168| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
14169| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
14170| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
14171| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
14172| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
14173| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
14174| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
14175| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
14176| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
14177| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
14178| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
14179| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
14180| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
14181| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
14182| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
14183| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
14184| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
14185| [58687] Apache Axis Invalid wsdl Request XSS
14186| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
14187| [58685] Apache Velocity Template Designer Privileged Code Execution
14188| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
14189| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
14190| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
14191| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
14192| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
14193| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
14194| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
14195| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
14196| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
14197| [58667] Apache Roller Database Cleartext Passwords Disclosure
14198| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
14199| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
14200| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
14201| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
14202| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
14203| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
14204| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
14205| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
14206| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
14207| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
14208| [56984] Apache Xerces2 Java Malformed XML Input DoS
14209| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
14210| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
14211| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
14212| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
14213| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
14214| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
14215| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
14216| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
14217| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
14218| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
14219| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
14220| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
14221| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
14222| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
14223| [55056] Apache Tomcat Cross-application TLD File Manipulation
14224| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
14225| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
14226| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
14227| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
14228| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
14229| [54589] Apache Jserv Nonexistent JSP Request XSS
14230| [54122] Apache Struts s:a / s:url Tag href Element XSS
14231| [54093] Apache ActiveMQ Web Console JMS Message XSS
14232| [53932] Apache Geronimo Multiple Admin Function CSRF
14233| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
14234| [53930] Apache Geronimo /console/portal/ URI XSS
14235| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
14236| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
14237| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
14238| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
14239| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
14240| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
14241| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
14242| [53380] Apache Struts Unspecified XSS
14243| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
14244| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
14245| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
14246| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
14247| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
14248| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
14249| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
14250| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
14251| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
14252| [51151] Apache Roller Search Function q Parameter XSS
14253| [50482] PHP with Apache php_value Order Unspecified Issue
14254| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
14255| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
14256| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
14257| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
14258| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
14259| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
14260| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
14261| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
14262| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
14263| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
14264| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
14265| [47096] Oracle Weblogic Apache Connector POST Request Overflow
14266| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
14267| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
14268| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
14269| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
14270| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
14271| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
14272| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
14273| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
14274| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
14275| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
14276| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
14277| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
14278| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
14279| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
14280| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
14281| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
14282| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
14283| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
14284| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
14285| [43452] Apache Tomcat HTTP Request Smuggling
14286| [43309] Apache Geronimo LoginModule Login Method Bypass
14287| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
14288| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
14289| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
14290| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
14291| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
14292| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
14293| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
14294| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
14295| [42091] Apache Maven Site Plugin Installation Permission Weakness
14296| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
14297| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
14298| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
14299| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
14300| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
14301| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
14302| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
14303| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
14304| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
14305| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
14306| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
14307| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
14308| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
14309| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
14310| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
14311| [40262] Apache HTTP Server mod_status refresh XSS
14312| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
14313| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
14314| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
14315| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
14316| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
14317| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
14318| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
14319| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
14320| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
14321| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
14322| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
14323| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
14324| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
14325| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
14326| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
14327| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
14328| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
14329| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
14330| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
14331| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
14332| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
14333| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
14334| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
14335| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
14336| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
14337| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
14338| [36080] Apache Tomcat JSP Examples Crafted URI XSS
14339| [36079] Apache Tomcat Manager Uploaded Filename XSS
14340| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
14341| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
14342| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
14343| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
14344| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
14345| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
14346| [34881] Apache Tomcat Malformed Accept-Language Header XSS
14347| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
14348| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
14349| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
14350| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
14351| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
14352| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
14353| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
14354| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
14355| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
14356| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
14357| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
14358| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
14359| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
14360| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
14361| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
14362| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
14363| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
14364| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
14365| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
14366| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
14367| [32724] Apache mod_python _filter_read Freed Memory Disclosure
14368| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
14369| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
14370| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
14371| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
14372| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
14373| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
14374| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
14375| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
14376| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
14377| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
14378| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
14379| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
14380| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
14381| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
14382| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
14383| [24365] Apache Struts Multiple Function Error Message XSS
14384| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
14385| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
14386| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
14387| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
14388| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
14389| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
14390| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
14391| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
14392| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
14393| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
14394| [22459] Apache Geronimo Error Page XSS
14395| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
14396| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
14397| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
14398| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
14399| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
14400| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
14401| [21021] Apache Struts Error Message XSS
14402| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
14403| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
14404| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
14405| [20439] Apache Tomcat Directory Listing Saturation DoS
14406| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
14407| [20285] Apache HTTP Server Log File Control Character Injection
14408| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
14409| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
14410| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
14411| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
14412| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
14413| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
14414| [19821] Apache Tomcat Malformed Post Request Information Disclosure
14415| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
14416| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
14417| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
14418| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
14419| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
14420| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
14421| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
14422| [18233] Apache HTTP Server htdigest user Variable Overfow
14423| [17738] Apache HTTP Server HTTP Request Smuggling
14424| [16586] Apache HTTP Server Win32 GET Overflow DoS
14425| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
14426| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
14427| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
14428| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
14429| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
14430| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
14431| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
14432| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
14433| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
14434| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
14435| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
14436| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
14437| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
14438| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
14439| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
14440| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
14441| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
14442| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
14443| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
14444| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
14445| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
14446| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
14447| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
14448| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
14449| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
14450| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
14451| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
14452| [13304] Apache Tomcat realPath.jsp Path Disclosure
14453| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
14454| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
14455| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
14456| [12848] Apache HTTP Server htdigest realm Variable Overflow
14457| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
14458| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
14459| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
14460| [12557] Apache HTTP Server prefork MPM accept Error DoS
14461| [12233] Apache Tomcat MS-DOS Device Name Request DoS
14462| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
14463| [12231] Apache Tomcat web.xml Arbitrary File Access
14464| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
14465| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
14466| [12178] Apache Jakarta Lucene results.jsp XSS
14467| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
14468| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
14469| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
14470| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
14471| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
14472| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
14473| [10471] Apache Xerces-C++ XML Parser DoS
14474| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
14475| [10068] Apache HTTP Server htpasswd Local Overflow
14476| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14477| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14478| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14479| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14480| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14481| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14482| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14483| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14484| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14485| [9714] Apache Authentication Module Threaded MPM DoS
14486| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14487| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14488| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14489| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14490| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14491| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14492| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14493| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14494| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14495| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14496| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14497| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14498| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14499| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14500| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14501| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14502| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14503| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14504| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14505| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14506| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14507| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14508| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14509| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14510| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14511| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14512| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14513| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14514| [9208] Apache Tomcat .jsp Encoded Newline XSS
14515| [9204] Apache Tomcat ROOT Application XSS
14516| [9203] Apache Tomcat examples Application XSS
14517| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14518| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14519| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14520| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14521| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14522| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14523| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14524| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14525| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14526| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14527| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14528| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14529| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14530| [7611] Apache HTTP Server mod_alias Local Overflow
14531| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14532| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14533| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14534| [6882] Apache mod_python Malformed Query String Variant DoS
14535| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14536| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14537| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14538| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14539| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14540| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14541| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14542| [5278] Apache Tomcat web.xml Restriction Bypass
14543| [5051] Apache Tomcat Null Character DoS
14544| [4973] Apache Tomcat servlet Mapping XSS
14545| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14546| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14547| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14548| [4568] mod_survey For Apache ENV Tags SQL Injection
14549| [4553] Apache HTTP Server ApacheBench Overflow DoS
14550| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14551| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14552| [4383] Apache HTTP Server Socket Race Condition DoS
14553| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14554| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14555| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14556| [4231] Apache Cocoon Error Page Server Path Disclosure
14557| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14558| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14559| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14560| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14561| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14562| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14563| [3322] mod_php for Apache HTTP Server Process Hijack
14564| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14565| [2885] Apache mod_python Malformed Query String DoS
14566| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14567| [2733] Apache HTTP Server mod_rewrite Local Overflow
14568| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14569| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14570| [2149] Apache::Gallery Privilege Escalation
14571| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14572| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14573| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14574| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14575| [872] Apache Tomcat Multiple Default Accounts
14576| [862] Apache HTTP Server SSI Error Page XSS
14577| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14578| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14579| [845] Apache Tomcat MSDOS Device XSS
14580| [844] Apache Tomcat Java Servlet Error Page XSS
14581| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14582| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14583| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14584| [775] Apache mod_python Module Importing Privilege Function Execution
14585| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14586| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14587| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14588| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14589| [637] Apache HTTP Server UserDir Directive Username Enumeration
14590| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14591| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14592| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14593| [561] Apache Web Servers mod_status /server-status Information Disclosure
14594| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14595| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14596| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14597| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14598| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14599| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14600| [376] Apache Tomcat contextAdmin Arbitrary File Access
14601| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14602| [222] Apache HTTP Server test-cgi Arbitrary File Access
14603| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14604| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14605|_
14606465/tcp open ssl/smtp Exim smtpd 4.92
14607| vulscan: VulDB - https://vuldb.com:
14608| [141327] Exim up to 4.92.1 Backslash privilege escalation
14609| [138827] Exim up to 4.92 Expansion Code Execution
14610| [135932] Exim up to 4.92 privilege escalation
14611| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14612|
14613| MITRE CVE - https://cve.mitre.org:
14614| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14615| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14616| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14617| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14618| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14619| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14620| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14621| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14622| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14623| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14624| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14625| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14626| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14627| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14628| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14629| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14630|
14631| SecurityFocus - https://www.securityfocus.com/bid/:
14632| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14633| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14634| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14635| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14636| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14637| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14638| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14639| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14640| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14641| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14642| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14643| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14644| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14645| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14646| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14647| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14648| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14649| [17110] sa-exim Unauthorized File Access Vulnerability
14650| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14651| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14652| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14653| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14654| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14655| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14656| [6314] Exim Internet Mailer Format String Vulnerability
14657| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14658| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14659| [2828] Exim Format String Vulnerability
14660| [1859] Exim Buffer Overflow Vulnerability
14661|
14662| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14663| [84758] Exim sender_address parameter command execution
14664| [84015] Exim command execution
14665| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14666| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14667| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14668| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14669| [67455] Exim DKIM processing code execution
14670| [67299] Exim dkim_exim_verify_finish() format string
14671| [65028] Exim open_log privilege escalation
14672| [63967] Exim config file privilege escalation
14673| [63960] Exim header buffer overflow
14674| [59043] Exim mail directory privilege escalation
14675| [59042] Exim MBX symlink
14676| [52922] ikiwiki teximg plugin information disclosure
14677| [34265] Exim spamd buffer overflow
14678| [25286] Sa-exim greylistclean.cron file deletion
14679| [22687] RHSA-2005:025 updates for exim not installed
14680| [18901] Exim dns_build_reverse buffer overflow
14681| [18764] Exim spa_base64_to_bits function buffer overflow
14682| [18763] Exim host_aton buffer overflow
14683| [16079] Exim require_verify buffer overflow
14684| [16077] Exim header_check_syntax buffer overflow
14685| [16075] Exim sender_verify buffer overflow
14686| [13067] Exim HELO or EHLO command heap overflow
14687| [10761] Exim daemon.c format string
14688| [8194] Exim configuration file -c command-line argument buffer overflow
14689| [7738] Exim allows attacker to hide commands in localhost names using pipes
14690| [6671] Exim "
14691| [1893] Exim MTA allows local users to gain root privileges
14692|
14693| Exploit-DB - https://www.exploit-db.com:
14694| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14695| [15725] Exim 4.63 Remote Root Exploit
14696| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14697| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14698| [796] Exim <= 4.42 Local Root Exploit
14699| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14700|
14701| OpenVAS (Nessus) - http://www.openvas.org:
14702| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14703|
14704| SecurityTracker - https://www.securitytracker.com:
14705| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14706| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14707| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14708| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14709| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14710| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14711| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14712| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14713| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14714| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14715| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14716| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14717|
14718| OSVDB - http://www.osvdb.org:
14719| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14720| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14721| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14722| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14723| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14724| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14725| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14726| [70696] Exim log.c open_log() Function Local Privilege Escalation
14727| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14728| [69685] Exim string_format Function Remote Overflow
14729| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14730| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14731| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14732| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14733| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14734| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14735| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14736| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14737| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14738| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14739| [10032] libXpm CreateXImage Function Integer Overflow
14740| [7160] Exim .forward :include: Option Privilege Escalation
14741| [6479] Vexim COOKIE Authentication Credential Disclosure
14742| [6478] Vexim Multiple Parameter SQL Injection
14743| [5930] Exim Parenthesis File Name Filter Bypass
14744| [5897] Exim header_syntax Function Remote Overflow
14745| [5896] Exim sender_verify Function Remote Overflow
14746| [5530] Exim Localhost Name Arbitrary Command Execution
14747| [5330] Exim Configuration File Variable Overflow
14748| [1855] Exim Batched SMTP Mail Header Format String
14749|_
14750587/tcp open smtp Exim smtpd 4.92
14751| vulscan: VulDB - https://vuldb.com:
14752| [141327] Exim up to 4.92.1 Backslash privilege escalation
14753| [138827] Exim up to 4.92 Expansion Code Execution
14754| [135932] Exim up to 4.92 privilege escalation
14755| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14756|
14757| MITRE CVE - https://cve.mitre.org:
14758| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14759| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14760| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14761| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14762| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14763| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14764| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14765| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14766| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14767| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14768| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14769| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14770| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14771| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14772| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14773| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14774|
14775| SecurityFocus - https://www.securityfocus.com/bid/:
14776| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14777| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14778| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14779| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14780| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14781| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14782| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14783| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14784| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14785| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14786| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14787| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14788| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14789| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14790| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14791| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14792| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14793| [17110] sa-exim Unauthorized File Access Vulnerability
14794| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14795| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14796| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14797| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14798| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14799| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14800| [6314] Exim Internet Mailer Format String Vulnerability
14801| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14802| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14803| [2828] Exim Format String Vulnerability
14804| [1859] Exim Buffer Overflow Vulnerability
14805|
14806| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14807| [84758] Exim sender_address parameter command execution
14808| [84015] Exim command execution
14809| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14810| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14811| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14812| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14813| [67455] Exim DKIM processing code execution
14814| [67299] Exim dkim_exim_verify_finish() format string
14815| [65028] Exim open_log privilege escalation
14816| [63967] Exim config file privilege escalation
14817| [63960] Exim header buffer overflow
14818| [59043] Exim mail directory privilege escalation
14819| [59042] Exim MBX symlink
14820| [52922] ikiwiki teximg plugin information disclosure
14821| [34265] Exim spamd buffer overflow
14822| [25286] Sa-exim greylistclean.cron file deletion
14823| [22687] RHSA-2005:025 updates for exim not installed
14824| [18901] Exim dns_build_reverse buffer overflow
14825| [18764] Exim spa_base64_to_bits function buffer overflow
14826| [18763] Exim host_aton buffer overflow
14827| [16079] Exim require_verify buffer overflow
14828| [16077] Exim header_check_syntax buffer overflow
14829| [16075] Exim sender_verify buffer overflow
14830| [13067] Exim HELO or EHLO command heap overflow
14831| [10761] Exim daemon.c format string
14832| [8194] Exim configuration file -c command-line argument buffer overflow
14833| [7738] Exim allows attacker to hide commands in localhost names using pipes
14834| [6671] Exim "
14835| [1893] Exim MTA allows local users to gain root privileges
14836|
14837| Exploit-DB - https://www.exploit-db.com:
14838| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14839| [15725] Exim 4.63 Remote Root Exploit
14840| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14841| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14842| [796] Exim <= 4.42 Local Root Exploit
14843| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14844|
14845| OpenVAS (Nessus) - http://www.openvas.org:
14846| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14847|
14848| SecurityTracker - https://www.securitytracker.com:
14849| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14850| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14851| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14852| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14853| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14854| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14855| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14856| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14857| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14858| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14859| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14860| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14861|
14862| OSVDB - http://www.osvdb.org:
14863| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14864| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14865| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14866| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14867| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14868| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14869| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14870| [70696] Exim log.c open_log() Function Local Privilege Escalation
14871| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14872| [69685] Exim string_format Function Remote Overflow
14873| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14874| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14875| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14876| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14877| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14878| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14879| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14880| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14881| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14882| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14883| [10032] libXpm CreateXImage Function Integer Overflow
14884| [7160] Exim .forward :include: Option Privilege Escalation
14885| [6479] Vexim COOKIE Authentication Credential Disclosure
14886| [6478] Vexim Multiple Parameter SQL Injection
14887| [5930] Exim Parenthesis File Name Filter Bypass
14888| [5897] Exim header_syntax Function Remote Overflow
14889| [5896] Exim sender_verify Function Remote Overflow
14890| [5530] Exim Localhost Name Arbitrary Command Execution
14891| [5330] Exim Configuration File Variable Overflow
14892| [1855] Exim Batched SMTP Mail Header Format String
14893|_
14894993/tcp open ssl/imaps?
14895995/tcp open ssl/pop3s?
148961248/tcp open hermes?
148973306/tcp open mysql MySQL 5.6.44-cll-lve
14898| vulscan: VulDB - https://vuldb.com:
14899| [138100] Oracle MySQL Server up to 5.6.44/5.7.18 Privileges unknown vulnerability
14900| [138099] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Compiling information disclosure
14901| [138079] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Pluggable Auth denial of service
14902| [138070] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Audit unknown vulnerability
14903| [138067] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 XML denial of service
14904| [138066] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Parser denial of service
14905| [129645] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication denial of service
14906| [129642] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
14907| [129641] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
14908| [129639] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 DDL denial of service
14909| [129630] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Connection Handling denial of service
14910| [129629] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Parser denial of service
14911| [129627] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 PS denial of service
14912| [129626] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
14913| [129624] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication unknown vulnerability
14914| [125562] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 RBR denial of service
14915| [125559] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Memcached denial of service
14916| [125548] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Merge denial of service
14917| [125539] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
14918| [125538] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
14919| [125537] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
14920| [121784] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Memcached denial of service
14921| [121780] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Installing denial of service
14922| [121774] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 InnoDB denial of service
14923|
14924| MITRE CVE - https://cve.mitre.org:
14925| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
14926| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
14927| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
14928| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
14929| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
14930| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
14931| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
14932| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
14933| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14934| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
14935| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
14936| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
14937| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14938| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
14939| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
14940| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
14941| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
14942| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14943| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
14944| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
14945| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
14946| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
14947| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
14948| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
14949| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
14950| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
14951| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
14952| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
14953| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
14954| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
14955| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
14956| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
14957| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
14958| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
14959| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
14960|
14961| SecurityFocus - https://www.securityfocus.com/bid/:
14962| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
14963| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
14964| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
14965| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
14966| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
14967| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
14968| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
14969| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
14970| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
14971| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
14972| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
14973|
14974| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14975| [85724] Oracle MySQL Server XA Transactions denial of service
14976| [85723] Oracle MySQL Server Server Replication denial of service
14977| [85722] Oracle MySQL Server InnoDB denial of service
14978| [85721] Oracle MySQL Server Server Privileges unspecified
14979| [85720] Oracle MySQL Server Server Partition denial of service
14980| [85719] Oracle MySQL Server Server Parser denial of service
14981| [85718] Oracle MySQL Server Server Options denial of service
14982| [85717] Oracle MySQL Server Server Options denial of service
14983| [85716] Oracle MySQL Server Server Optimizer denial of service
14984| [85715] Oracle MySQL Server Server Optimizer denial of service
14985| [85714] Oracle MySQL Server Prepared Statements denial of service
14986| [85713] Oracle MySQL Server InnoDB denial of service
14987| [85712] Oracle MySQL Server Full Text Search denial of service
14988| [85711] Oracle MySQL Server Data Manipulation Language denial of service
14989| [85710] Oracle MySQL Server Data Manipulation Language denial of service
14990| [85709] Oracle MySQL Server Audit Log unspecified
14991| [85708] Oracle MySQL Server MemCached unspecified
14992| [84846] Debian mysql-server package information disclosure
14993| [84375] Wireshark MySQL dissector denial of service
14994| [83554] Oracle MySQL Server Server Partition denial of service
14995| [83553] Oracle MySQL Server Server Locking denial of service
14996| [83552] Oracle MySQL Server Server Install unspecified
14997| [83551] Oracle MySQL Server Server Types denial of service
14998| [83550] Oracle MySQL Server Server Privileges unspecified
14999| [83549] Oracle MySQL Server InnoDB denial of service
15000| [83548] Oracle MySQL Server InnoDB denial of service
15001| [83547] Oracle MySQL Server Data Manipulation Language denial of service
15002| [83546] Oracle MySQL Server Stored Procedure denial of service
15003| [83545] Oracle MySQL Server Server Replication denial of service
15004| [83544] Oracle MySQL Server Server Partition denial of service
15005| [83543] Oracle MySQL Server Server Optimizer denial of service
15006| [83542] Oracle MySQL Server InnoDB denial of service
15007| [83541] Oracle MySQL Server Information Schema denial of service
15008| [83540] Oracle MySQL Server Data Manipulation Language denial of service
15009| [83539] Oracle MySQL Server Data Manipulation Language denial of service
15010| [83538] Oracle MySQL Server Server Optimizer unspecified
15011| [83537] Oracle MySQL Server MemCached denial of service
15012| [83536] Oracle MySQL Server Server Privileges unspecified
15013| [83535] Oracle MySQL Server Server Privileges unspecified
15014| [83534] Oracle MySQL Server Server unspecified
15015| [83533] Oracle MySQL Server Information Schema unspecified
15016| [83532] Oracle MySQL Server Server Locking unspecified
15017| [83531] Oracle MySQL Server Data Manipulation Language denial of service
15018| [83388] MySQL administrative login attempt detected
15019| [82963] Mambo MySQL database information disclosure
15020| [82946] Oracle MySQL buffer overflow
15021| [82945] Oracle MySQL buffer overflow
15022| [82895] Oracle MySQL and MariaDB geometry queries denial of service
15023| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
15024| [81325] Oracle MySQL Server Server Privileges denial of service
15025| [81324] Oracle MySQL Server Server Partition denial of service
15026| [81323] Oracle MySQL Server Server Optimizer denial of service
15027| [81322] Oracle MySQL Server Server Optimizer denial of service
15028| [81321] Oracle MySQL Server Server denial of service
15029| [81320] Oracle MySQL Server MyISAM denial of service
15030| [81319] Oracle MySQL Server InnoDB denial of service
15031| [81318] Oracle MySQL Server InnoDB denial of service
15032| [81317] Oracle MySQL Server Server Locking denial of service
15033| [81316] Oracle MySQL Server Server denial of service
15034| [81315] Oracle MySQL Server Server Replication unspecified
15035| [81314] Oracle MySQL Server Server Replication unspecified
15036| [81313] Oracle MySQL Server Stored Procedure denial of service
15037| [81312] Oracle MySQL Server Server Optimizer denial of service
15038| [81311] Oracle MySQL Server Information Schema denial of service
15039| [81310] Oracle MySQL Server GIS Extension denial of service
15040| [80790] Oracle MySQL yaSSL buffer overflow
15041| [80553] Oracle MySQL and MariaDB salt security bypass
15042| [80443] Oracle MySQL Server unspecified code execution
15043| [80442] Oracle MySQL Server acl_get() buffer overflow
15044| [80440] Oracle MySQL Server table buffer overflow
15045| [80435] Oracle MySQL Server database privilege escalation
15046| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
15047| [80433] Oracle MySQL Server Stuxnet privilege escalation
15048| [80432] Oracle MySQL Server authentication information disclosure
15049| [79394] Oracle MySQL Server Server Installation information disclosure
15050| [79393] Oracle MySQL Server Server Replication denial of service
15051| [79392] Oracle MySQL Server Server Full Text Search denial of service
15052| [79391] Oracle MySQL Server Server denial of service
15053| [79390] Oracle MySQL Server Client information disclosure
15054| [79389] Oracle MySQL Server Server Optimizer denial of service
15055| [79388] Oracle MySQL Server Server Optimizer denial of service
15056| [79387] Oracle MySQL Server Server denial of service
15057| [79386] Oracle MySQL Server InnoDB Plugin denial of service
15058| [79385] Oracle MySQL Server InnoDB denial of service
15059| [79384] Oracle MySQL Server Client unspecified
15060| [79383] Oracle MySQL Server Server denial of service
15061| [79382] Oracle MySQL Server Protocol unspecified
15062| [79381] Oracle MySQL Server Information Schema unspecified
15063| [78954] SilverStripe MySQLDatabase.php information disclosure
15064| [78948] MySQL MyISAM table symlink
15065| [77865] MySQL unknown vuln
15066| [77864] MySQL sort order denial of service
15067| [77768] MySQLDumper refresh_dblist.php information disclosure
15068| [77177] MySQL Squid Access Report unspecified cross-site scripting
15069| [77065] Oracle MySQL Server Optimizer denial of service
15070| [77064] Oracle MySQL Server Optimizer denial of service
15071| [77063] Oracle MySQL Server denial of service
15072| [77062] Oracle MySQL InnoDB denial of service
15073| [77061] Oracle MySQL GIS Extension denial of service
15074| [77060] Oracle MySQL Server Optimizer denial of service
15075| [76189] MySQL unspecified error
15076| [76188] MySQL attempts security bypass
15077| [75287] MySQLDumper restore.php information disclosure
15078| [75286] MySQLDumper filemanagement.php directory traversal
15079| [75285] MySQLDumper main.php cross-site request forgery
15080| [75284] MySQLDumper install.php cross-site scripting
15081| [75283] MySQLDumper install.php file include
15082| [75282] MySQLDumper menu.php code execution
15083| [75022] Oracle MySQL Server Server Optimizer denial of service
15084| [75021] Oracle MySQL Server Server Optimizer denial of service
15085| [75020] Oracle MySQL Server Server DML denial of service
15086| [75019] Oracle MySQL Server Partition denial of service
15087| [75018] Oracle MySQL Server MyISAM denial of service
15088| [75017] Oracle MySQL Server Server Optimizer denial of service
15089| [74672] Oracle MySQL Server multiple unspecified
15090| [73092] MySQL unspecified code execution
15091| [72540] Oracle MySQL Server denial of service
15092| [72539] Oracle MySQL Server unspecified
15093| [72538] Oracle MySQL Server denial of service
15094| [72537] Oracle MySQL Server denial of service
15095| [72536] Oracle MySQL Server unspecified
15096| [72535] Oracle MySQL Server denial of service
15097| [72534] Oracle MySQL Server denial of service
15098| [72533] Oracle MySQL Server denial of service
15099| [72532] Oracle MySQL Server denial of service
15100| [72531] Oracle MySQL Server denial of service
15101| [72530] Oracle MySQL Server denial of service
15102| [72529] Oracle MySQL Server denial of service
15103| [72528] Oracle MySQL Server denial of service
15104| [72527] Oracle MySQL Server denial of service
15105| [72526] Oracle MySQL Server denial of service
15106| [72525] Oracle MySQL Server information disclosure
15107| [72524] Oracle MySQL Server denial of service
15108| [72523] Oracle MySQL Server denial of service
15109| [72522] Oracle MySQL Server denial of service
15110| [72521] Oracle MySQL Server denial of service
15111| [72520] Oracle MySQL Server denial of service
15112| [72519] Oracle MySQL Server denial of service
15113| [72518] Oracle MySQL Server unspecified
15114| [72517] Oracle MySQL Server unspecified
15115| [72516] Oracle MySQL Server unspecified
15116| [72515] Oracle MySQL Server denial of service
15117| [72514] Oracle MySQL Server unspecified
15118| [71965] MySQL port denial of service
15119| [70680] DBD::mysqlPP unspecified SQL injection
15120| [70370] TaskFreak! multi-mysql unspecified path disclosure
15121| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15122| [68294] MySQLDriverCS statement.cs sql injection
15123| [68175] Prosody MySQL denial of service
15124| [67539] Zend Framework MySQL PDO security bypass
15125| [67254] DirectAdmin MySQL information disclosure
15126| [66567] Xoops mysql.sql information disclosure
15127| [65871] PyWebDAV MySQLAuthHandler class SQL injection
15128| [65543] MySQL Select Arbitrary data into a File
15129| [65529] MySQL Eventum full_name field cross-site scripting
15130| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
15131| [65379] Oracle MySQL Eventum list.php cross-site scripting
15132| [65266] Accellion File Transfer Appliance MySQL default password
15133| [64878] MySQL Geometry denial of service
15134| [64877] MySQL EXPLAIN EXTENDED denial of service
15135| [64876] MySQL prepared statement denial of service
15136| [64845] MySQL extreme-value denial of service
15137| [64844] MySQL Gis_line_string::init_from_wkb denial of service
15138| [64843] MySQL user-variable denial of service
15139| [64842] MySQL view preparation denial of service
15140| [64841] MySQL prepared statement denial of service
15141| [64840] MySQL LONGBLOB denial of service
15142| [64839] MySQL invocations denial of service
15143| [64838] MySQL Gis_line_string::init_from_wkb denial of service
15144| [64689] MySQL dict0crea.c denial of service
15145| [64688] MySQL SET column denial of service
15146| [64687] MySQL BINLOG command denial of service
15147| [64686] MySQL InnoDB denial of service
15148| [64685] MySQL HANDLER interface denial of service
15149| [64684] MySQL Item_singlerow_subselect::store denial of service
15150| [64683] MySQL OK packet denial of service
15151| [63518] MySQL Query Browser GUI Tools information disclosure
15152| [63517] MySQL Administrator GUI Tools information disclosure
15153| [62272] MySQL PolyFromWKB() denial of service
15154| [62269] MySQL LIKE predicates denial of service
15155| [62268] MySQL joins denial of service
15156| [62267] MySQL GREATEST() or LEAST() denial of service
15157| [62266] MySQL GROUP_CONCAT() denial of service
15158| [62265] MySQL expression values denial of service
15159| [62264] MySQL temporary table denial of service
15160| [62263] MySQL LEAST() or GREATEST() denial of service
15161| [62262] MySQL replication privilege escalation
15162| [61739] MySQL WITH ROLLUP denial of service
15163| [61343] MySQL LOAD DATA INFILE denial of service
15164| [61342] MySQL EXPLAIN denial of service
15165| [61341] MySQL HANDLER denial of service
15166| [61340] MySQL BINLOG denial of service
15167| [61339] MySQL IN() or CASE denial of service
15168| [61338] MySQL SET denial of service
15169| [61337] MySQL DDL denial of service
15170| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
15171| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
15172| [61316] PHP php_mysqlnd_auth_write buffer overflow
15173| [61274] MySQL TEMPORARY InnoDB denial of service
15174| [59905] MySQL ALTER DATABASE denial of service
15175| [59841] CMySQLite updateUser.php cross-site request forgery
15176| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
15177| [59075] PHP php_mysqlnd_auth_write() buffer overflow
15178| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
15179| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
15180| [59072] PHP php_mysqlnd_ok_read() information disclosure
15181| [58842] MySQL DROP TABLE file deletion
15182| [58676] Template Shares MySQL information disclosure
15183| [58531] MySQL COM_FIELD_LIST buffer overflow
15184| [58530] MySQL packet denial of service
15185| [58529] MySQL COM_FIELD_LIST security bypass
15186| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
15187| [57925] MySQL UNINSTALL PLUGIN security bypass
15188| [57006] Quicksilver Forums mysqldump information disclosure
15189| [56800] Employee Timeclock Software mysqldump information disclosure
15190| [56200] Flex MySQL Connector ActionScript SQL injection
15191| [55877] MySQL yaSSL buffer overflow
15192| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
15193| [55416] MySQL unspecified buffer overflow
15194| [55382] Ublog UblogMySQL.sql information disclosure
15195| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
15196| [54597] MySQL sql_table.cc security bypass
15197| [54596] MySQL mysqld denial of service
15198| [54365] MySQL OpenSSL security bypass
15199| [54364] MySQL MyISAM table symlink
15200| [53950] The mysql-ocaml mysql_real_escape_string weak security
15201| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
15202| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
15203| [52660] iScouter PHP Web Portal MySQL Password Retrieval
15204| [52220] aa33code mysql.inc information disclosure
15205| [52122] MySQL Connector/J unicode SQL injection
15206| [51614] MySQL dispatch_command() denial of service
15207| [51406] MySQL Connector/NET SSL spoofing
15208| [49202] MySQL UDF command execution
15209| [49050] MySQL XPath denial of service
15210| [48919] Cisco Application Networking Manager MySQL default account password
15211| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15212| [47544] MySQL Calendar index.php SQL injection
15213| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
15214| [45649] MySQL MyISAM symlink security bypass
15215| [45648] MySQL MyISAM symlinks security bypass
15216| [45607] MySQL Quick Admin actions.php file include
15217| [45606] MySQL Quick Admin index.php file include
15218| [45590] MySQL command-line client cross-site scripting
15219| [45436] PromoteWeb MySQL go.php SQL injection
15220| [45042] MySQL empty bit-string literal denial of service
15221| [44662] mysql-lists unspecified cross-site scripting
15222| [42267] MySQL MyISAM security bypass
15223| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
15224| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
15225| [40920] MySQL sql_select.cc denial of service
15226| [40734] MySQL Server BINLOG privilege escalation
15227| [40350] MySQL password information disclosure
15228| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
15229| [39402] PHP LOCAL INFILE and MySQL extension security bypass
15230| [38999] aurora framework db_mysql.lib SQL injection
15231| [38990] MySQL federated engine denial of service
15232| [38989] MySQL DEFINER value privilege escalation
15233| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
15234| [38964] MySQL RENAME TABLE symlink
15235| [38733] ManageEngine EventLog Analyzer MySQL default password
15236| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
15237| [38189] MySQL default root password
15238| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
15239| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
15240| [36555] PHP MySQL extension multiple functions security bypass
15241| [35960] MySQL view privilege escalation
15242| [35959] MySQL CREATE TABLE LIKE information disclosure
15243| [35958] MySQL connection protocol denial of service
15244| [35291] MySQLDumper main.php security bypass
15245| [34811] MySQL udf_init and mysql_create_function command execution
15246| [34809] MySQL mysql_update privilege escalation
15247| [34349] MySQL ALTER information disclosure
15248| [34348] MySQL mysql_change_db privilege escalation
15249| [34347] MySQL RENAME TABLE weak security
15250| [34232] MySQL IF clause denial of service
15251| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
15252| [33285] Eve-Nuke mysql.php file include
15253| [32957] MySQL Commander dbopen.php file include
15254| [32933] cPanel load_language.php and mysqlconfig.php file include
15255| [32911] MySQL filesort function denial of service
15256| [32462] cPanel passwdmysql cross-site scripting
15257| [32288] RHSA-2006:0544 updates for mysql not installed
15258| [32266] MySQLNewsEngine affichearticles.php3 file include
15259| [31244] The Address Book MySQL export.php password information disclosure
15260| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
15261| [30760] BTSaveMySql URL file disclosure
15262| [30191] StoryStream mysql.php and mysqli.php file include
15263| [30085] MySQL MS-DOS device name denial of service
15264| [30031] Agora MysqlfinderAdmin.php file include
15265| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
15266| [29179] paBugs class.mysql.php file include
15267| [29120] ZoomStats MySQL file include
15268| [28448] MySQL case sensitive database name privilege escalation
15269| [28442] MySQL GRANT EXECUTE privilege escalation
15270| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
15271| [28202] MySQL multiupdate subselect query denial of service
15272| [28180] MySQL MERGE table security bypass
15273| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
15274| [27995] Opsware Network Automation System MySQL plaintext password
15275| [27904] MySQL date_format() format string
15276| [27635] MySQL Instance Manager denial of service
15277| [27212] MySQL SELECT str_to_date denial of service
15278| [26875] MySQL ASCII escaping SQL injection
15279| [26420] Apple Mac OS X MySQL Manager blank password
15280| [26236] MySQL login packet information disclosure
15281| [26232] MySQL COM_TABLE_DUMP buffer overflow
15282| [26228] MySQL sql_parce.cc information disclosure
15283| [26042] MySQL running
15284| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
15285| [24966] MySQL mysql_real_query logging bypass
15286| [24653] PAM-MySQL logging function denial of service
15287| [24652] PAM-MySQL authentication double free code execution
15288| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
15289| [24095] PHP ext/mysqli exception handling format string
15290| [23990] PHP mysql_connect() buffer overflow
15291| [23596] MySQL Auction search module could allow cross-site scripting
15292| [22642] RHSA-2005:334 updates for mysql not installed
15293| [21757] MySQL UDF library functions command execution
15294| [21756] MySQL LoadLibraryEx function denial of service
15295| [21738] MySQL UDF mysql_create_function function directory traversal
15296| [21737] MySQL user defined function buffer overflow
15297| [21640] MySQL Eventum multiple class SQL injection
15298| [21638] MySQL Eventum multiple scripts cross-site scripting
15299| [20984] xmysqladmin temporary file symlink
15300| [20656] MySQL mysql_install_db script symlink
15301| [20333] Plans MySQL password information disclosure
15302| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
15303| [19658] MySQL udf_init function gain access
15304| [19576] auraCMS mysql_fetch_row function path disclosure
15305| [18922] MySQL mysqlaccess script symlink attack
15306| [18824] MySQL UDF root privileges
15307| [18464] mysql_auth unspecified vulnerability
15308| [18449] Sugar Sales plaintext MySQL password
15309| [17783] MySQL underscore allows elevated privileges
15310| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
15311| [17667] MySQL UNION change denial of service
15312| [17666] MySQL ALTER TABLE RENAME bypass restriction
15313| [17493] MySQL libmysqlclient bulk inserts buffer overflow
15314| [17462] MySQLGuest AWSguest.php script cross-site scripting
15315| [17047] MySQL mysql_real_connect buffer overflow
15316| [17030] MySQL mysqlhotcopy insecure temporary file
15317| [16612] MySQL my_rnd buffer overflow
15318| [16604] MySQL check_scramble_323 function allows unauthorized access
15319| [15883] MySQL mysqld_multi script symlink attack
15320| [15617] MySQL mysqlbug script symlink attack
15321| [15417] Confixx db_mysql_loeschen2.php SQL injection
15322| [15280] Proofpoint Protection Server MySQL allows unauthorized access
15323| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
15324| [13153] MySQL long password buffer overflow
15325| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
15326| [12540] Teapop PostSQL and MySQL modules SQL injection
15327| [12337] MySQL mysql_real_connect function buffer overflow
15328| [11510] MySQL datadir/my.cnf modification could allow root privileges
15329| [11493] mysqlcc configuration and connection files are world writable
15330| [11340] SuckBot mod_mysql_logger denial of service
15331| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
15332| [10850] MySQL libmysql client read_one_row buffer overflow
15333| [10849] MySQL libmysql client read_rows buffer overflow
15334| [10848] MySQL COM_CHANGE_USER password buffer overflow
15335| [10847] MySQL COM_CHANGE_USER command password authentication bypass
15336| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
15337| [10483] Bugzilla stores passwords in plain text in the MySQL database
15338| [10455] gBook MySQL could allow administrative access
15339| [10243] MySQL my.ini "
15340| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
15341| [9909] MySQL logging disabled by default on Windows
15342| [9908] MySQL binding to the loopback adapter is disabled
15343| [9902] MySQL default root password could allow unauthorized access
15344| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
15345| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
15346| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
15347| [7206] WinMySQLadmin stores MySQL password in plain text
15348| [6617] MySQL "
15349| [6419] MySQL drop database command buffer overflow
15350| [6418] MySQL libmysqlclient.so buffer overflow
15351| [5969] MySQL select buffer overflow
15352| [5447] pam_mysql authentication input
15353| [5409] MySQL authentication algorithm obtain password hash
15354| [5057] PCCS MySQL Database Admin Tool could reveal username and password
15355| [4228] MySQL unauthenticated remote access
15356| [3849] MySQL default test account could allow any user to connect to the database
15357| [1568] MySQL creates readable log files
15358|
15359| Exploit-DB - https://www.exploit-db.com:
15360| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
15361| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
15362| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
15363| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
15364| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
15365| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
15366| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
15367| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
15368| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
15369| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
15370| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
15371| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
15372| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
15373|
15374| OpenVAS (Nessus) - http://www.openvas.org:
15375| [53251] Debian Security Advisory DSA 562-1 (mysql)
15376| [53230] Debian Security Advisory DSA 540-1 (mysql)
15377|
15378| SecurityTracker - https://www.securitytracker.com:
15379| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
15380| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
15381| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
15382| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
15383| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
15384| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
15385| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
15386| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
15387| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
15388| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
15389| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
15390| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
15391| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
15392| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
15393| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
15394| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
15395| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
15396| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
15397| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
15398| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
15399| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
15400| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
15401| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
15402| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
15403| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
15404| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
15405| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
15406| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
15407| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
15408| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
15409| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
15410| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
15411| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
15412| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
15413| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
15414| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
15415| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
15416| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
15417| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
15418| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
15419| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
15420| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
15421| [1016790] MySQL Replication Error Lets Local Users Deny Service
15422| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
15423| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
15424| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
15425| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
15426| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
15427| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
15428| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
15429| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
15430| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
15431| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
15432| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
15433| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
15434| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
15435| [1014172] xMySQLadmin Lets Local Users Delete Files
15436| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
15437| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
15438| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
15439| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
15440| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
15441| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
15442| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
15443| [1012500] mysql_auth Memory Leak Has Unspecified Impact
15444| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
15445| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
15446| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
15447| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
15448| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
15449| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
15450| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
15451| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
15452| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
15453| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
15454| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
15455| [1007518] DWebPro Discloses MySQL Database Password to Local Users
15456| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
15457| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
15458| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
15459| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
15460| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
15461| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
15462| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
15463| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
15464| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
15465| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
15466| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
15467| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
15468| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
15469|
15470| OSVDB - http://www.osvdb.org:
15471| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
15472| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
15473| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
15474| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
15475| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
15476| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
15477| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
15478| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
15479| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
15480| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
15481| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
15482| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
15483| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
15484| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
15485| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
15486| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
15487| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
15488| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
15489| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
15490| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
15491| [93174] MySQL Crafted Derived Table Handling DoS
15492| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
15493| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
15494| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
15495| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
15496| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
15497| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
15498| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
15499| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
15500| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
15501| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
15502| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
15503| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
15504| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
15505| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
15506| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
15507| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
15508| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
15509| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
15510| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
15511| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
15512| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
15513| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
15514| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
15515| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
15516| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
15517| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
15518| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
15519| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
15520| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
15521| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
15522| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
15523| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
15524| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
15525| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
15526| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
15527| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
15528| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
15529| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
15530| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
15531| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
15532| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
15533| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
15534| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
15535| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
15536| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
15537| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
15538| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
15539| [89042] ViciBox Server MySQL cron Service Default Credentials
15540| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
15541| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
15542| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
15543| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
15544| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
15545| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
15546| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
15547| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
15548| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
15549| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
15550| [87480] MySQL Malformed XML Comment Handling DoS
15551| [87466] MySQL SSL Certificate Revocation Weakness
15552| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
15553| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
15554| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
15555| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
15556| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
15557| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
15558| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
15559| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
15560| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
15561| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
15562| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
15563| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
15564| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
15565| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
15566| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
15567| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
15568| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
15569| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
15570| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
15571| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
15572| [84719] MySQLDumper index.php page Parameter XSS
15573| [84680] MySQL Squid Access Report access.log File Path XSS
15574| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
15575| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
15576| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
15577| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
15578| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
15579| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
15580| [83661] Oracle MySQL Unspecified Issue (59533)
15581| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
15582| [82803] Oracle MySQL Unspecified Issue (59387)
15583| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
15584| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
15585| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
15586| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
15587| [81614] MySQLDumper File Upload PHP Code Execution
15588| [81613] MySQLDumper main.php Multiple Function CSRF
15589| [81612] MySQLDumper restore.php filename Parameter XSS
15590| [81611] MySQLDumper sql.php Multiple Parameter XSS
15591| [81610] MySQLDumper install.php Multiple Parameter XSS
15592| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
15593| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
15594| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
15595| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
15596| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
15597| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
15598| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
15599| [81059] Oracle MySQL Server Multiple Unspecified Issues
15600| [79038] Webmin Process Listing MySQL Password Local Disclosure
15601| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
15602| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
15603| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
15604| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
15605| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
15606| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
15607| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
15608| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
15609| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
15610| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
15611| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
15612| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
15613| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
15614| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
15615| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
15616| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
15617| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
15618| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
15619| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
15620| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
15621| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
15622| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
15623| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
15624| [78375] Oracle MySQL Server Unspecified Local DoS
15625| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
15626| [78373] Oracle MySQL Server Unspecified Local Issue
15627| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
15628| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
15629| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
15630| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
15631| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
15632| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
15633| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
15634| [77040] DBD::mysqlPP Unspecified SQL Injection
15635| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
15636| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
15637| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
15638| [73387] Zend Framework PDO_MySql Character Set Security Bypass
15639| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
15640| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
15641| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
15642| [71368] Accellion File Transfer Appliance Weak MySQL root Password
15643| [70967] MySQL Eventum Admin User Creation CSRF
15644| [70966] MySQL Eventum preferences.php full_name Parameter XSS
15645| [70961] MySQL Eventum list.php Multiple Parameter XSS
15646| [70960] MySQL Eventum forgot_password.php URI XSS
15647| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
15648| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
15649| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
15650| [69395] MySQL Derived Table Grouping DoS
15651| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
15652| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
15653| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
15654| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
15655| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
15656| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
15657| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
15658| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
15659| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
15660| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
15661| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
15662| [68996] MySQL EXPLAIN EXTENDED Statement DoS
15663| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
15664| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
15665| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
15666| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
15667| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
15668| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
15669| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
15670| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
15671| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
15672| [67381] MySQL InnoDB Temporary Table Handling DoS
15673| [67380] MySQL BINLOG Statement Unspecified Argument DoS
15674| [67379] MySQL Multiple Operation NULL Argument Handling DoS
15675| [67378] MySQL Unique SET Column Join Statement Remote DoS
15676| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
15677| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
15678| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
15679| [66731] PHP Bundled MySQL Library Unspecified Issue
15680| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
15681| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
15682| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
15683| [65085] MySQL Enterprise Monitor Unspecified CSRF
15684| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
15685| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
15686| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
15687| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
15688| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
15689| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
15690| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
15691| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
15692| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
15693| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
15694| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
15695| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
15696| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
15697| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
15698| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
15699| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
15700| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
15701| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
15702| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
15703| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
15704| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
15705| [59907] MySQL on Windows bind-address Remote Connection Weakness
15706| [59906] MySQL on Windows Default Configuration Logging Weakness
15707| [59616] MySQL Hashed Password Weakness
15708| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
15709| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
15710| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
15711| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
15712| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
15713| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
15714| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
15715| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
15716| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
15717| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
15718| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
15719| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
15720| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15721| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
15722| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
15723| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
15724| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
15725| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15726| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
15727| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
15728| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
15729| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15730| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15731| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
15732| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
15733| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
15734| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
15735| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
15736| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
15737| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
15738| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
15739| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
15740| [52464] MySQL charset Column Truncation Weakness
15741| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
15742| [52378] Cisco ANM MySQL root Account Default Password
15743| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
15744| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
15745| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
15746| [50892] MySQL Calendar index.php username Parameter SQL Injection
15747| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
15748| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
15749| [48710] MySQL Command Line Client HTML Output XSS
15750| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
15751| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
15752| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
15753| [47789] mysql-lists Unspecified XSS
15754| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
15755| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
15756| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
15757| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
15758| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
15759| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
15760| [43179] MySQL Server BINLOG Statement Rights Checking Failure
15761| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
15762| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
15763| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
15764| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
15765| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
15766| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
15767| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
15768| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
15769| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
15770| [39279] PHP mysql_error() Function XSS
15771| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
15772| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
15773| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
15774| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
15775| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
15776| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
15777| [37782] MySQL Community Server External Table View Privilege Escalation
15778| [37781] MySQL ALTER TABLE Information Disclosure
15779| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
15780| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
15781| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
15782| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
15783| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
15784| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
15785| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
15786| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
15787| [36251] Associated Press (AP) Newspower Default MySQL root Password
15788| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
15789| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
15790| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
15791| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
15792| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
15793| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
15794| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
15795| [33974] MySQL information_schema Table Subselect Single-Row DoS
15796| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
15797| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
15798| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
15799| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
15800| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
15801| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
15802| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
15803| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
15804| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
15805| [32056] BTSaveMySql Direct Request Config File Disclosure
15806| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
15807| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
15808| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
15809| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
15810| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
15811| [29696] MySQLDumper sql.php db Parameter XSS
15812| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
15813| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
15814| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
15815| [28288] MySQL Instance_options::complete_initialization Function Overflow
15816| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
15817| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
15818| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
15819| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
15820| [28012] MySQL Case Sensitivity Unauthorized Database Creation
15821| [27919] MySQL VIEW Access information_schema.views Information Disclosure
15822| [27703] MySQL MERGE Table Privilege Persistence
15823| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
15824| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
15825| [27416] MySQL Server time.cc date_format Function Format String
15826| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
15827| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
15828| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
15829| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
15830| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
15831| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
15832| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
15833| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
15834| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
15835| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
15836| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
15837| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
15838| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
15839| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
15840| [25595] Apple Mac OS X MySQL Manager Blank root Password
15841| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
15842| [25227] MySQL COM_TABLE_DUMP Packet Overflow
15843| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
15844| [24245] Cholod Mysql Based Message Board Unspecified XSS
15845| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
15846| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
15847| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
15848| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
15849| [23526] MySQL Query NULL Charcter Logging Bypass
15850| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
15851| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
15852| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
15853| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
15854| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
15855| [22479] PHP mysqli Extension Error Message Format String
15856| [22232] PHP Pipe Variable mysql_connect() Function Overflow
15857| [21685] MySQL Auction Search Module keyword XSS
15858| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
15859| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
15860| [19457] aMember Pro mysql.inc.php Remote File Inclusion
15861| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
15862| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
15863| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
15864| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
15865| [18896] MySQL User-Defined Function init_syms() Function Overflow
15866| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
15867| [18894] MySQL drop database Request Remote Overflow
15868| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
15869| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
15870| [18406] MySQL Eventum releases.php SQL Injection
15871| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
15872| [18404] MySQL Eventum custom_fields.php SQL Injection
15873| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
15874| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
15875| [18401] MySQL Eventum list.php release Parameter XSS
15876| [18400] MySQL Eventum view.php id Parameter XSS
15877| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
15878| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
15879| [17223] xMySQLadmin Symlink Arbitrary File Deletion
15880| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
15881| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
15882| [16056] Plans Unspecified mySQL Remote Password Disclosure
15883| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
15884| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
15885| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
15886| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
15887| [14748] MySQL MS-DOS Device Names Request DoS
15888| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
15889| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
15890| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
15891| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
15892| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
15893| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
15894| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
15895| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
15896| [12919] MySQL MaxDB WebAgent websql Remote Overflow
15897| [12779] MySQL User Defined Function Privilege Escalation
15898| [12609] MySQL Eventum projects.php Multiple Parameter XSS
15899| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
15900| [12607] MySQL Eventum forgot_password.php email Parameter XSS
15901| [12606] MySQL Eventum index.php email Parameter XSS
15902| [12605] MySQL Eventum Default Vendor Account
15903| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
15904| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
15905| [11689] Roxen Web Server MySQL Socket Permission Weakness
15906| [10985] MySQL MATCH..AGAINST Query DoS
15907| [10959] MySQL GRANT ALL ON Privilege Escalation
15908| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
15909| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
15910| [10658] MySQL mysql_real_connect() Function Remote Overflow
15911| [10532] MySQL MaxDB webdbm Server Field DoS
15912| [10491] AWS MySQLguest AWSguest.php Script Insertion
15913| [10244] MySQL libmysqlclient Prepared Statements API Overflow
15914| [10226] MySQLGuest AWSguest.php Multiple Field XSS
15915| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
15916| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
15917| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
15918| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
15919| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
15920| [9907] MySQL SELECT Statement String Handling Overflow
15921| [9906] MySQL GRANT Privilege Arbitrary Password Modification
15922| [9509] teapop MySQL Authentication Module SQL Injection
15923| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
15924| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
15925| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
15926| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
15927| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
15928| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
15929| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
15930| [8886] MySQL libmysqlclient Library read_one_row Overflow
15931| [8885] MySQL libmysqlclient Library read_rows Overflow
15932| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
15933| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
15934| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
15935| [7128] MySQL show database Database Name Exposure
15936| [6716] MySQL Database Engine Weak Authentication Information Disclosure
15937| [6605] MySQL mysqld Readable Log File Information Disclosure
15938| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
15939| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
15940| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
15941| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
15942| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
15943| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
15944| [520] MySQL Database Name Traversal Arbitrary File Modification
15945| [380] MySQL Server on Windows Default Null Root Password
15946| [261] MySQL Short Check String Authentication Bypass
15947|_
159485222/tcp closed xmpp-client
1594950000/tcp closed ibm-db2
1595050001/tcp closed unknown
1595150002/tcp closed iiimsf
1595250003/tcp closed unknown
1595350006/tcp closed unknown
1595450300/tcp closed unknown
1595550389/tcp closed unknown
1595650500/tcp closed unknown
1595750636/tcp closed unknown
1595850800/tcp closed unknown
15959Service Info: Host: p3plcpnl0719.prod.phx3.secureserver.net
15960#################################################################################################################################
15961 Anonymous JTSEC #OpDomesticTerrorism Full Recon #7